urlscan.io logo urlscan.io
SecurityTrails logo

threatpost.com Open in urlscan Pro
35.173.160.135  Public Scan

Go To Rescan Add Verdict Report
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Submission: On April 16 via manual from QA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 114 IPs in 9 countries across 93 domains to perform 474 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 160848.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.
This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
34 35.173.160.135 14618 (AMAZON-AES)
9 65.9.7.86 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700:303... 13335 (CLOUDFLAR...)
14 2600:9000:231... 16509 (AMAZON-02)
14 2600:9000:214... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
1 185.85.15.23 200107 (KL-EXT)
5 108.156.255.177 16509 (AMAZON-02)
1 9 151.101.194.137 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
1 104.89.31.187 16625 (AKAMAI-AS)
1 46.105.202.126 16276 (OVH)
12 142.250.186.130 15169 (GOOGLE)
7 151.101.130.137 54113 (FASTLY)
9 18.223.222.71 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 34.240.59.138 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
3 5 2620:116:800d... 16509 (AMAZON-02)
1 199.232.188.157 54113 (FASTLY)
1 52.49.126.217 16509 (AMAZON-02)
2 13.36.218.177 16509 (AMAZON-02)
1 1 54.75.68.230 16509 (AMAZON-02)
1 2600:9000:206... 16509 (AMAZON-02)
1 104.244.42.67 13414 (TWITTER)
1 104.244.42.197 13414 (TWITTER)
3 2a00:1450:400... 15169 (GOOGLE)
2 51.89.21.8 16276 (OVH)
9 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
11 35.157.246.167 16509 (AMAZON-02)
5 213.19.147.42 26120 (RHYTHMONE)
1 19 34.98.64.218 15169 (GOOGLE)
1 3 147.75.38.124 54825 (PACKET)
5 16 185.33.221.13 29990 (ASN-APPNEX)
3 104.92.100.195 16625 (AKAMAI-AS)
3 185.64.189.112 62713 (AS-PUBMATIC)
1 64.140.160.2 18450 (WEBNX)
3 18.158.84.255 16509 (AMAZON-02)
4 2602:803:c004... 26667 (RUBICONPR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 7 178.128.135.80 14061 (DIGITALOC...)
1 4 72.251.249.9 29791 (VOXEL-DOT...)
10 54.154.244.32 16509 (AMAZON-02)
3 18.193.253.159 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:ef:... 20940 (AKAMAI-ASN1)
3 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2 142.250.186.70 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
8 143.204.202.123 16509 (AMAZON-02)
3 34 13.248.245.213 16509 (AMAZON-02)
1 2a02:2638::2 44788 (ASN-CRITE...)
1 2a02:2638:1::4 44788 (ASN-CRITE...)
6 74.121.143.246 30419 (MEDIAMATH...)
3 6 35.71.131.137 16509 (AMAZON-02)
7 14 142.250.186.34 15169 (GOOGLE)
2 3 2a05:d018:d29... 16509 (AMAZON-02)
6 6 18.193.145.56 16509 (AMAZON-02)
2 2 54.170.158.38 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
3 6 209.54.180.3 16509 (AMAZON-02)
3 3 70.42.32.159 22075 (AS-OUTBRAIN)
8 2a02:2638::3 44788 (ASN-CRITE...)
1 178.250.2.148 44788 (ASN-CRITE...)
8 8 52.50.60.18 16509 (AMAZON-02)
2 2 54.159.94.231 14618 (AMAZON-AES)
3 3 52.86.49.126 14618 (AMAZON-AES)
2 2 151.101.130.49 54113 (FASTLY)
2 2 18.184.64.118 16509 (AMAZON-02)
1 1 2001:678:cb4:... 56396 (AMOBEE)
4 4 216.200.232.253 30419 (MEDIAMATH...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 178.250.2.135 44788 (ASN-CRITE...)
2 178.250.0.162 44788 (ASN-CRITE...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 138.201.63.149 24940 (HETZNER-AS)
2 23.35.228.210 16625 (AKAMAI-AS)
2 9 144.76.91.199 24940 (HETZNER-AS)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 178.250.2.146 44788 (ASN-CRITE...)
5 104.102.28.254 20940 (AKAMAI-ASN1)
3 151.101.129.108 54113 (FASTLY)
3 10 104.102.29.65 20940 (AKAMAI-ASN1)
4 4 37.157.6.252 198622 (ADFORM)
7 37.157.4.29 198622 (ADFORM)
26 37.157.5.73 198622 (ADFORM)
6 23.205.235.133 16625 (AKAMAI-AS)
1 1 134.209.129.254 ()
1 205.185.216.10 ()
1 2620:1ec:46::45 ()
1 66.155.71.25 ()
1 1 44.200.208.73 ()
1 2a02:fa8:8806... ()
2 4 52.94.223.167 ()
1 2 54.66.168.86 ()
1 3.218.231.183 ()
4 4 3.122.208.3 ()
2 2 185.184.10.30 ()
1 192.132.33.46 ()
1 35.186.253.211 ()
1 1 185.64.189.110 ()
2 2 198.148.27.140 ()
4 185.86.137.133 ()
1 14 52.17.2.116 ()
1 67.202.105.24 ()
1 51.89.9.252 ()
2 185.86.137.108 ()
1 1 216.52.2.19 ()
6 6 213.19.147.45 ()
1 1 193.0.160.128 ()
3 178.162.133.149 ()
2 2 3.126.56.137 ()
2 4 69.173.144.139 ()
4 4 69.173.144.138 ()
1 35.244.174.68 ()
1 2a00:1288:80:... ()
1 1 23.88.75.189 ()
1 185.255.84.153 ()
1 1 185.33.221.87 ()
1 34.98.67.61 ()
3 3 64.202.112.159 ()
2 8.43.72.98 ()
1 132.226.41.106 ()
2 169.197.150.7 ()
1 1 104.92.72.137 ()
2 2 54.194.18.46 ()
3 34.241.76.6 ()
2 2 104.92.74.8 ()
2 3 18.195.155.181 ()
1 1 202.241.208.53 ()
2 2 185.184.8.90 ()
1 2606:4700:20:... ()
1 1 108.128.72.205 ()
1 178.162.133.148 ()
2 2 18.194.10.133 ()
2 2 34.200.203.167 ()
1 2600:1f18:444... ()
474 114
34    35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com
threatpost.com
kasperskycontenthub.com
9    65.9.7.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-7-86.fra56.r.cloudfront.net
tagan.adlightning.com
1    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
7    2606:4700:3030::ac43:cf70 (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
14    2600:9000:2315:5600:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.threatpost.com
14    2600:9000:214f:9e00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)
media.threatpost.com
5    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    185.85.15.23 (Germany)

ASN200107 (KL-EXT, CH)
media.kaspersky.com
5    108.156.255.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-255-177.dus51.r.cloudfront.net
c.amazon-adsystem.com
9    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
capi.connatix.com
img.connatix.com
5    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    104.89.31.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-187.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    46.105.202.126 (France)

ASN16276 (OVH, FR)
cdn.id5-sync.com
12    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
securepubads.g.doubleclick.net
www.googletagservices.com
7    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
lit.connatix.com
vid.connatix.com
9    18.223.222.71 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-223-222-71.us-east-2.compute.amazonaws.com
capi-tier-2-us-east-2.connatix.com
4    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    34.240.59.138 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-59-138.eu-west-1.compute.amazonaws.com
dpm.demdex.net
6    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
cms.quantserve.com
1    199.232.188.157 (Munich, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    52.49.126.217 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-126-217.eu-west-1.compute.amazonaws.com
kaspersky.demdex.net
2    13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
kaspersky.d3.sc.omtrdc.net
1    54.75.68.230 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-68-230.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    2600:9000:206f:600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    104.244.42.67 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
3    2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    51.89.21.8 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p29.id5-sync.com
id5-sync.com
9    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
11    35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
5    213.19.147.42 (Utrecht, Netherlands)

ASN26120 (RHYTHMONE, US)
tag.1rx.io
19    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
teachingaids-d.openx.net
u.openx.net
eu-u.openx.net
us-u.openx.net
gift-connect-d.openx.net
3    147.75.38.124 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
16    185.33.221.13 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
3    104.92.100.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-100-195.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
3    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com
geo.ipify.org
3    18.158.84.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-84-255.eu-central-1.compute.amazonaws.com
tlx.3lift.com
4    2602:803:c004:200::143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
7    178.128.135.80 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
4    72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
10    54.154.244.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
ads.servenobid.com
3    18.193.253.159 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
2    2a00:1450:400c:c0b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a02:26f0:ef::5c7b:c25a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
5    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net
9582686.fls.doubleclick.net
2    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
1    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
6    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
8    143.204.202.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-123.fra53.r.cloudfront.net
ib.3lift.com
34    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
rtb.fr.eu.criteo.com
1    2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
ads.eu.criteo.com
6    74.121.143.246 (United States)

ASN30419 (MEDIAMATH-INC, US)
tags.mathtag.com
6    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
14    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
cm.g.doubleclick.net
3    2a05:d018:d29:3601:cf48:bf87:67aa:ca6e (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
6    18.193.145.56 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-145-56.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    54.170.158.38 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-158-38.eu-west-1.compute.amazonaws.com
ads.avct.cloud
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
6    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
3    70.42.32.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
8    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
cat.nl.eu.criteo.com
8    52.50.60.18 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-60-18.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
2    54.159.94.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-94-231.compute-1.amazonaws.com
sync.ipredictive.com
3    52.86.49.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-49-126.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
2    18.184.64.118 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-64-118.eu-central-1.compute.amazonaws.com
rtb.mfadsrvr.com
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
4    216.200.232.253 (Monrovia, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com
pix.eu.criteo.net
2    178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
csm.eu.criteo.net
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    138.201.63.149 (Reilingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de
hal9000.redintelligence.net
2    23.35.228.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-210.deploy.static.akamaitechnologies.com
pixel.mathtag.com
9    144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de
hal900018.redintelligence.net
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
5    104.102.28.254 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-254.deploy.static.akamaitechnologies.com
ads.pubmatic.com
3    151.101.129.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
10    104.102.29.65 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com
js-sec.indexww.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
4    37.157.6.252 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net
c1.adform.net
7    37.157.4.29 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
26    37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
6    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    134.209.129.254 (None, )

ASN- ()
sync.serverbid.com
1    205.185.216.10 (None, )

ASN- ()
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1    2620:1ec:46::45 (None, )

ASN- ()
public.servenobid.com
1    66.155.71.25 (None, )

ASN- ()
pixel-sync.sitescout.com
1    44.200.208.73 (None, )

ASN- ()
sync.hgrtb.com
1    2a02:fa8:8806:16::1370 (None, )

ASN- ()
triplelift-match.dotomi.com
4    52.94.223.167 (None, )

ASN- ()
aax-eu.amazon-adsystem.com
2    54.66.168.86 (None, )

ASN- ()
sasinator.realestate.com.au
1    3.218.231.183 (None, )

ASN- ()
usersync.getpublica.com
4    3.122.208.3 (None, )

ASN- ()
pm.w55c.net
2    185.184.10.30 (None, )

ASN- ()
us.creativecdn.com
1    192.132.33.46 (None, )

ASN- ()
bttrack.com
1    35.186.253.211 (None, )

ASN- ()
rtb.openx.net
1    185.64.189.110 (None, )

ASN- ()
image2.pubmatic.com
2    198.148.27.140 (None, )

ASN- ()
bh.contextweb.com
4    185.86.137.133 (None, )

ASN- ()
rtb-csync.smartadserver.com
14    52.17.2.116 (None, )

ASN- ()
g2.gumgum.com
rtb.gumgum.com
1    67.202.105.24 (None, )

ASN- ()
pixel.33across.com
1    51.89.9.252 (None, )

ASN- ()
onetag-sys.com
2    185.86.137.108 (None, )

ASN- ()
ssbsync.smartadserver.com
1    216.52.2.19 (None, )

ASN- ()
ce.lijit.com
6    213.19.147.45 (None, )

ASN- ()
sync.1rx.io
1    193.0.160.128 (None, )

ASN- ()
p.rfihub.com
3    178.162.133.149 (None, )

ASN- ()
sync.go.sonobi.com
2    3.126.56.137 (None, )

ASN- ()
ups.analytics.yahoo.com
4    69.173.144.139 (None, )

ASN- ()
pixel.rubiconproject.com
4    69.173.144.138 (None, )

ASN- ()
token.rubiconproject.com
1    35.244.174.68 (None, )

ASN- ()
id.rlcdn.com
1    2a00:1288:80:807::2 (None, )

ASN- ()
ads.yahoo.com
1    23.88.75.189 (None, )

ASN- ()
csync.loopme.me
1    185.255.84.153 (None, )

ASN- ()
visitor.omnitagjs.com
1    185.33.221.87 (None, )

ASN- ()
secure.adnxs.com
1    34.98.67.61 (None, )

ASN- ()
odr.mookie1.com
3    64.202.112.159 (None, )

ASN- ()
sync.outbrain.com
2    8.43.72.98 (None, )

ASN- ()
pixel-us-east.rubiconproject.com
1    132.226.41.106 (None, )

ASN- ()
sync.technoratimedia.com
2    169.197.150.7 (None, )

ASN- ()
match.deepintent.com
1    104.92.72.137 (None, )

ASN- ()
stags.bluekai.com
2    54.194.18.46 (None, )

ASN- ()
ad.360yield.com
3    34.241.76.6 (None, )

ASN- ()
usersync.gumgum.com
2    104.92.74.8 (None, )

ASN- ()
secure-assets.rubiconproject.com
3    18.195.155.181 (None, )

ASN- ()
cs.emxdgt.com
1    202.241.208.53 (None, )

ASN- ()
tg.socdm.com
2    185.184.8.90 (None, )

ASN- ()
creativecdn.com
1    2606:4700:20::681a:ad1 (None, )

ASN- ()
ad4m.at
1    108.128.72.205 (None, )

ASN- ()
d.adroll.com
1    178.162.133.148 (None, )

ASN- ()
go.sonobi.com
2    18.194.10.133 (None, )

ASN- ()
pixel.advertising.com
2    34.200.203.167 (None, )

ASN- ()
i.liadm.com
1    2600:1f18:444a:4680:6bbe:49e:bc45:59 (None, )

ASN- ()
i6.liadm.com
Apex Domain
Subdomains		 Transfer
60 threatpost.com
threatpost.com — Cisco Umbrella Rank: 160848
assets.threatpost.com — Cisco Umbrella Rank: 463068
media.threatpost.com — Cisco Umbrella Rank: 346096
1 MB
45 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 569
ib.3lift.com — Cisco Umbrella Rank: 1160
eb2.3lift.com — Cisco Umbrella Rank: 400
196 KB
37 adform.net
c1.adform.net — Cisco Umbrella Rank: 577
track.adform.net — Cisco Umbrella Rank: 4449
s1.adform.net — Cisco Umbrella Rank: 9664
460 KB
27 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193
stats.g.doubleclick.net — Cisco Umbrella Rank: 95
9582686.fls.doubleclick.net — Cisco Umbrella Rank: 348046
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
171 KB
25 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3305
cds.connatix.com — Cisco Umbrella Rank: 3432
capi.connatix.com — Cisco Umbrella Rank: 3684
lit.connatix.com — Cisco Umbrella Rank: 7321
capi-tier-2-us-east-2.connatix.com — Cisco Umbrella Rank: 4179
vid.connatix.com — Cisco Umbrella Rank: 4148
img.connatix.com — Cisco Umbrella Rank: 3984
2 MB
22 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 458
eus.rubiconproject.com — Cisco Umbrella Rank: 567
pixel.rubiconproject.com
token.rubiconproject.com
pixel-us-east.rubiconproject.com
secure-assets.rubiconproject.com
41 KB
20 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 248
acdn.adnxs.com — Cisco Umbrella Rank: 597
secure.adnxs.com
75 KB
20 openx.net
teachingaids-d.openx.net — Cisco Umbrella Rank: 24065
u.openx.net — Cisco Umbrella Rank: 709
eu-u.openx.net — Cisco Umbrella Rank: 2042
us-u.openx.net — Cisco Umbrella Rank: 411
rtb.openx.net
gift-connect-d.openx.net
4 KB
17 gumgum.com
g2.gumgum.com
rtb.gumgum.com
usersync.gumgum.com
5 KB
17 yahoo.com
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1137
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 846
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474
ups.analytics.yahoo.com
ads.yahoo.com
5 KB
17 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
95 KB
15 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 302
s.amazon-adsystem.com — Cisco Umbrella Rank: 281
aax-eu.amazon-adsystem.com
48 KB
14 criteo.net
static.criteo.net — Cisco Umbrella Rank: 632
pix.eu.criteo.net — Cisco Umbrella Rank: 7400
csm.eu.criteo.net — Cisco Umbrella Rank: 7420
137 KB
12 mathtag.com
tags.mathtag.com — Cisco Umbrella Rank: 2919
sync.mathtag.com — Cisco Umbrella Rank: 445
pixel.mathtag.com — Cisco Umbrella Rank: 1233
7 KB
11 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 31596
hal900018.redintelligence.net — Cisco Umbrella Rank: 248315
15 KB
11 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1888
public.servenobid.com
8 KB
11 1rx.io
tag.1rx.io — Cisco Umbrella Rank: 1334
sync.1rx.io
3 KB
10 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 463
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
9 KB
9 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 457
ads.pubmatic.com — Cisco Umbrella Rank: 461
image2.pubmatic.com
30 KB
9 adlightning.com
tagan.adlightning.com — Cisco Umbrella Rank: 1459
204 KB
8 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 503
3 KB
8 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 3253
sync.serverbid.com
1 KB
7 criteo.com
rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 13058
ads.eu.criteo.com — Cisco Umbrella Rank: 7422
cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9555
gum.criteo.com — Cisco Umbrella Rank: 383
mug.criteo.com — Cisco Umbrella Rank: 2668
50 KB
7 admetricspro.com
qd.admetricspro.com — Cisco Umbrella Rank: 25345
325 KB
6 smartadserver.com
rtb-csync.smartadserver.com
ssbsync.smartadserver.com
2 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 289
3 KB
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 355
2 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 482
www.linkedin.com — Cisco Umbrella Rank: 603
px4.ads.linkedin.com — Cisco Umbrella Rank: 4702
4 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
40 KB
6 google.com
www.google.com — Cisco Umbrella Rank: 4
adservice.google.com — Cisco Umbrella Rank: 77
3 KB
5 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 607
ce.lijit.com
2 KB
5 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 975
pixel.quantserve.com — Cisco Umbrella Rank: 423
cms.quantserve.com — Cisco Umbrella Rank: 1127
11 KB
5 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 417
fonts.googleapis.com — Cisco Umbrella Rank: 46
742 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
385 KB
4 sonobi.com
sync.go.sonobi.com
go.sonobi.com
2 KB
4 creativecdn.com
us.creativecdn.com
creativecdn.com
1 KB
4 w55c.net
pm.w55c.net
3 KB
4 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
137 KB
3 liadm.com
i.liadm.com
i6.liadm.com
1 KB
3 emxdgt.com
cs.emxdgt.com
465 B
3 outbrain.com
sync.outbrain.com
1 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 723
5 KB
3 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 835
1 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 593
2 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 897
2 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 5383
adservice.google.de — Cisco Umbrella Rank: 7579
1 KB
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1077
337 B
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1173
808 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1879
mp.4dex.io — Cisco Umbrella Rank: 2587
24 KB
3 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
108 KB
3 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1009
sync-tm.everesttech.net — Cisco Umbrella Rank: 576
891 B
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
kaspersky.demdex.net — Cisco Umbrella Rank: 261230
5 KB
3 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1681
id5-sync.com — Cisco Umbrella Rank: 699
12 KB
2 advertising.com
pixel.advertising.com
627 B
2 360yield.com
ad.360yield.com
623 B
2 deepintent.com
match.deepintent.com
60 B
2 contextweb.com
bh.contextweb.com
880 B
2 realestate.com.au
sasinator.realestate.com.au
1 KB
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 866
1 KB
2 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1068
890 B
2 avct.cloud
ads.avct.cloud — Cisco Umbrella Rank: 2853
898 B
2 omtrdc.net
kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 233454
563 B
2 gstatic.com
www.gstatic.com
fonts.gstatic.com
174 KB
2 kasperskycontenthub.com
kasperskycontenthub.com — Cisco Umbrella Rank: 397119
1 KB
1 adroll.com
d.adroll.com
112 B
1 ad4m.at
ad4m.at
1 socdm.com
tg.socdm.com
700 B
1 bluekai.com
stags.bluekai.com
1 KB
1 technoratimedia.com
sync.technoratimedia.com
293 B
1 mookie1.com
odr.mookie1.com
324 B
1 omnitagjs.com
visitor.omnitagjs.com
158 B
1 loopme.me
csync.loopme.me
243 B
1 rlcdn.com
id.rlcdn.com
1 rfihub.com
p.rfihub.com
755 B
1 onetag-sys.com
onetag-sys.com
814 B
1 33across.com
pixel.33across.com
1 bttrack.com
bttrack.com
380 B
1 getpublica.com
usersync.getpublica.com
198 B
1 dotomi.com
triplelift-match.dotomi.com
104 B
1 hgrtb.com
sync.hgrtb.com
259 B
1 sitescout.com
pixel-sync.sitescout.com
191 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
5 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
5 KB
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 769
412 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 234
594 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 913
3 KB
1 ipify.org
geo.ipify.org — Cisco Umbrella Rank: 59009
643 B
1 t.co
t.co — Cisco Umbrella Rank: 476
338 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 524
459 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 903
353 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 619
6 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1654
17 KB
1 kaspersky.com
media.kaspersky.com — Cisco Umbrella Rank: 133247
49 KB
474 93
Domain Requested by
34 eb2.3lift.com 3 redirects threatpost.com
tagan.adlightning.com
eb2.3lift.com
qd.admetricspro.com
32 threatpost.com threatpost.com
26 s1.adform.net track.adform.net
s1.adform.net
threatpost.com
16 ib.adnxs.com 5 redirects cds.connatix.com
qd.admetricspro.com
eb2.3lift.com
acdn.adnxs.com
14 cm.g.doubleclick.net 7 redirects eb2.3lift.com
u.openx.net
g2.gumgum.com
ssum-sec.casalemedia.com
14 media.threatpost.com threatpost.com
14 assets.threatpost.com threatpost.com
assets.threatpost.com
13 rtb.gumgum.com 1 redirects g2.gumgum.com
10 ads.servenobid.com qd.admetricspro.com
public.servenobid.com
ssbsync.smartadserver.com
g2.gumgum.com
ssum-sec.casalemedia.com
9 hal900018.redintelligence.net 2 redirects threatpost.com
tagan.adlightning.com
hal900018.redintelligence.net
9 pagead2.googlesyndication.com srcdoc
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
9 capi-tier-2-us-east-2.connatix.com cd.connatix.com
9 securepubads.g.doubleclick.net tagan.adlightning.com
www.googletagservices.com
securepubads.g.doubleclick.net
threatpost.com
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
9 tagan.adlightning.com threatpost.com
tagan.adlightning.com
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
8 match.prod.bidr.io 8 redirects
8 static.criteo.net ads.eu.criteo.com
8 ib.3lift.com tagan.adlightning.com
threatpost.com
ib.3lift.com
8 c2shb.pubgw.yahoo.com cds.connatix.com
7 track.adform.net hal900018.redintelligence.net
s1.adform.net
7 eu-u.openx.net u.openx.net
qd.admetricspro.com
eu-u.openx.net
7 e.serverbid.com 2 redirects qd.admetricspro.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
7 qd.admetricspro.com threatpost.com
qd.admetricspro.com
6 sync.1rx.io 6 redirects
6 eus.rubiconproject.com qd.admetricspro.com
eus.rubiconproject.com
g2.gumgum.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6 us-u.openx.net 1 redirects u.openx.net
eu-u.openx.net
6 s.amazon-adsystem.com 3 redirects eb2.3lift.com
ssum-sec.casalemedia.com
6 x.bidswitch.net 6 redirects
6 match.adsrvr.org 3 redirects u.openx.net
ssum-sec.casalemedia.com
6 tags.mathtag.com tagan.adlightning.com
6 tpc.googlesyndication.com tagan.adlightning.com
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
threatpost.com
6 vid.connatix.com cd.connatix.com
cds.connatix.com
5 ads.pubmatic.com cds.connatix.com
qd.admetricspro.com
g2.gumgum.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
5 tag.1rx.io cds.connatix.com
qd.admetricspro.com
5 www.googletagmanager.com threatpost.com
www.googletagmanager.com
5 cds.connatix.com threatpost.com
cd.connatix.com
5 c.amazon-adsystem.com qd.admetricspro.com
c.amazon-adsystem.com
5 www.google.com threatpost.com
tagan.adlightning.com
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 token.rubiconproject.com 4 redirects
4 pixel.rubiconproject.com 2 redirects g2.gumgum.com
4 rtb-csync.smartadserver.com eu-u.openx.net
ssbsync.smartadserver.com
4 pm.w55c.net 4 redirects
4 aax-eu.amazon-adsystem.com 2 redirects eb2.3lift.com
4 c1.adform.net 4 redirects
4 pix.eu.criteo.net ads.eu.criteo.com
4 sync.mathtag.com 4 redirects
4 px.ads.linkedin.com 2 redirects eb2.3lift.com
4 ap.lijit.com 1 redirects qd.admetricspro.com
public.servenobid.com
4 fastlane.rubiconproject.com qd.admetricspro.com
4 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
4 www.googletagservices.com threatpost.com
tagan.adlightning.com
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
3 cs.emxdgt.com 2 redirects serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3 usersync.gumgum.com g2.gumgum.com
3 sync.outbrain.com 3 redirects
3 sync.go.sonobi.com public.servenobid.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3 ssum-sec.casalemedia.com 2 redirects public.servenobid.com
3 js-sec.indexww.com cds.connatix.com
qd.admetricspro.com
3 acdn.adnxs.com cds.connatix.com
qd.admetricspro.com
3 sync.srv.stackadapt.com 3 redirects
3 b1sync.zemanta.com 3 redirects
3 pr-bh.ybp.yahoo.com 2 redirects eu-u.openx.net
3 unpkg.com 2 redirects
3 pixel.quantserve.com 2 redirects threatpost.com
3 btlr.sharethrough.com qd.admetricspro.com
3 c2shb.ssp.yahoo.com qd.admetricspro.com
3 tlx.3lift.com qd.admetricspro.com
threatpost.com
3 hbopenbid.pubmatic.com cds.connatix.com
qd.admetricspro.com
3 htlb.casalemedia.com cds.connatix.com
qd.admetricspro.com
3 prebid.a-mo.net 1 redirects cds.connatix.com
qd.admetricspro.com
3 teachingaids-d.openx.net cds.connatix.com
qd.admetricspro.com
3 s0.2mdn.net imasdk.googleapis.com
s1.adform.net
2 i.liadm.com 2 redirects
2 pixel.advertising.com 2 redirects
2 creativecdn.com 2 redirects
2 secure-assets.rubiconproject.com 2 redirects
2 ad.360yield.com 2 redirects
2 match.deepintent.com g2.gumgum.com
ssum-sec.casalemedia.com
2 pixel-us-east.rubiconproject.com g2.gumgum.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
2 ups.analytics.yahoo.com 2 redirects
2 ssbsync.smartadserver.com public.servenobid.com
g2.gumgum.com
2 bh.contextweb.com 2 redirects
2 us.creativecdn.com 2 redirects
2 sasinator.realestate.com.au 1 redirects eb2.3lift.com
2 u.openx.net cds.connatix.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 pixel.mathtag.com tagan.adlightning.com
2 hal9000.redintelligence.net tagan.adlightning.com
2 csm.eu.criteo.net ads.eu.criteo.com
2 rtb.mfadsrvr.com 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 sync.ipredictive.com 2 redirects
2 ads.avct.cloud 2 redirects
2 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com securepubads.g.doubleclick.net
tagan.adlightning.com
2 9582686.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 www.google.de threatpost.com
2 stats.g.doubleclick.net www.google-analytics.com
2 script.4dex.io qd.admetricspro.com
script.4dex.io
2 id5-sync.com cdn.id5-sync.com
qd.admetricspro.com
2 kaspersky.d3.sc.omtrdc.net media.kaspersky.com
2 dpm.demdex.net media.kaspersky.com
threatpost.com
2 img.connatix.com threatpost.com
2 kasperskycontenthub.com threatpost.com
1 i6.liadm.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 gift-connect-d.openx.net serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 go.sonobi.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 d.adroll.com 1 redirects
1 ad4m.at ssum-sec.casalemedia.com
1 tg.socdm.com 1 redirects
1 stags.bluekai.com 1 redirects
1 sync.technoratimedia.com g2.gumgum.com
1 odr.mookie1.com g2.gumgum.com
1 secure.adnxs.com 1 redirects
1 visitor.omnitagjs.com ssbsync.smartadserver.com
1 csync.loopme.me 1 redirects
1 ads.yahoo.com
1 id.rlcdn.com
1 p.rfihub.com 1 redirects
1 ce.lijit.com 1 redirects
1 onetag-sys.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 image2.pubmatic.com 1 redirects
1 rtb.openx.net eu-u.openx.net
1 bttrack.com eb2.3lift.com
1 usersync.getpublica.com eb2.3lift.com
1 cms.quantserve.com 1 redirects
1 triplelift-match.dotomi.com eb2.3lift.com
1 sync.hgrtb.com 1 redirects
1 pixel-sync.sitescout.com eb2.3lift.com
1 public.servenobid.com qd.admetricspro.com
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com ads.eu.criteo.com
1 ad.turn.com 1 redirects
1 cat.nl.eu.criteo.com ads.eu.criteo.com
1 c.bing.com eb2.3lift.com
1 ads.eu.criteo.com 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
1 rtb.fr.eu.criteo.com 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
1 adservice.google.de adservice.google.com
1 adservice.google.com 9582686.fls.doubleclick.net
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.googletagmanager.com
1 mp.4dex.io qd.admetricspro.com
1 geo.ipify.org qd.admetricspro.com
1 t.co threatpost.com
1 analytics.twitter.com tagan.adlightning.com
1 rules.quantcount.com secure.quantserve.com
1 cm.everesttech.net 1 redirects
1 kaspersky.demdex.net tagan.adlightning.com
1 static.ads-twitter.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 lit.connatix.com cd.connatix.com
1 cdn.id5-sync.com tagan.adlightning.com
1 secure.cdn.fastclick.net tagan.adlightning.com
1 capi.connatix.com cd.connatix.com
1 cd.connatix.com 1 redirects
1 media.kaspersky.com threatpost.com
474 163
Subject Issuer Validity Valid
threatpost.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
*.adlightning.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-08-11 -
2022-08-10		 a year crt.sh
assets.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
media.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
kasperskycontenthub.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
media.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-31 -
2023-03-31		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA		 2022-01-15 -
2023-01-17		 a year crt.sh
cdn.id5-sync.com
R3		 2022-04-13 -
2022-07-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
*.d3.sc.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-03-07		 a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.id5-sync.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2021-06-01 -
2022-07-02		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.a-mo.net
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
e.serverbid.com
R3		 2022-04-13 -
2022-07-12		 3 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-03-11 -
2023-04-12		 a year crt.sh
ads.servenobid.com
Amazon		 2021-06-28 -
2022-07-27		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.fr.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-13 -
2022-06-09		 3 months crt.sh
*.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-19 -
2022-06-18		 3 months crt.sh
*.mathtag.com
DigiCert SHA2 Secure Server CA		 2020-04-15 -
2022-04-22		 2 years crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-03-28 -
2022-09-28		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2022-03-16 -
2022-09-16		 6 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-13		 3 months crt.sh
*.nl.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-15 -
2022-06-13		 3 months crt.sh
*.eu.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-10 -
2022-07-04		 3 months crt.sh
redintelligence.net
R3		 2022-03-29 -
2022-06-27		 3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA		 2021-06-29 -
2022-07-07		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-07		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-30		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-17		 a year crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-15 -
2023-01-15		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.getpublica.com
Amazon		 2021-07-01 -
2022-07-30		 a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-21 -
2023-04-20		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-24 -
2022-06-23		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon		 2022-02-15 -
2023-03-16		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh

This page contains 66 frames:

Primary Page: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Frame ID: B5E5484A6FFE5599273161A28BAF07A8
Requests: 157 HTTP requests in this frame

Frame: https://cds.connatix.com/p/158870/connatix.player.dc.js
Frame ID: 0AF4583A62931E3BE79824B03D011D79
Requests: 22 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 88CA1177F9F8E7EE099D6E0EA92C4A97
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Frame ID: C72F6411693093ADDF15C33A55B7DA3D
Requests: 19 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Frame ID: F3F4FB7A4E123F7BA004643E2A40EBAE
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Frame ID: 1B33ACD1E178CEDE6E9BF5F65E62D909
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Frame ID: 0465EA4085506A46E41532B12DBC3E08
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C3B558CEA350F7F5931F0DA6AABE0E56
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6C3A24976610832A569ED136B9FC1C7E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 12269EBA39E3BD7605B82ACCE0892221
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Frame ID: 9BAFE6CF1BF1C446D986C9B13DC50A98
Requests: 1 HTTP requests in this frame

Frame: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9343C41C73526E1B29C95EA934B40F56
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Frame ID: 204C505C39F24C107FAE061ECBD2B00A
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Frame ID: 243ED046815A427557E4D2E84AB47800
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8C6F87B0FA2E1B51B04DFE0A0FC6D990
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4AADFF5DFD78C6A0CB583BF7DCE145F5
Requests: 2 HTTP requests in this frame

Frame: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F127CD91989C17458EF6041EA5841B1F
Requests: 12 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-21832b7e.js
Frame ID: 8A31853D7CEDBBB1DC69CD268F3FE4D7
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-21832b7e.js
Frame ID: 81BE3EBF12795C9A3F11EF3D50EED28F
Requests: 12 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Frame ID: 4AA2F3737E39D0F895EF92267B0B6A4B
Requests: 19 HTTP requests in this frame

Frame: data://truncated
Frame ID: 67478E9ACC74313440341188B6D306F2
Requests: 1 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvWVdVNE5EWXpOMll0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNzcyNDkyMzg3MzQ2MjM4MjYvMTA0MDYyOTIvMTExNDI0ODEvNjIvY0hkRXZoNjNwSFZyajV0bEM4VGpzd0tZVmxWY0F2VHo4LTFoNUVMM0FpRS8xLzYyLzAvMC8xODUzOTIxLzMxMTc3ODM5NzAvMjE1NTQzLzExMjkyNzQvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC82Mjc3MjQ5MjM4NzM0NjIzODI2L3pyaC8wLzEwMDAyLzU5Lzk5OS8yNTgvMTg1LjIxMy4xNTUuMC8wLjAwMC8xNjUwMDk4MTU2LzE2NTAxMTA3NTYvNjIvOTI4Ni8/W-jYTNkx0KecHfZumDvt400nWM8&nodeid=2802&group=zrh&auctionid=6277249238734623826&shardkey=6277249238734623826&sid=11142481&cid=10406292&price=0.198&bp=a_bjiibd&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.139
Frame ID: 313D2B62CE91A4329A9042C259B9C95F
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Frame ID: 99316D47DD5F9B6330D60B6F3B28C814
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: F2128E372A14E5E3BFC82559BF69CFFA
Requests: 1 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvWVdVNE5EWXpOMll0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzM5NzE0MDYyMjk1MjA5Mjk3NzUvMTA0MDYyOTEvMTExNDI0ODEvNjIvY0hkRXZoNjNwSFZyajV0bEM4VGpzXzFSZ1laMEZZWUNUNmhpNG9xbG1DQS8xLzYyLzAvMC8xODUzOTIxLzMxMTc3ODM5NzAvMjE1NTQzLzExMjkyNzQvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8zOTcxNDA2MjI5NTIwOTI5Nzc1L3pyaC8wLzEwMDAyLzU5Lzk5OS8yNTgvMTg1LjIxMy4xNTUuMC8wLjAwMC8xNjUwMDk4MTU2LzE2NTAxMTA3NTYvNjIvOTI4Ni8/-34eBp4B7vu6oPCEoALUgRiY0ok&nodeid=2802&group=zrh&auctionid=3971406229520929775&shardkey=3971406229520929775&sid=11142481&cid=10406291&price=0.198&bp=a_bjiibd&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.88
Frame ID: AAF892A8EDB589DD1E5CD92FF60A22A8
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Frame ID: 6A3E1DED57FDE87A29914D5B5F959246
Requests: 11 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: B6620583B9812EDDD64C8F72F338F208
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 7CA9FFE7D104649FB97F5833741F2FB5
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: A685F7D125DC32373D77A99A0F71F19E
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CA8BFE917A32BB447FA4108E35F568B9
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: D6F7DB4DDAD272C25F32F900D5EA8388
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F28DDE8BD3CD8496B7F80E83EC2F8279
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 02123A226F4009C91481FEEB93CFDE15
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0B2C9E5386A937EC51248F2B8D7097B7
Requests: 3 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=79663500055179004380388011931018&a=2d681f24
Frame ID: 0DFEC997D03B9165CFAECDAE010DA6FA
Requests: 8 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
Frame ID: B3A716CE7771CCFCA599D03F117A52E2
Requests: 10 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/10999324/10999324.js?ADFassetID=10999324&bv=258
Frame ID: 6442D14A2A6FC87E75D1FEFD6F60EBC0
Requests: 12 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/10999322/10999322.js?ADFassetID=10999322&bv=258
Frame ID: EDB74B1EAA9F16D0F4C70DCED64883A9
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: D8B0C9A40A71110F5B5987FA45359230
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: F935CA5E79592E8D524071A60C0C2053
Requests: 10 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: B90B11CCA59F062670D3DA250E5CF691
Requests: 8 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CBB2B845F40DE55328EA8748E25C3A30
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: ECBB3937C3A5523EF2980EBE300F2B81
Requests: 9 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 414FDCD6A0556BAF0755431EB514EFD9
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 84DAD0677941C14BD48CBBA87247DD52
Requests: 11 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: F65D73D2EC02D9909872C33348064098
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: FFA60EEE7C429914B2D1C07D772B0A93
Requests: 7 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: DE991423A8D5FE4D123CC49CAB7718C6
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: C87B6982E0746D973872C68B56863B9B
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 9200F1EACD73868710910D3FE45C68C4
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 5FF7EE4CD55A5B95F339516F4DA992AD
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: F2BB2A901DFB0C56093422A446516345
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=3351625a-7fee-4a01-a967-ad4537ec0667&gdpr=0&gdpr_consent=
Frame ID: 16479BBD52620D80F40BF65D369C0547
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=Ylp-6wAAAIYq2AQA&gdpr=0&gdpr_consent=
Frame ID: E457DC67FB1B139F360E36651CA1A44C
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82OTY5MmY4MC0yYWNjLTRjMGQtOTk4MS0yZDU4YmEzZjNjZDc=&gdpr=0&gdpr_consent=
Frame ID: 716C4FF27B523CC47B14811371BE027D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 3636C51B38E532B9458E41F1CB8BC7D1
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=cdaba960-d978-4608-b0ff-587fb99b7e8b&t=1652690162
Frame ID: DA3C20A75A4181497B33C004ABB3BD92
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 1ECF4B4FA3377EA962CE96EA9DEE12C0
Requests: 3 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=8360310439731899993brt30101650098162586068f1
Frame ID: B62C7D4F36D9C403561074159EF7D9EB
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=Ylp-88Co5r8AAPjCInwAAAAA
Frame ID: 0BB56A4FA3544E8E8AF763F7F91CF7AC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=ijz7eT5R9A6qfnOgve48&pi=gumgum&tc=1
Frame ID: 3DFC993932D01E90F78168408850CC29
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: 176819FA9C2B3E8DDFCC99B840306A6C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: 46A112CE7DCD4034466057D3B6EFE172
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: B91CA1ABA6D3E44FD11C3242727243AD
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: C5103B3A27A08CF2AE2A3B53CA6721C6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: 28473E1A145F27CA0AE2479094DA5657
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Malformed URL Prefix Phishing Attacks Spike 6,000% | Threatpost

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

474
Requests

84 %
HTTPS

27 %
IPv6

93
Domains

163
Subdomains

114
IPs

9
Countries

6300 kB
Transfer

14256 kB
Size

76
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/158870/connatix.player.dc.js
Request Chain 104
  • https://cm.everesttech.net/cm/dd?d_uuid=73868497542728440871343779965848463154 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Ylp-6wAAAIYq2AQA
Request Chain 178
  • https://unpkg.com/web-vitals HTTP 302
  • https://unpkg.com/web-vitals@2.1.4 HTTP 302
  • https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js
Request Chain 186
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1650098156624%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQIFysTrF1tvMQAAAYAxg7ZP_nK-KryT4UyXIZqiF8yikpnJFAw3ksJvW9q43nvuHkQ_gaE7
Request Chain 190
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F HTTP 302
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Request Chain 241
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922 HTTP 302
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Request Chain 252
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3658&xuid=cdaba960-d978-4608-b0ff-587fb99b7e8b&dongle=0cfd
Request Chain 253
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&cmp_cs= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzU2OTc3NDQxMzM3MDk2NDE2NjU3OQ%3D%3D HTTP 302
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Request Chain 254
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEChPfGmQmLX38Qk36hnZmt4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 255
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzU2OTc3NDQxMzM3MDk2NDE2NjU3OQ%3D%3D
Request Chain 257
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/3569774413370964166579?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-y6XCL_pE2oSsCDaaxUPdQ7WgFFXEeaV2dk.x5h3rTg--~A&dongle=0883
Request Chain 258
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=3569774413370964166579&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=triplelift&user_id=3569774413370964166579&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=9f267c56-43bd-49b0-aea6-e295832fefda&ssp=triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=2409&xuid=fabb218b-ac7f-418a-b90c-d25cf822c632&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 260
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=3569774413370964166579 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=3569774413370964166579&dcc=t
Request Chain 261
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
Request Chain 269
  • https://match.prod.bidr.io/cookie-sync/trl HTTP 303
  • https://match.prod.bidr.io/cookie-sync/trl?_bee_ppp=1 HTTP 303
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AACZ1E7EtQAAACGNGNce2Q&dongle=bzwx
Request Chain 270
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3702&xuid=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b&dongle=d54f&gdpr=0&gdpr_consent=
Request Chain 271
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162&dongle=4430
Request Chain 272
  • https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3657&xuid=Ylp-6wAAAIYq2AQA&dongle=3c0a&gdpr=0&gdpr_consent=
Request Chain 273
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3335&xuid=8360310439731899993&dongle=4d58&gdpr=0&gdpr_consent=
Request Chain 274
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4945&xuid=d42b9a20-2748-4ef5-8d25-34667be62855&dongle=31ac
Request Chain 275
  • https://ad.turn.com/r/cs?pid=49&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=3544401046829132356&dongle=d407
Request Chain 276
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3690&xuid=724f625a-7fee-4200-bf3e-f332adb4d092&dongle=3995&gdpr=0&gdpr_consent=
Request Chain 298
  • https://hal900018.redintelligence.net/request.php?zone=ynpsxyk40ika&nw=20&renderingType=javascript&namespace=9b7d442366&subid=&uid=b7861c363e86aa40&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091162%26mt_aid%3D3971406229520929775%26mt_id%3D10406291%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26mt_cid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7471891609117&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900018.redintelligence.net/request.php?zone=ynpsxyk40ika&nw=20&renderingType=javascript&namespace=9b7d442366&subid=&uid=b7861c363e86aa40&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091162%26mt_aid%3D3971406229520929775%26mt_id%3D10406291%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26mt_cid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7471891609117&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 299
  • https://hal900018.redintelligence.net/request.php?zone=uten8uck00se&nw=20&renderingType=javascript&namespace=285ca16775&subid=&uid=04da3f24a008fd02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091161%26mt_aid%3D6277249238734623826%26mt_id%3D10406292%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3251625a-7fee-4601-90f8-0782272494dd%26mt_cid%3D3251625a-7fee-4601-90f8-0782272494dd%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7528433724860&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900018.redintelligence.net/request.php?zone=uten8uck00se&nw=20&renderingType=javascript&namespace=285ca16775&subid=&uid=04da3f24a008fd02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091161%26mt_aid%3D6277249238734623826%26mt_id%3D10406292%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3251625a-7fee-4601-90f8-0782272494dd%26mt_cid%3D3251625a-7fee-4601-90f8-0782272494dd%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7528433724860&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 302
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=roBuLnxOMElxaXMzWUtLSVJFUGx5QzNxZUJqVXlEbXB6L0U0aUxHNjNyNmkvMVRYZmNWNUtPLzNzWjJTQURvVkgyZFkwMm5ERWxWbUg2NEhpR2EvNENxL05lL21SWlNhRFhWeDAvdll6Tko2bUhQSjJGd05ZeVlGOTlWSzRXblh0OHpvZmZlM3RvNk9IRmZtWFNmeWkvQ085UVNLZS9Sd0pkeFJValRVLzkwTzh5SUNNWmdwdHRJM1Q5SWRiRWw5YkhHL3l4Z0hLbklMdmt1WldwcHh5ZUtqSjZ1YXU3UW9ZREJMWERPRDJnOU5UV0k4PXw&cppv=2
Request Chain 313
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
Request Chain 314
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
Request Chain 315
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5900260929700950267
Request Chain 318
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
Request Chain 320
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
Request Chain 321
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
Request Chain 322
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5548847042391361760
Request Chain 325
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
Request Chain 360
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 368
  • https://sync.hgrtb.com/triplelift?redir=http%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D7666%26xuid%3Dmy_external_user_id%26dongle%3D8f7 HTTP 302
  • https://eb2.3lift.com/xuid?mid=7666&xuid=bf932f19-c076-4a6c-aa1c-b9257759b2f1&dongle=8f7
Request Chain 370
  • https://cms.quantserve.com/pixel/p-VtN-a_yLd-GB-.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=jqVe5I_xDuaVpFm8iKdG49n2CraVoQi32_SR1-wM
Request Chain 371
  • https://aax-eu.amazon-adsystem.com/s/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=3569774413370964166579 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3569774413370964166579&dcc=t
Request Chain 372
  • https://sasinator.realestate.com.au/rea/setid/external=TRIPLELIFT/value=3569774413370964166579 HTTP 302
  • https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=3569774413370964166579
Request Chain 374
  • https://pm.w55c.net/ping_match.gif?st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=1%26gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=1%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=6019&xuid=BJQHhMZw1NFDUu5&dongle=465e&gdpr=1&gdpr_consent=
Request Chain 375
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=1&gdpr_consent= HTTP 302
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=1&gdpr_consent=&tc=1 HTTP 302
  • https://eb2.3lift.com/xuid?mid=6547&xuid=yPINVuM4F8WCZRiCt9hi&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=&tc=1
Request Chain 381
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BJQHhMZw1NFDUu5
Request Chain 382
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=CGfZPpRTRxZI5Dd_Ytu5J7nVm6I&user_group=1&ssp=openx HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=fabb218b-ac7f-418a-b90c-d25cf822c632&gdpr=&gdpr_consent=
Request Chain 383
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8360310439731899993
Request Chain 384
  • https://match.prod.bidr.io/cookie-sync/ox HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDWjFFN0V0UUFBQUNHTkdOY2UyUQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACZ1E7EtQAAACGNGNce2Q&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACZ1E7EtQAAACGNGNce2Q&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AACZ1E7EtQAAACGNGNce2Q&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Request Chain 389
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Request Chain 390
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=8360310439731899993
Request Chain 391
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=83f930727f2221cb25061fe4
Request Chain 393
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1650098162472 HTTP 302
  • https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Request Chain 394
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5133329520973415817
Request Chain 396
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=8b4a4ccb-9728-4495-ab9d-6c8a6fa99861&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 397
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-wjiLFH5E2uEFAm_N911NJ5H6MnTVScNvO0DFZR4-~A
Request Chain 398
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Vfl9rY_EQ7CQCXCy_Fq-Mg&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vfl9rY_EQ7CQCXCy_Fq-Mg
Request Chain 399
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGUwNjRkMTVhN2I2MmZjMGY4M2IwZmJmZDkxNmY3YzJiM2ZiMjRiNA
Request Chain 401
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L21LU625-1L-1CLF
Request Chain 402
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L21LU625-1L-1CLF&sigv=1&esig=2~65a61e7985df12d0a4968619bc4fc1211968dde4
Request Chain 403
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEE5-WJ7Grur_2rnf2d67wZk&google_cver=1
Request Chain 404
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDIxTFU2MjUtMUwtMUNMRg==
Request Chain 405
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=jOpEnSYbQYmaFHVEdiw-8Q&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=jOpEnSYbQYmaFHVEdiw-8Q
Request Chain 426
  • https://csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&gdpr=0&gdpr_consent= HTTP 307
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=780fbc4a-9e88-4425-8453-b99ffbd2bba6&gdpr_consent=null&gdpr=0
Request Chain 427
  • https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent= HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&gdpr=0
Request Chain 428
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1650098162499 HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
Request Chain 430
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=8360310439731899993
Request Chain 431
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=fabb218b-ac7f-418a-b90c-d25cf822c632&ssp=gumgum2&gdpr=0&gdpr_consent=
Request Chain 432
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28670dPv8uFWpYds_yOjitZ98icx1yRCKz8rVN8FoHGDX_57K1LH8spuoMSo6QytXX%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28670dPv8uFWpYds_yOjitZ98icx1yRCKz8rVN8FoHGDX_57K1LH8spuoMSo6QytXX%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7&obuid=ENC(670dPv8uFWpYds_yOjitZ98icx1yRCKz8rVN8FoHGDX_57K1LH8spuoMSo6QytXX) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268
Request Chain 433
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=eadf25fe-24e7-4cf6-bb32-bd1592d966cb
Request Chain 434
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162
Request Chain 435
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-iYkVtYxE2pf7CY7yeSIaddaz7gRQVs_v5YOT~A
Request Chain 436
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b
Request Chain 439
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=JOqmMhj21NqjSC1omJhg&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2SSPOFWU22DKGIYU44LKKNBTC33NJJUGOJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2SSPOFWU22DKGIYU44LKKNBTC33NJJUGOJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JOqmMhj21NqjSC1omJhg&us_privacy=1---
Request Chain 440
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=8e2623aa-7fe9-4d95-9f02-6a2ec5bb8f97
Request Chain 441
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1650098162519 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Request Chain 442
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=PzPoLl4EgO1W&ev=1&pid=558355
Request Chain 445
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=3351625a-7fee-4a01-a967-ad4537ec0667&gdpr=0&gdpr_consent=
Request Chain 446
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=Ylp-6wAAAIYq2AQA&gdpr=0&gdpr_consent=
Request Chain 449
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=cdaba960-d978-4608-b0ff-587fb99b7e8b&t=1652690162
Request Chain 450
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 451
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=8360310439731899993&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
  • https://usersync.gumgum.com/usersync?b=emx&uid=8360310439731899993brt30101650098162586068f1
Request Chain 452
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=Ylp-88Co5r8AAPjCInwAAAAA
Request Chain 453
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=ijz7eT5R9A6qfnOgve48&pi=gumgum&tc=1
Request Chain 455
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB&dcc=t
Request Chain 456
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Ylp-8gsbjIiJA7nNAGiTiQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEF2OdmhaH1AkKjQ7QORFDRg&google_cver=1&gdpr=1
Request Chain 460
  • https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Request Chain 462
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACZ1E7EtQAAACGNGNce2Q&expiration=1651307762&gdpr=1
Request Chain 465
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Request Chain 469
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=8360310439731899993
Request Chain 470
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Ylp-8gsbjIiJA7nNAGiTiQAA%261215
Request Chain 471
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID HTTP 307
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=83f930727f2221cb25061fe4
Request Chain 473
  • https://pixel.advertising.com/ups/56621/occ HTTP 302
  • https://pixel.advertising.com/ups/56621/occ?verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP3fd5f832-bd60-11ec-9b9e-02dcd461876a HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP3fd5f832-bd60-11ec-9b9e-02dcd461876a
Request Chain 474
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
Request Chain 475
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48 HTTP 303
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48&_li_chk=true&previous_uuid=06262493d6c34f0093d989d4290fb0a5 HTTP 303
  • https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48

474 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ 		87 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
07aa23f1921ceaa1b1691dcad88c848435325b951fcd5e0f29e27496a80cce8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:35:53 GMT
Link
<https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/164132>; rel="alternate"; type="application/json" <https://threatpost.com/?p=164132>; rel=shortlink
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Debug-Auth
off
X-Frame-Options
SAMEORIGIN
X-Request-Host
threatpost.com
X-XSS-Protection
1; mode=block
x-cache-hit
HIT
museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-3ca8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15528
museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-5124"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20772
museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-3dcc"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15820
museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-51a4"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20900
museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-5c74"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23668
museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-5194"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20884
museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-5bac"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23468
museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-51b8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20920
museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-5b34"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23348
museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:54 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-50c8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20680
op.js
tagan.adlightning.com/math-aids-threatpost/ 		44 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
74536e40801257d0012af449232b65f8a948d0f2066016a7b9c82849f5c58b97

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
yTEb99lIOGDAJvREUXQzDg98w6MaPs09
content-encoding
gzip
etag
"582649308e253c54993a262af1085349"
age
2558
x-cache
Hit from cloudfront
content-length
18515
x-amz-meta-git_commit
7b120a5
last-modified
Fri, 15 Apr 2022 19:15:35 GMT
server
AmazonS3
date
Sat, 16 Apr 2022 08:35:55 GMT
content-type
application/javascript
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
x-amz-cf-id
pxkgoLNOP3POVcrb7sLMbfGU0EPrkHWt9iHEHJYpUPkbl9XuPe6Ixw==
gpt.js
www.googletagservices.com/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7af817561503f0d47c43e0dce714162d9ce7dd2cef82efc5fd37e8a5a08d5f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28547
x-xss-protection
0
server
sffe
etag
"1188 / 682 of 1000 / last-modified: 1650060514"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 16 Apr 2022 08:35:55 GMT
ros-layout.js
qd.admetricspro.com/js/threatpost/ 		26 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 08 Apr 2022 16:11:01 GMT
server
cloudflare
etag
W/"679a-5dc26d73770fc-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itv%2BqQhJfMcB%2B%2BtjmyhO6uI6sv3WSK0VTL8rK5cNjMwvwZdxwNDP4eK%2FNQf6OYWIcPEqNWOoeDL7jQiSL7QQn1XbLkhiaVjN3EtVxKkDTpT%2BZJ%2F7PEaN737MEdiXSNmDEHOIahKQmOmEylFpWVsIhYaO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6fcb97164e6b9156-FRA
expires
Sat, 16 Apr 2022 08:39:40 GMT
cmp.js
qd.admetricspro.com/js/threatpost/ 		310 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 01 Jun 2021 14:47:10 GMT
server
cloudflare
etag
W/"4d957-5c3b56abf6028-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZzU7x%2FN8UbOC9f9sXh3X53yjq%2FTYaoR1Tf1vQ29YrNSqwrfoCyT48u%2BbuEAdH6cBc1Bdy1JzYKAHrEyfWVDDFtIQO%2BqxvM4aFtQ8SgNInucm4MDhX4NehwWxJMjn8NYK2C1ZyoNhqYQHSn4hMl%2BWNyI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6fcb971cca999156-FRA
expires
Sat, 16 Apr 2022 08:38:14 GMT
uspcmp.js
qd.admetricspro.com/js/threatpost/ 		148 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 08 Aug 2020 22:40:07 GMT
server
cloudflare
etag
W/"24e50-5ac65673cef1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mjxl3PZwBl0hQWt9x7JTX4b823qXj4cLWej6%2BmKFVN%2B8sD%2BVIRom9oZ5y7vE305gkdfJ7n%2FfdvyNBQYvFvzMR78fBo3ST2CyKAXynmbWs4njbcRMvzQQbVo24XvHAK7FHx6LvcKNJWpbxw4udK%2BxlDE6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6fcb971cca9d9156-FRA
expires
Sat, 16 Apr 2022 08:38:14 GMT
targeting.js
qd.admetricspro.com/js/threatpost/ 		393 B
555 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 21:50:12 GMT
server
cloudflare
etag
W/"189-5c8c2c96f96c7-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NbT2M6ftPOmUDYah6ccR7JNnP9Zac0G2%2FDHFUvqIXX1S6uDDg%2FQlHQO%2BvDzOQnKixxsSBVxxwOWZQaxCgY%2Ba6efhJzmShKjNdWpflL4H18%2FkuT8%2BuDvT2cDlVgjbshIEGfPwSvife1OT9kKPDYTXru5%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6fcb971ccaa09156-FRA
expires
Sat, 16 Apr 2022 08:38:14 GMT
prebid.js
qd.admetricspro.com/js/threatpost/ 		430 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 15:35:01 GMT
server
cloudflare
etag
W/"6b738-5ce51d26ef74c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GgxHZGOuedHSGC%2FEs0FxlcM0ryhdk8U6nLBkpUioLhmTotjbhUwQRAlFZJ6stMiG18mmvnQUR%2F20Eeg4NOTiIUdQmLcBvvks2QAZojCCH6rmX34e5XtP%2BmgVVlL6aRq1rg6QG9z1Ea3yP7qdf2z8MhSo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6fcb971ccaa29156-FRA
expires
Sat, 16 Apr 2022 08:38:14 GMT
engine.js
qd.admetricspro.com/js/threatpost/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/engine.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 24 Jan 2022 02:31:38 GMT
server
cloudflare
etag
W/"8cae-5d64ac49b9c1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OGb7f4tEuBRBjXEPChSQS361tOSab8FynXhRSmvJfoaSfQc1TFJx9ogltKUE0hAtRk%2F1JBS1rgKQ8DY2pLOYC8ENoXm8B8FA0eBHexoyQOcfFJddTkbAXhQgYRdv%2FHPvxfJS9vXeejJxt%2FdbN05yaPd3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6fcb97164e6d9156-FRA
expires
Sat, 16 Apr 2022 08:41:24 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 		294 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:54 GMT
content-encoding
gzip
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
content-length
42696
x-cache-hit
HIT
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-debug-auth
off
x-request-host
assets.threatpost.com
x-amz-cf-id
ULbLjfwZeW8Edaaogeb2sgFUynRLFk-gDRM1TpsiLJTuSAKkK6IXaA==
expires
Sat, 16 Apr 2022 17:37:11 GMT
jquery-1.12.4-wp.js
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-17a56"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
alert_text.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		107 B
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1649682948
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-6b"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
alert.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1649682948
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-104a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
public.js
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 		116 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Jun 2014 19:20:42 GMT
Server
nginx
ETag
W/"5398ac0a-74"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
kaspersky-twitter-pullquote.js
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 		599 B
713 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-257"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
loadmore.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
W/"62542a05-11e7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
social-share.js
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
W/"62542a05-484d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:54 GMT
phish-fish-e1591191632979.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/06/03094019/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/06/03094019/phish-fish-e1591191632979.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1267fb5f954298273455537282a988283137c3ebeb9bef9f99d653a0a7ccd71

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 02:42:43 GMT
via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 03 Jun 2020 13:40:33 GMT
server
AmazonS3
age
280393
etag
"26a41fc5fbb3f72019285056105bd717"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
54467
x-amz-cf-id
yr6iIjdsjnBjmln6RCn1NS1mrhIgVDzgmk8DYBnu_Qjc9bM0aFRgQg==
expires
Thu, 03 Jun 2021 13:40:32 GMT
SMB-webinar-promo-article-b.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/17150450/ 		157 KB
157 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/17150450/SMB-webinar-promo-article-b.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
793c1fa20d428c9cc9f0af0179d9de217c124f5d19d31c6b36878ba793bbacd2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 25 Mar 2022 21:40:07 GMT
via
1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 17 Feb 2021 20:04:51 GMT
server
AmazonS3
age
1853749
etag
"a2fa17a9d3c4987c5c58e2be2ebd9669"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA53-C1
accept-ranges
bytes
content-length
160257
x-amz-cf-id
i8t80rRm2dk3zT-JVnvAbt5YjVm-OksBngSDMp4QrDaTGtpAMI0zbw==
expires
Thu, 17 Feb 2022 20:04:50 GMT
scripts.js
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-828"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
api.js
www.google.com/recaptcha/ 		852 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
24565ad74894f2c69f146774a8580a528142847de40e88710b1e9fa70a78a156
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Sat, 16 Apr 2022 08:35:55 GMT
main.js
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-ab4"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
s_code_single_suite.js
media.kaspersky.com/tracking/omniture/ 		173 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.85.15.23 , Germany, ASN200107 (KL-EXT, CH),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
etag
"8064ef82ed4fd81:0"
x-powered-by
Kaspersky Labs, Kaspersky Labs
alt-svc
h3=":443"; ma=86400
content-length
49335
x-xss-protection
1; mode=block
last-modified
Thu, 14 Apr 2022 10:50:53 GMT
server
x-frame-options
SAMEORIGIN
date
Sat, 16 Apr 2022 08:35:54 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
x-server
fr1/FRA4
accept-ranges
bytes
x-content-type-options
nosniff
main.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
W/"62542a05-1c643"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
regenerator-runtime.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-195e"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
wp-polyfill.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-4b3d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
dom-ready.min.js
threatpost.com/wp-includes/js/dist/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-4e9"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
hooks.min.js
threatpost.com/wp-includes/js/dist/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-163a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
i18n.min.js
threatpost.com/wp-includes/js/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-28a7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
a11y.min.js
threatpost.com/wp-includes/js/dist/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-bfd"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
jquery.json.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-730"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
gravityforms.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-abe0"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
conditional_logic.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-213f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
placeholders.jquery.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
public
Date
Sat, 16 Apr 2022 08:35:55 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 13:15:48 GMT
Server
nginx
ETag
W/"62542a04-121f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Sat, 23 Apr 2022 08:35:55 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		135 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-255-177.dus51.r.cloudfront.net
Software
Server /
Resource Hash
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
content-encoding
gzip
etag
4abd427e43cd6822329a2c05539e321f
age
899
x-cache
Hit from cloudfront
server
Server
x-amz-rid
1CPEK9TK577Z38XQH74P
date
Sat, 16 Apr 2022 08:21:23 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
DUS51-P2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
_OTEVj-PKYUq64V_ha1rjiA_iGg6zEj3Fua7TllJn1EjN6v8KKrqog==
connatix.player.dc.js
cds.connatix.com/p/158870/ Frame 0AF4
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/158870/connatix.player.dc.js
861 KB
201 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158870/connatix.player.dc.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cee8a91b121b56b386c7aa08d35fafaeef6dcf9376fbf2b74dc5a2ca06910a39

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:54 GMT
content-encoding
br
last-modified
Thu, 14 Apr 2022 07:01:27 GMT
age
178060
etag
"15172050a29619f4dae75a5bc91f70c7"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
205362

Redirect headers

location
https://cds.connatix.com/p/158870/connatix.player.dc.js
date
Sat, 16 Apr 2022 08:35:54 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/158870/ Frame 0AF4 		0
47 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:54 GMT
content-encoding
br
last-modified
Thu, 14 Apr 2022 07:01:28 GMT
age
178060
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
/
kasperskycontenthub.com/ 		0
399 B 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1070983903&back=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:55 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Connection
close
Content-Type
application/javascript
x-cache-hit
MISS
Transfer-Encoding
chunked
X-Debug-Auth
off
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Request-Host
kasperskycontenthub.com
X-XSS-Protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		183 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2565a3c9e6ce572244756112bb146e57568e4e934718b8a2c0d95d31e8bfb199
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62238
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 16 Apr 2022 08:35:55 GMT
gtm.js
www.googletagmanager.com/ 		476 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
70ea08a8009dbfe0adb0fd0aa9daa492a615b900634fdc05e91125971dc16c61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116600
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 16 Apr 2022 08:35:55 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 		13 KB
13 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:55 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 		13 KB
13 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:55 GMT
Last-Modified
Mon, 11 Apr 2022 13:15:49 GMT
Server
nginx
ETag
"62542a05-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
public
date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-4a32"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
18994
x-amz-cf-id
wXogblceOooSZSSxAobVVbV4u1aWspmlDI5SsuJqIc1iRwrhKpp1Xw==
expires
Sat, 23 Apr 2022 08:35:55 GMT
museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-51a4"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20900
x-amz-cf-id
GanISScLFCv6szrsy4BlHloMZu3fbvP0H-bBJLlkbppLXZenljiLhg==
museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-50c8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20680
x-amz-cf-id
3Qs0gzRrrUkbdkH0kQrgGwEFjA7zhXOf0047pZ4UuNeaZNOJZ8_TsA==
museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-51b8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20920
x-amz-cf-id
PSWmYFqo7AHH98k92IzDRayzRUNWVhk0Ra4N5OIFWKEVnbeWtZDW7w==
museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-5194"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20884
x-amz-cf-id
vZuAS6o9jwiPL07_GlfexxZsA_LCQZJJrXOZYdFquMcaTn2yvpySTw==
Becky-Bracken-pic.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/07/10041056/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/07/10041056/Becky-Bracken-pic.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
949ce08c8b86d6d986c1dd7043588e95515b6cd7f799575317d19705543d500c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 03 Feb 2022 09:15:17 GMT
via
1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Mon, 17 Aug 2020 13:15:29 GMT
server
AmazonS3
age
6218439
etag
"e1cab0c2364107ab6eae069ca14087d7"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA53-C1
accept-ranges
bytes
content-length
39625
x-amz-cf-id
4ylsijsWCxbPDhqggPT0L2qj1BsLo6WpfRFNfyUA1nC0ATrADSQejw==
expires
Tue, 17 Aug 2021 13:15:28 GMT
museosans-300italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-5bac"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
23468
x-amz-cf-id
tPgBl4eDmhn5Mipc0s5maCyfDPc3FG1ADFrjWrqZgeWI2hcGT7BCwQ==
museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-3dcc"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
15820
x-amz-cf-id
VSQ0-TECfkHK5g3KLy04DhaJUrOA77y8jm6ckbE4ARbx9pEvTCNCMQ==
phishing-captcha-image-300x161.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160657/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160657/phishing-captcha-image-300x161.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b713c4d60db13b6748f0e57674ff4a364c1ee805223c52786c9ce2ea8d07a8fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Fri, 19 Feb 2021 21:06:59 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2, FRA53-C1
etag
"ede1a653b858bf57bdc048bbbecd1a20"
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
4850
x-amz-cf-id
Mb9hE3ZCusKoPeeyjsEu5NMCi5k0DXweYXSLuO5DZkFKHu9Om7N68A==
expires
Sat, 19 Feb 2022 21:06:57 GMT
phishing-sign-in-page-300x161.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160718/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160718/phishing-sign-in-page-300x161.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e9eefb59277748bb91f68907a4ddbc3d5ff18307fb8af50285f925427145afd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 1f49a084ca923f375f74b42fa36ef428.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Fri, 19 Feb 2021 21:07:20 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1, FRA53-C1
etag
"d58d99202d89890c159ffefc908f5123"
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
7490
x-amz-cf-id
ZMzV1BEaZObYnRVDsVvZgRN7jQnFwt3Imqm4qyiSwEUAhPnIvkGFTA==
expires
Sat, 19 Feb 2022 21:07:18 GMT
phishing-email-example-300x222.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160706/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160706/phishing-email-example-300x222.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f0a4d16aad94ac27eb35c9707b8a74b3c383baaccac7d80fbd2822830c52cc18

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Fri, 19 Feb 2021 21:07:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1, FRA53-C1
etag
"43cfb6a96f4a9bc4db7cefb691260490"
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
12175
x-amz-cf-id
Z9Q2H4emsjZq-7SxUoQeTykbaCBBihqYDTqMxQs39iPgW7745zEKtw==
expires
Sat, 19 Feb 2022 21:07:06 GMT
foggyweb-e1632839155760-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/28102455/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/28102455/foggyweb-e1632839155760-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4bfeda82d8f8d941eabd86272cc40ec4d77d285e61035e04778303a1f00fba2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:35:58 GMT
via
1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Tue, 28 Sep 2021 14:25:58 GMT
server
AmazonS3
age
53998
etag
"2f9888c67dfff376d3b7f39d673d6de8"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
32106
x-amz-cf-id
5Sc0R8r3OAsFCxrYGCuk0nSxfhMD-Igv0EqRzVkU30VVpaIQsRBumg==
expires
Wed, 28 Sep 2022 14:25:55 GMT
Closed-1-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/06/16080400/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/16080400/Closed-1-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6a5986b74741befd7ff20b506e4d282de81c53623d27a6e840c9f15948fb18db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 15:01:41 GMT
via
1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 16 Jun 2021 12:04:04 GMT
server
AmazonS3
age
236055
etag
"d73c88a3ecc01c46a88c2c289332109c"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA53-C1
accept-ranges
bytes
content-length
22797
x-amz-cf-id
h5Dfyg9P7QEfhSbPivtiF8NE4XU67OTiVHGzR9wROf6Yh3XCOoeKgQ==
expires
Thu, 16 Jun 2022 12:04:03 GMT
Software-Patch-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/03102603/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/03102603/Software-Patch-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad36227667a9446995367ef9c37da7f1a2a52cd4392c509b208d6e55b08ed0e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:01:22 GMT
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Tue, 03 Sep 2019 14:26:06 GMT
server
AmazonS3
age
304474
etag
"d15c531369357c3f55ea190e90682fc8"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
32006
x-amz-cf-id
hK9PCcfODeGezSTkAS_BxRgWWkg5kmYPw7CmprPkWJrtZVVrIDMvVA==
expires
Wed, 02 Sep 2020 14:26:03 GMT
14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 08 Mar 2022 15:57:05 GMT
via
1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Tue, 01 Mar 2022 20:47:09 GMT
server
AmazonS3
age
3343131
etag
"502f5a6c66ba05c0831f656eb6cc29dd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2, FRA53-C1
accept-ranges
bytes
content-length
2476
x-amz-cf-id
Xx7YjHTYXxcuaYDbmlWxl4-tcDZ2wol9TmmwvxFSu_asZWvwRwAx7g==
expires
Wed, 01 Mar 2023 20:47:08 GMT
checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 18:49:28 GMT
via
1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Tue, 19 Oct 2021 14:09:44 GMT
server
AmazonS3
age
4283188
etag
"14bf40c9dffffaec5cd1337f170dac93"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
2112
x-amz-cf-id
OUzEOEPoSSrxjmc0BDWoD-pO2eYDGWBdALEz27UACxh0Xh-DUEqqnw==
expires
Wed, 19 Oct 2022 14:09:43 GMT
5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 21:12:50 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 16 Feb 2022 14:21:42 GMT
server
AmazonS3
age
4360986
etag
"8d2fd78b5abc332b1098cc4de81608b9"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA53-C1
accept-ranges
bytes
content-length
1940
x-amz-cf-id
jFuJx44pxwHrzkPYB8y1XG9TAOn_cIlURXkrdwvyXPeEEBhujqUkGQ==
expires
Thu, 16 Feb 2023 14:21:40 GMT
nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 21:08:04 GMT
via
1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 15:27:43 GMT
server
AmazonS3
age
5657272
etag
"6d0d1a22dbbe088376115135bb5be675"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
2337
x-amz-cf-id
uLXS0HmLH9ZQncxSICEh8hdPujMBk5vvzZntkC2-Nu3fxDs6fdrarA==
expires
Thu, 29 Sep 2022 15:27:42 GMT
Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 18:59:05 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
last-modified
Fri, 04 Feb 2022 14:52:59 GMT
server
AmazonS3
age
6097011
etag
"8b8e89e4e306930920312db10e2c0dbf"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA53-C1
accept-ranges
bytes
content-length
2455
x-amz-cf-id
CljOcY0GzlFDuLEU--g1drSYbRWQssYyqmXkNRCEmJ0vGyF88haVnA==
expires
Sat, 04 Feb 2023 14:52:57 GMT
mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		828 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-33c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
828
x-amz-cf-id
t1g75QoQnksFljn9dKAIqtW5eI7aI3QXdQwI45vAvYUZGsuICXq23g==
twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		868 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-364"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
868
x-amz-cf-id
JRXmuf1J-Ct_szwt-bcAw0AeNZaU2CFaABSIxautT2fO-6TL94GVsg==
player.css
cds.connatix.com/p/158870/ 		56 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158870/player.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0bfa346d7611b406e1c95c3ae1c7bd1a9a7c5340a7a197842f0005f7380546be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
last-modified
Thu, 14 Apr 2022 07:01:28 GMT
age
178060
etag
"563e0ae70a190337a57b9f3faf012f8e"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8661
mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		812 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-32c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
812
x-amz-cf-id
kTZlDTuwVh9YEFtsLlmj39MwnC3ma67vRGuoAk5DYOHAf8-0G5-YKw==
logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
public
date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-260a"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
9738
x-amz-cf-id
dWBWxiHF5dhfGXL_QDuGeUbZ4VBQrS5oPYcjMkY2sXGFfWVfRjiclg==
expires
Sat, 23 Apr 2022 08:35:55 GMT
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
16976225
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
EKLfs9t-TEU1bT8FzlkZJg5BB9QticIrXyhafL6LtlwNoLFOg3KcZg==
bl-39123b0-21832b7e.js
tagan.adlightning.com/math-aids-threatpost/ 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-21832b7e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99b874c4939eaa83ab36ff4e0d2863ce2092cee1d35b09ae298ccfa996aa4c3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 19:25:54 GMT
content-encoding
gzip
age
47402
x-cache
Hit from cloudfront
content-length
18263
x-amz-meta-git_commit
39123b0
last-modified
Fri, 15 Apr 2022 19:14:44 GMT
server
AmazonS3
etag
"49f825371d8982d8de06f5633552e869"
x-amz-version-id
LmsHyLuEjv0us3zhyQB.56wR6EMGOymK
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
DFZlyHijcmzqFWeXOJ0Mcvyi8WQQwHWpk0rBRSguWf5NBBgww7KA-Q==
pls
capi.connatix.com/core/ Frame 0AF4 		14 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fd13552b5ad4c9348e8774af6d882d25101464bd7b997c11e2a7f7db0cf8c9b7

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
6243
config
c.amazon-adsystem.com/cdn/prod/ 		662 B
1019 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-255-177.dus51.r.cloudfront.net
Software
Server /
Resource Hash
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:55:16 GMT
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
server
Server
age
9638
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
DUS51-P2
content-length
662
x-amz-cf-id
643P2WxIy1-MBM4qR4o8n7KZ5JCUI8u4z1dMXKF4FPYjOpK0EKcYcQ==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-255-177.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
13364
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
date
Sat, 16 Apr 2022 04:53:12 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 5db4f6b1c04035a37ba6548e89b362be.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
ETlwQjQYokaPzGB-_34Rws3vdEtVYuZQhOGRWzL0upQ7QZLBbMoO6A==
vendor-list.json
qd.admetricspro.com/js/cmp2/ 		256 KB
39 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 31 May 2021 16:54:38 GMT
server
cloudflare
etag
W/"3ffae-5c3a314b5dcb2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qACsAGT%2BwpfwUgmJ79QPrtROQJ5z%2Bo94Cpm9N1PHoIfqgjJZPYxMbglWSq6R%2B2bNN4%2FbchFNwPUpVBB3%2FaHJnNNYIoK5IhRf0s9BHPN%2FHT3zn6QzKISmsNeg%2Frn%2FHncY1Fc0KsFFO8DFqnDsQmqQhni"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
6fcb971e7e4c90ba-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Sat, 16 Apr 2022 08:45:55 GMT
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.31.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-31-187.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Sat, 16 Apr 2022 08:50:55 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.202.126 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cacheable
Matched cache
x-cdn-pop-ip
137.74.120.0/27
date
Sat, 16 Apr 2022 08:19:34 GMT
content-type
text/javascript;charset=utf-8
cache-control
max-age=3600
x-cdn-pop
sbg
content-disposition
attachment;filename="id5-api.js"
accept-ranges
bytes
content-length
11181
x-request-id
1002834251
pubads_impl_2022041201.js
securepubads.g.doubleclick.net/gpt/ 		369 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js?cb=31067110
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:56:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52756
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127945
x-xss-protection
0
last-modified
Tue, 12 Apr 2022 08:36:14 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 15 Apr 2023 17:56:39 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		141 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101
x-xss-protection
0
expires
Sat, 16 Apr 2022 08:35:55 GMT
blockedDomains_13.bin
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 0AF4 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_13.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7074cb3fadd5faa68093bdff82e7c3d0fdc28e455b9b27735d180db690115da9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
last-modified
Mon, 04 Apr 2022 15:28:13 GMT
age
1011956
etag
"481cc5dacd27eba8f7179191b1d76f07"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
1343
sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
ba7191a02c744aa142257b09ca4a062062b2ecf19f5026de78d322ce4c81dac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28547
x-xss-protection
0
server
sffe
etag
"1188 / 850 of 1000 / last-modified: 1650060514"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 16 Apr 2022 08:35:55 GMT
2_media.bin
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ Frame 0AF4 		285 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/2_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2234f26d6e0fb2960f54e26f79953b9b3e957c44eaf0dc6e622e9996e682d8fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
last-modified
Fri, 19 Mar 2021 20:39:01 GMT
age
63204
etag
"d35eee94e024c2bf0311ab94b200d1c2"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
249
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 0AF4 		376 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2767df6736abef725fe8b1e39307f402dc27a7c8341f9354a8c1b883dcc563dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128424
x-xss-protection
0
expires
Sat, 16 Apr 2022 08:35:55 GMT
1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
age
2168013
etag
"CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age
86400
fastly-io-info
ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
6487
recaptcha__de.js
www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/ 		362 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3b3cb90a7ed89725522255170cc8b7a4b98d4f457ba4ebe222101e978d4ba15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 07:34:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3708
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
145700
x-xss-protection
0
last-modified
Sun, 10 Apr 2022 22:01:45 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 16 Apr 2023 07:34:07 GMT
id
dpm.demdex.net/ 		368 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1650098155562
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.240.59.138 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-59-138.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7fc6e2e09d4301ef1ff984079279e7106ab4c2f73b89781a866c73b51d7f3251
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v031-059bc47c2.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
I/1KKuTuSpc=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
312
Expires
Thu, 01 Jan 1970 00:00:00 UTC
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1124
date
Sat, 16 Apr 2022 08:17:11 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 16 Apr 2022 10:17:11 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Sat, 23 Apr 2022 08:35:55 GMT
uwt.js
static.ads-twitter.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
last-modified
Tue, 29 Mar 2022 00:09:12 GMT
etag
"8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
5410
x-served-by
cache-iad-kiad7000031-IAD, cache-muc13942-MUC
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/158870/ Frame 0AF4 		162 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
last-modified
Thu, 14 Apr 2022 07:01:28 GMT
age
178061
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
gtm.js
www.googletagmanager.com/ 		419 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4dd6a1f730784865345ee2d651995e0230eea7ab450aa74e7e32037032258761
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
109905
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 16 Apr 2022 08:35:55 GMT
ao
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 0AF4 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
fe026386fcd84fb3aad7ba6016aaa81846b4ab5782399b5de2100b84ec21bdc7

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
955
ps
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ 		8 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2936330cd46e98181cdbde407d3ecbe097b9b291d6259d7c78d545381126bfb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
age
74064
etag
"/IFB5utsL5MgEDGhrEY+53awAmUyTujME4mEUN830Ck"
access-control-max-age
86400
fastly-io-info
ifsz=75880 idim=2560x1440 ifmt=jpeg ofsz=7747 odim=400x225 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
7324
dest5.html
kaspersky.demdex.net/ Frame 88CA 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kaspersky.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.126.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-126-217.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v031-0dfae4012.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
4zGiVbs4Qc4=
content-encoding
gzip
date
Sat, 16 Apr 2022 08:35:55 GMT
last-modified
Wed, 13 Apr 2022 15:00:45 GMT
transfer-encoding
chunked
vary
accept-encoding
id
kaspersky.d3.sc.omtrdc.net/ 		2 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=75552733648771418692088814172376303976&ts=1650098155716
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7b6f4bb9f7-lzgwp
vary
Origin
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Ylp-6wAAAIYq2AQA
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=73868497542728440871343779965848463154
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Ylp-6wAAAIYq2AQA
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Ylp-6wAAAIYq2AQA
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Server
34.240.59.138 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-59-138.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v031-06c0bc431.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
XSJkmyVAQe8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Ylp-6wAAAIYq2AQA
Date
Sat, 16 Apr 2022 08:35:55 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
prebid6.7.0-1.js
cds.connatix.com/p/plugins/ Frame C72F 		456 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
last-modified
Wed, 09 Feb 2022 14:06:45 GMT
age
3965092
etag
"c647c6ead685f3c1b8ba4c8a5de1eb5a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
121193
rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/ 		2 B
353 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 07:44:58 GMT
via
1.1 43c19aee1cbb38bf37ea4d5265ba1f54.cloudfront.net (CloudFront)
server
AmazonS3
age
3057
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C1
content-length
2
x-amz-cf-id
QnFzX4hEPI3MafzyB1fp2u_bWWUdQv7cARicuaOl3j0dd1Tl9mGcdg==
adsct
analytics.twitter.com/i/ 		31 B
459 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8a1d02f7-0d8e-4b3c-a6ed-8c8a6ac95203&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
106
date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
server
tsa_o
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
6e8fa7fbb73d3b8a95e1432b91e7ce6ff0113a03fa8211b3bc8737cd3b97be29
content-type
application/javascript;charset=utf-8
content-length
57
adsct
t.co/i/ 		43 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=8a1d02f7-0d8e-4b3c-a6ed-8c8a6ac95203&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
106
date
Sat, 16 Apr 2022 08:35:55 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
474dd50f482151b2f9da58cd1f9d675b2a68bec0a9515f86faead17e30bfa396
content-length
43
playlist.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ Frame 0AF4 		309 B
248 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/playlist.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
last-modified
Fri, 19 Mar 2021 20:39:01 GMT
age
74065
etag
"8a966507b13615ecdc1330a4bc9dcfe1"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
164
bridge3.510.1_en.html
imasdk.googleapis.com/js/core/ Frame F3F4 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
118030
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209821
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Thu, 14 Apr 2022 23:48:45 GMT
expires
Fri, 14 Apr 2023 23:48:45 GMT
last-modified
Thu, 14 Apr 2022 23:44:31 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 0AF4 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 16 Apr 2022 08:35:55 GMT
bridge3.510.1_en.html
imasdk.googleapis.com/js/core/ Frame 1B33 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
118030
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209821
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Thu, 14 Apr 2022 23:48:45 GMT
expires
Fri, 14 Apr 2023 23:48:45 GMT
last-modified
Thu, 14 Apr 2022 23:44:31 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.510.1_en.html
imasdk.googleapis.com/js/core/ Frame 0465 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
118030
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209821
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Thu, 14 Apr 2022 23:48:45 GMT
expires
Fri, 14 Apr 2023 23:48:45 GMT
last-modified
Thu, 14 Apr 2022 23:44:31 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bid
c.amazon-adsystem.com/e/dtb/ 		64 B
533 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&pid=iNBkGH3reV5de&cb=0&ws=1600x1200&v=7.75.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-255-177.dus51.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
DUS51-P2
x-amz-rid
AKQETK3EV6EVB39F1CQE
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
5MCUj7lFW3ZyoWy29o_njGUYSBbB70bwxH8QPMLLdK6LQt9BWcBMJQ==
724.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.21.8 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p29.id5-sync.com
Software
/
Resource Hash
e83ff0916b6db59b1e99b7410f519b3564dd9d83e8814f5bae77284d0bdfe311
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Date
Sat, 16 Apr 2022 08:35:54 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
0.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ Frame 0AF4 		607 B
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/0.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
342605b22799d82793e47b7fa2eeeb339ca47d41cb07fd7598a2b980890aeb69

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
last-modified
Fri, 19 Mar 2021 20:39:00 GMT
age
74065
etag
"1ecbb5ed523fd478d0723a45a95b802e"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
248
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C3B5 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 07:36:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3585
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:36:10 GMT
localstore.js
script.4dex.io/ 		483 B
940 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
410203
x-amz-request-id
tx0c810f9b689a43feb0d6c-0062543d8e
x-amz-id-2
tx0c810f9b689a43feb0d6c-0062543d8e
last-modified
Mon, 11 Apr 2022 14:37:55 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Ophy8G1fOpaS2L5jgEnLo5HIDKpDyBLVPw%2BGq5B0HBrOzcKvKRshKYI%2BLYH4cmo%2FekQAX8h9mfxR9zHeTWmSuEHEszLfyEON7YUyk8bcAvLwBsc4eJ0NpTWQSRqFdkCa8Rg3VqS6wm8LUO6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1649687875786561
cf-ray
6fcb9722a80f9186-FRA
724.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.21.8 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p29.id5-sync.com
Software
/
Resource Hash
4f54e77ab88cca0fd0a3af9541749786583e63015054e4233a33dfdce6a03c7a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Date
Sat, 16 Apr 2022 08:35:54 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
bid
c.amazon-adsystem.com/e/dtb/ 		64 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&pid=iNBkGH3reV5de&cb=1&ws=1600x1200&v=7.75.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.255.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-255-177.dus51.r.cloudfront.net
Software
Server /
Resource Hash
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
via
1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
DUS51-P2
x-amz-rid
R4SY7PP20091YT5YVDNE
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
5u9wlaopT1DuHr8pwhiOcTVzY4UdpRnqpRCfHVaW_XPJXFzkODVbyg==
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6C3A 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 07:36:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3585
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:36:10 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1226 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 07:36:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3585
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:36:10 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=2031242993&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=2082937048&gjid=1108806030&cid=1797681163.1650098156&tid=UA-35676203-21&_gid=1798834588.1650098156&_r=1&gtm=2wg4d0PM29HLF&z=1423639285
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=2031242993&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1797681163.1650098156&tid=UA-35676203-21&_gid=1798834588.1650098156&gtm=2wg4d0PM29HLF&z=1295797216
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Apr 2022 09:40:42 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
82513
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://threatpost.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://threatpost.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://threatpost.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://threatpost.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
mvo
tag.1rx.io/rmp/233098/0/ Frame C72F 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
mvo
tag.1rx.io/rmp/233148/0/ Frame C72F 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
avjp
teachingaids-d.openx.net/v/1.0/ Frame C72F 		106 B
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=aeae4980-c21a-405c-b22a-3df59c8e3496&nocache=1650098155980&gdpr=0&pubcid=ce4ebed7-a575-4b57-869f-65103eae5470&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 google
server
OXGW/18.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame C72F 		106 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=1df367c5-b688-43db-9a11-1fc1e4e84f90&nocache=1650098155982&gdpr=0&pubcid=ce4ebed7-a575-4b57-869f-65103eae5470&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 google
server
OXGW/18.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
mvo
tag.1rx.io/rmp/216475/0/ Frame C72F 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
c
prebid.a-mo.net/a/ Frame C72F 		0
347 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:55 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
14
vary
origin, Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ Frame C72F 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
80f91a29c82d5fde195df816681bb4c5d702bb683688db356b9c3ea26277251d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:56 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
f5312d94-d0fd-4d3b-bf37-3e3818e4c290
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
htlb.casalemedia.com/ Frame C72F 		37 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%22159028e88142266%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22163c3eeb887cc85%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ce4ebed7-a575-4b57-869f-65103eae5470%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.100.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-100-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
98ea9fa6d4b3f0d5589e686c9ed57fc3bd4e6ad5f89bdea1ffa5dd4b3467cabc

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.162], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Sat, 16 Apr 2022 08:35:56 GMT
cygnus
htlb.casalemedia.com/ Frame C72F 		37 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%221709bc13108408d%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221847add9e7a259d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ce4ebed7-a575-4b57-869f-65103eae5470%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.100.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-100-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3f69aa3a3561b921a4d84ac2778cceab67241b021c055a04338dffbb172a1db9

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.162], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Sat, 16 Apr 2022 08:35:56 GMT
translator
hbopenbid.pubmatic.com/ Frame C72F 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ Frame C72F 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:56 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ Frame C72F 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
f11c6031ca3c508bf2f56da52fb5799e93999cf6c35b5668333a09e8bb4eb67a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:56 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a4c0ad00-f9b0-43be-a889-0dd77813dc85
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/216476/0/ Frame C72F 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
bidRequest
c2shb.pubgw.yahoo.com/ Frame C72F 		66 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
0d8869d84962b393799fec91b2ea9b19610907a444f82a02f3ce0116d29a7e2c

Request headers

Referer
https://threatpost.com/
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
66
bidRequest
c2shb.pubgw.yahoo.com/ Frame C72F 		66 B
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
219f3ba8ea938e8f531e190d5e0b3d3fabec6f2cf765b85ac11b2eef4c93675d

Request headers

Referer
https://threatpost.com/
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
66
bidRequest
c2shb.pubgw.yahoo.com/ Frame C72F 		66 B
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
155e83f6818321fc885180acb03ae7e04ebef5de34a4980ca90c62aacf4ace73

Request headers

Referer
https://threatpost.com/
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
66
bidRequest
c2shb.pubgw.yahoo.com/ Frame C72F 		66 B
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
a456bf28a5123773ddbda9e5c9d4ac572ab1e11874353ad8cea7119f52ad3128

Request headers

Referer
https://threatpost.com/
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
66
flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 		236 B
563 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-ec"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
236
x-amz-cf-id
DZz8u_Z-9QISpMHI_PDydwaX6F-GYeU74iidPRVo1CKM7H46cn2arA==
fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:5600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ded7e65d
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)
last-modified
Mon, 11 Apr 2022 13:15:49 GMT
server
nginx
x-amz-cf-pop
DUS51-P2
etag
"62542a05-12d68"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
77160
x-amz-cf-id
erKUk0rQcQPM-ob4qj7dVCUgYhQErwIjKwVFcWon_IRWlk-Cq6VmRA==
v1
geo.ipify.org/api/ 		454 B
643 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),
Reverse DNS
threatintelligenceplatform.com
Software
nginx /
Resource Hash
1f745160d3a4d10e65d3bec72d44435bbea540e4398167995b3b88f30bb132da
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
auction
tlx.3lift.com/header/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tmax=1200&gdpr=false
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.84.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-84-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
f55265270de9453566191c1964020f9f32a8af865fc7835516112af11878f851
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
gzip
accept-ch
sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
1639
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
arj
teachingaids-d.openx.net/w/1.0/ 		174 B
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=183ef437-b163-4d08-8360-faf0aeb61b3e%2C183ef437-b163-4d08-8360-faf0aeb61b3e%2Cb233cb04-556d-48bf-ac59-d1fb6e6474d8%2C7577b854-2e9d-4176-9ce8-efc240721303%2C7577b854-2e9d-4176-9ce8-efc240721303&nocache=1650098156149&gdpr=0&x_gdpr_f=1&pubcid=ce4ebed7-a575-4b57-869f-65103eae5470&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
0a628086981f0dc7fc8c9eee0ef1096874c75c8b0275335c8a24fc99633bc027

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		4 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=183ef437-b163-4d08-8360-faf0aeb61b3e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2991404298136857
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
0bf9c5aa79c391d8c058e342b9510d1341ed5e4b750a7767568c012f3d667f9c

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:56 GMT
Content-Encoding
gzip
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
1917
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		609 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=b233cb04-556d-48bf-ac59-d1fb6e6474d8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.44231958571639085
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
0c1dac07d5320fcab30e974fef7d432f3944f529b928c7a0df1b56133e81f21a

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
609
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		609 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=7577b854-2e9d-4176-9ce8-efc240721303&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.28535144992105543
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
71ea16faa5f8c07405435763484bd6597c6b7c9e2bae4aaefad26e8d2dd9c23e

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
609
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		609 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=7577b854-2e9d-4176-9ce8-efc240721303&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.25490218096508355
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
888e1d6b87f7dddfe8cef180a9371668d144834aff03916fbbfb663e9e548f29

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:56 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
609
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
mp.4dex.io/ 		114 B
558 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
367efe36fb18b5432c84e6848d5b40f0b97af61c2db17edecd36d27816ecdbf9

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
6fcb972449e86957-FRA
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 google
cf-cache-status
DYNAMIC
x-warn
Selecting bids. No selected bids
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
server
cloudflare
expires
0
mvo
tag.1rx.io/rmp/216477/0/ 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
c
prebid.a-mo.net/a/ 		0
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:55 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
288
vary
origin, Accept-Encoding
v2
e.serverbid.com/api/ 		711 B
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:55 GMT
access-control-allow-credentials
true
content-length
711
vary
Origin
content-type
application/json
prebid
ib.adnxs.com/ut/v3/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
41e10243ef36e5dcb16f6be77746c3bac6c16c94ad27b827c1d15cde773d51fb
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 16 Apr 2022 08:35:56 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
f731be02-4a5c-4b28-b3b5-cc151bcd3b6c
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
ap.lijit.com/rtb/ 		94 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
420bce394b49bb01fc2f82089d5b3793b6a9ae2d53e60b08dd9a2d532eb0a7a3

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 16 Apr 2022 08:35:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
467a2cd5ed135cb8eb65567637979c6519d6b41e3f5d93375c81a66d18f8651d

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
a1f51498df355a283f64c074b908a09e8c2f8dbdbce6d805263c3ca350680fcf

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
97e30ed7d9fc7fbf9fc24ec44cf8e4b7dfab13821d00dcc476b2bdad053cbbc7

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
cygnus
htlb.casalemedia.com/ 		37 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%224666820d9429df1%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2247f60a2ebb76427%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%224856d6358cbcbdb%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22492689210caad48%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.100.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-100-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cbd89112d374e4faf23af4d9cb78221371834a829a152a06005aaf2e8c8282f4

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.162], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Sat, 16 Apr 2022 08:35:56 GMT
adreq
ads.servenobid.com/ 		548 B
606 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=8668
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
cd3767c9daaaaf6b31ba6dd8821d1cf09594ffdddb05a60b81d960aa4e2f44e9

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:55 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.253.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.253.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:56 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.253.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Sat, 16 Apr 2022 08:35:56 GMT
access-control-allow-credentials
true
vary
Origin
pixel;r=1269657213;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;uht=2;fpan=1;fpa=P0-2018618797-1650098156179;pbc...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1269657213;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;uht=2;fpan=1;fpa=P0-2018618797-1650098156179;pbc=ce4ebed7-a575-4b57-869f-65103eae5470;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1650098156179;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F06%2F03094019%2Fphish%2Ctype.article%2Ctitle.Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%252C000%25%2Cdescription.Sneaky%20attackers%20are%20flipping%20backslashes%20in%20phishing%20email%20URLs%20to%20evade%20protec%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=1797681163.1650098156&jid=2082937048&gjid=1108806030&_gid=1798834588.1650098156&_u=YEBAAEAAAAAAAC~&z=335423323
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 16 Apr 2022 08:35:56 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ Frame 0AF4 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
726c158c620b166f015fd694cca30ac24abd16054ad7bc7c21b87288c37bebf1

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=0-1361

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
last-modified
Fri, 19 Mar 2021 20:39:00 GMT
age
74064
etag
"9cf394a8cd47f11c2f12346609049e21"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 0-1361/4906560
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1362
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ Frame 0AF4 		611 KB
611 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f8b0b39d9f8ab49977cfe084c90dd9bb60fa12cf4e9cfb01c765547f3da69763

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=1362-627011

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
last-modified
Fri, 19 Mar 2021 20:39:00 GMT
age
74064
etag
"9cf394a8cd47f11c2f12346609049e21"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 1362-627011/4906560
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
625650
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:55 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1797681163.1650098156&jid=2082937048&_u=YEBAAEAAAAAAAC~&z=274612099
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1797681163.1650098156&jid=2082937048&_u=YEBAAEAAAAAAAC~&z=274612099
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adagio.js
script.4dex.io/ 		72 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c842fa8019eafc4beae4bd989e2c486d3ecd7a407edb21804c35a1726a90fec7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
409400
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx3313fc024d064c7d97e57-0062543f7b
x-amz-id-2
tx3313fc024d064c7d97e57-0062543f7b
last-modified
Mon, 11 Apr 2022 14:37:55 GMT
server
cloudflare
etag
W/"e88bab2e9c57f44732eeec31ca508d70"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmvwFxC8za6cuaJeXSnjQWZRmK5cp9VePn%2FF3PI8YwxDGOfm5aonV7F3aKiekamnAsuuJBlpUwYyTW6NTsi%2FbQfAFKZyAHrjZlSCKm5ICoyD%2B3KV7DzfRSBbdLZgyJ9NzfdiCFCJI0qpfv2Q"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1649687874851815
cf-ray
6fcb9725be5391db-FRA
access-control-allow-headers
Authorization
web-vitals.umd.js
unpkg.com/web-vitals@2.1.4/dist/
Redirect Chain
  • https://unpkg.com/web-vitals
  • https://unpkg.com/web-vitals@2.1.4
  • https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js
Protocol
H2
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52cac1193a3683e35353723a38e01a9bcc0c5f9bf2be42d29c96905527c7923d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
76158
fly-request-id
01G0PFK76H80T0G3R7S6AWD5HW-fra
content-encoding
br
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"120b-0F8cYs4ysxGP6ebngBlASGivDqM"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6fcb97271b479055-FRA

Redirect headers

date
Sat, 16 Apr 2022 08:35:56 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01FT83ND76WY93QPZTKSWQBGK8
server
cloudflare
age
7000883
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
location
/web-vitals@2.1.4/dist/web-vitals.umd.js
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6fcb9726db059055-FRA
access-control-allow-origin
*
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2031242993&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&dp=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=1694938199&gjid=707777391&cid=1797681163.1650098156&uid=75552733648771418692088814172376303976&tid=UA-63997723-2&_gid=1798834588.1650098156&_r=1&gtm=2wg4d0WZ7LJ3&cd14=no_locale&cd15=75552733648771418692088814172376303976&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36&cd16=1797681163.1650098156&z=604986854
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1125
date
Sat, 16 Apr 2022 08:17:11 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 16 Apr 2022 10:17:11 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ef::5c7b:c25a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=36343
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
js
www.googletagmanager.com/gtag/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9582686
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
06a793927feca2f42aa3fcd56a2af58ae8314adb1229088c722e04de7add4b02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38133
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 16 Apr 2022 08:35:56 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/ Frame 0AF4 		602 KB
602 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/58961995-4879-4d26-a059-da519b41d0e7/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/158870/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d4ebd98a601019bccb9240ed20ecf6dd6c3c35c6fb48ed879ca8a8856595bda4

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=627012-1243223

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
last-modified
Fri, 19 Mar 2021 20:39:00 GMT
age
74064
etag
"9cf394a8cd47f11c2f12346609049e21"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 627012-1243223/4906560
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
616212
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=1797681163.1650098156&jid=1694938199&uid=75552733648771418692088814172376303976&gjid=707777391&_gid=1798834588.1650098156&_u=aEDAAEABAAAAAC~&z=1737086544
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 16 Apr 2022 08:35:56 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
mq
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/mq?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1650098156624%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmalfo...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQIFy...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQIFysTrF1tvMQAAAYAxg7ZP_nK-KryT4UyXIZqiF8yikpnJFAw3ksJvW9q43nvuHkQ_gaE7
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: A8DB3199982F419C9CC00CFBD9978172 Ref B: FRAEDGE1513 Ref C: 2022-04-16T08:35:57Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXcwWqDHTyT/xW0ZugBBg==
x-li-fabric
prod-lor1

Redirect headers

date
Sat, 16 Apr 2022 08:35:57 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: B633BC50DD3B4F738F297FE6DDC3874A Ref B: FRAEDGE1119 Ref C: 2022-04-16T08:35:57Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1650098156624&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQIFysTrF1tvMQAAAYAxg7ZP_nK-KryT4UyXIZqiF8yikpnJFAw3ksJvW9q43nvuHkQ_gaE7
x-li-proto
http/2
content-length
0
x-li-uuid
AAXcwWp/+zXw0XlNZUxhZQ==
js
www.googletagmanager.com/gtag/ 		178 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a305e296b3c2a3fba17a5f6b6394e00fecf59a31c26b94649ff8c37c7ba81539
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67041
x-xss-protection
0
expires
Sat, 16 Apr 2022 08:35:56 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1797681163.1650098156&jid=1694938199&_u=aEDAAEABAAAAAC~&z=36703647
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1797681163.1650098156&jid=1694938199&_u=aEDAAEABAAAAAC~&z=36703647
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-p...
9582686.fls.doubleclick.net/ Frame 9BAF
Redirect Chain
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url...
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=...
774 B
531 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9582686.fls.doubleclick.net/activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
41b3f13650df6ad8c9b57f97400941950670a85cf7b0d9029f9025a599db7aee
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
506
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9582686.fls.doubleclick.net/activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe4d0&_p=2031242993&sr=1600x1200&_z=ccd.AAB&ul=en-us&cid=1797681163.1650098156&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sid=1650098156&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20malformed-url-prefix-phishing-attacks-spike-6000%2F164132&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=75552733648771418692088814172376303976
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		63 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3912258181573074&correlator=4412344823961854&eid=31060438%2C31067110%2C44761477%2C31061829%2C31066184&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681&sfv=1-0-38&ecs=20220416&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_rubicon%3D676d0fffd86ef1%26hb_bidder_rubicon%3Drubicon%26dyn_bids%3D0.20%26hb_adid%3D676d0fffd86ef1%26hb_bidder%3Drubicon%7Camznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D6591b93ddc3c0d4%26hb_bidder_triplelift%3Dtriplelift%26dyn_bids%3D0.15%26hb_adid%3D6591b93ddc3c0d4%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D661081fa1c792ed%26hb_bidder_triplelift%3Dtriplelift%26hb_adid_appnexus%3D648f045fd1fbd76%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.15%26hb_adid%3D661081fa1c792ed%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F%26urlquery%3Dgoogfc%26contentid%3D164132%26category%3Dmost-recent-threatlists%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1650098156949&lmt=1650098156&dlt=1650098153903&idt=1759&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0&adys=8%2C166%2C1212%2C8&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0&msz=728x0%7C300x0%7C300x0%7C1600x0&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&ga_vid=1797681163.1650098156&ga_sid=1650098157&ga_hid=2031242993&ga_fc=true&btvi=0%7C0%7C1%7C0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js?cb=31067110
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
036b61e6b5f8ccedeb8c12de2d0aa066ed0129599e1c5907eec34c30f9949c49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12544
x-xss-protection
0
google-lineitem-id
-1,5697900447,5697900447,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,138350331135,138350331417,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041201&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js?cb=31067110
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68192768a821bf219008fa53520e8dde0f2b24ee3bb98af0b4ae764f4c39e73b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10704
x-xss-protection
0
container.html
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9343 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js?cb=31067110
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:57 GMT
expires
Sun, 16 Apr 2023 08:35:57 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
s61197521171596
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 		43 B
246 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s61197521171596?AQB=1&ndh=1&pf=1&t=16%2F3%2F2022%208%3A35%3A56%206%200&mid=75552733648771418692088814172376303976&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20malformed-url-prefix-phishing-attacks-spike-6000%2F164132&g=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20malformed-url-prefix-phishing-attacks-spike-6000%2F164132&v9=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220414%3A289%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=75552733648771418692088814172376303976&v116=1797681163.1650098156&v125=0.44452350457909007_1650098155564&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:56 GMT
x-content-type-options
nosniff
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 17 Apr 2022 08:35:56 GMT
server
jag
xserver
anedge-7b6f4bb9f7-kwm64
etag
3543558808716410880-4619765551984124765
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Fri, 15 Apr 2022 08:35:56 GMT
dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phis...
adservice.google.com/ddm/fls/i/ Frame 204C 		773 B
975 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Requested by
Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0110a6e4d589bcbdacb5f52fce50bb67bf65d2316469adc080a59897f3e44e7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://9582686.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
506
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:57 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:35:57 GMT
dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phis...
adservice.google.de/ddm/fls/i/ Frame 243E 		194 B
870 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CION8dOWmPcCFRIHBgAdTyoICw;src=9582686;type=globalc;cat=globa0;ord=9742943635467;gtm=2od4d0;auiddc=1990330182.1650098157;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=75552733648771418692088814172376303976-1797681163.1650098156;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
177
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:57 GMT
expires
Sat, 16 Apr 2022 08:35:57 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8C6F 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
4413
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 07:22:24 GMT
expires
Sun, 16 Apr 2023 07:22:24 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 4AAD 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
56e56345d064e91c9c4d9c776fe8f808a8756ab983255eeca4cdbff243a0f21f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-/u26Dm1mCHSaPgzTTuidjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-/u26Dm1mCHSaPgzTTuidjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:57 GMT
expires
Sat, 16 Apr 2022 08:35:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar
pagead2.googlesyndication.com/pagead/ Frame 4AAD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041201&jk=3912258181573074&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame 8C6F 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 06:23:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
7949
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 16 Apr 2023 06:23:28 GMT
container.html
56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F127 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:57 GMT
expires
Sun, 16 Apr 2023 08:35:57 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bl-39123b0-21832b7e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 8A31 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-21832b7e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99b874c4939eaa83ab36ff4e0d2863ce2092cee1d35b09ae298ccfa996aa4c3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 19:25:54 GMT
content-encoding
gzip
age
47404
x-cache
Hit from cloudfront
content-length
18263
x-amz-meta-git_commit
39123b0
last-modified
Fri, 15 Apr 2022 19:14:44 GMT
server
AmazonS3
etag
"49f825371d8982d8de06f5633552e869"
x-amz-version-id
LmsHyLuEjv0us3zhyQB.56wR6EMGOymK
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
_oZb2JgmeV4ecfug6F-noghvOiaRUhvrsPnAhKVSdJhPtbRLL3odCg==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 8A31 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
16976227
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
S35UfX-ZAG_KQ9F1b9M6bWkQuy2_qWmE88yVKcsc1VN-e1HI1fqmVQ==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8A31 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:35:57 GMT
bl-39123b0-21832b7e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 81BE 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-21832b7e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99b874c4939eaa83ab36ff4e0d2863ce2092cee1d35b09ae298ccfa996aa4c3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 19:25:54 GMT
content-encoding
gzip
age
47404
x-cache
Hit from cloudfront
content-length
18263
x-amz-meta-git_commit
39123b0
last-modified
Fri, 15 Apr 2022 19:14:44 GMT
server
AmazonS3
etag
"49f825371d8982d8de06f5633552e869"
x-amz-version-id
LmsHyLuEjv0us3zhyQB.56wR6EMGOymK
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
kggtZGUwiBIJPi_mUWofY7qGE2K1ZfWaqy1Qu55F1W43XrgX_QKMEA==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 81BE 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
16976227
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
qxFN9IOAlA_fMVUdL0OUv-qNkdz1EpDZPsoQB2g5tKQTfOUvc34BtA==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 81BE 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:35:57 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 81BE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstA2FsiUP5odLTRbgiqdaUP_UczPfftanpqAuNnv8wPaz1Qbl6zwos31UigG1gE8mmy9-uGZkfe0ULtnS7fmxZLFnH5kwYuwVKI7_9u18SW85iOEYK16FE0n-SPTw2iooau42WjwVpGx-0udvHkp8XWKjR_EDWh6SpW2gn_60LmOnk_Q7I8u1H4snJE0JTvG_veuzezwfMjm-Ji7YkRuDfW-peIjQ7WlGl7al-amos6gckUXlnwwxNMfe2Zt1p2h0yAqN-tIgRvMiORGbpNK_FW3H4QWZb6yxgKLkFARlcZwJkZTkyM7FLwaKWHgv_z0QZs5crqHA&sai=AMfl-YTyUjzLZk7-VjhH2tVKZdJM5YdGBHqDybmlu_d_pfdxNUx5fHAsBZ5lqZHXrtlj14m4JReYzVci4N9FpjpCeqzM-VdUgHWrBBcFvnUHuGYaagFWqgSpFymthFmKR7lN&sig=Cg0ArKJSzAWHZQP8776tEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 08:35:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 16 Apr 2022 08:35:57 GMT
ttj
ib.3lift.com/ Frame 81BE 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/ttj?inv_code=Threatpost_ROS_HDX
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
/
Resource Hash
ddc30e7e4d1bfa3161c4b6ecb34ab48de620162fb9a06434bfa2a92d632860a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
etag
"707b1089d703b24d52d3b5d6f3f0a85031addfc5"
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
content-encoding
gzip
content-length
2027
x-amz-cf-id
GuGjO4lsVuu7HSqOjeR3qxw82VRb4Yb5jdJ7FCnKVwRAVUf307ri3A==
notify
tlx.3lift.com/header/ Frame 81BE 		37 B
183 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tlx.3lift.com/header/notify?px=1&pr=0.151&ts=1650098156&aid=12994800955978062091162&ec=3690_62334_10406291&n=GgDyAtYBCAASFzEyOTk0ODAwOTU1OTc4MDYyMDkxMTYyGAAgASjqHDD%2B5gNAAUgAUABgCmgAcKOAA5ABAJgBAKgBALABxgG4AQXAAZcByAHGAeABD%2FABAPgBxgGAApcBiAIPkQIAAAAAAADwP5kCuB6F61G4zj%2BhAgAAAAAAAPA%2FqAIAsAIAyAIE2AIA8QJmZmZmZmbmP%2FgC4TiAA6wCiAPYBJADAJgDAKADALgDsf0SwAMAyAMA0gMIMTA0MDYyOTHgA%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwHpAwAAAAAAAAAA8APGAfgCDIgDAJIDBDM5OTWYAwCgA9qpBKgDAA%3D%3D
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.84.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-84-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
expires
Thu, 15 Oct 1992 20:10:00 GMT
pe
eb2.3lift.com/ Frame 81BE 		37 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/pe?fid=10&peid=0&aid=12994800955978062091162
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
view
securepubads.g.doubleclick.net/pcs/ Frame 8A31 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQ7aQgWJHJVZmbFthOWMjb1e5qrW3FV248EU6-1JqFGpax6x97xcLw3SWl5PilIF-JP7S1iN-CqwkjclAtgvD5uhn2pACooCGxc1ggPAx00NuPhLgWO4RrpdeH4PfdoHsgUjip-Lp2M5x0eTDDxG2fzCcoGcz_QlPfqncvnrd9_VJANfLtzu92PuzfXw9OiFoXrbtvrw3XONEK8_9mFR3lsZvj5aSVU19RNAASIHuuCMpLOYqg9ksRAqvUNLN_Cg8UZaT0ppt5WNniyKf6Q45vTch-YRmO9HrIOFZD6LCze6YVeNlSICzNmeyPsdzgK2QkFaN0Jg&sai=AMfl-YSc7V2Xvu7JmH0fsKKS8Ge60AwjEKUQl4P4416CLCjnBwetnr1LCskLa6pCdc-lbVUdhDd-C4oigzig3Spu1gIP-A37-C6Z3E7OfhPd6O2J1EPoBY8zZFLNyMbP4vdw&sig=Cg0ArKJSzEeuRbYW4qzrEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 08:35:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ttj
ib.3lift.com/ Frame 8A31 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/ttj?inv_code=Threatpost_ROS_HDX
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
/
Resource Hash
ddc30e7e4d1bfa3161c4b6ecb34ab48de620162fb9a06434bfa2a92d632860a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
etag
"707b1089d703b24d52d3b5d6f3f0a85031addfc5"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
content-encoding
gzip
content-length
2027
x-amz-cf-id
0NNUzg6o29ZGOHHp3Qcr8AYAIkZGysGHmEqO2UAQl_fSrRyjokKLMQ==
notify
tlx.3lift.com/header/ Frame 8A31 		37 B
183 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tlx.3lift.com/header/notify?px=1&pr=0.151&ts=1650098156&aid=12994800955978062091161&ec=3690_62334_10406292&n=GgDyAtYBCAASFzEyOTk0ODAwOTU1OTc4MDYyMDkxMTYxGAAgASjqHDD%2B5gNAAUgAUABgCmgAcKOAA5ABAJgBAKgBALABxgG4AQXAAZcByAHGAeABD%2FABAPgBxgGAApcBiAIPkQIAAAAAAADwP5kCuB6F61G4zj%2BhAgAAAAAAAPA%2FqAIAsAIByAIE2AIA8QJmZmZmZmbmP%2FgC4TiAA9ACiAOYApADAJgDAKADALgDsf0SwAMAyAMA0gMIMTA0MDYyOTLgA%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwHpAwAAAAAAAAAA8APGAfgCDIgDAJIDBDM5OTWYAwCgA9qpBKgDAA%3D%3D
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.84.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-84-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
expires
Thu, 15 Oct 1992 20:10:00 GMT
pe
eb2.3lift.com/ Frame 8A31 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/pe?fid=10&peid=0&aid=12994800955978062091161
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
bl-39123b0-21832b7e.js
tagan.adlightning.com/math-aids-threatpost/ Frame F127 		43 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-21832b7e.js
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
99b874c4939eaa83ab36ff4e0d2863ce2092cee1d35b09ae298ccfa996aa4c3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 19:25:54 GMT
content-encoding
gzip
age
47404
x-cache
Hit from cloudfront
content-length
18263
x-amz-meta-git_commit
39123b0
last-modified
Fri, 15 Apr 2022 19:14:44 GMT
server
AmazonS3
etag
"49f825371d8982d8de06f5633552e869"
x-amz-version-id
LmsHyLuEjv0us3zhyQB.56wR6EMGOymK
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
QK67ybDnr-Kntr45b9ie1YUqk6eLJ2tGW3yHfOuaJk12HhXVpUBZ6A==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame F127 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.7.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-7-86.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 20:58:51 GMT
content-encoding
gzip
age
16976227
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
c0r9tRkmoEVejmxMMW1266mmRVbcP8OWt_oV-VoBKusaPeXXlgZ-7g==
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame F127 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:33:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
140
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 08:33:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F127 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 08:35:57 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame F127 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:23:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
772
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 08:23:05 GMT
l
www.google.com/ads/measurement/ Frame F127 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaREfrcPeT4RcOgozO_8TrmajZuYNXDr3q6CxXOYcBsnH6kPfIkBsuHsS-_Clihp0ZRXm7jlNfO1XV42L9KAVETpHXU9eg
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
ext.js
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame F127 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 14 Apr 2022 14:23:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
151921
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7022
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 14 Apr 2023 14:23:56 GMT
sv
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sv?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
bundle.js
ib.3lift.com/rev/11f0e47a011a99e3dfda4319527b7a1b775cf7dd/dist/ Frame 8A31 		254 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/rev/11f0e47a011a99e3dfda4319527b7a1b775cf7dd/dist/bundle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71694d8ed80c586236db505697b3e29535c6bcefbb7b1ce3880e5c4bd5349227

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 22:31:34 GMT
content-encoding
gzip
last-modified
Wed, 06 Apr 2022 22:31:18 GMT
server
AmazonS3
age
813864
etag
"14ff31543d853139c5782ead225ac441"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
cache-control
max-age=31536000, immutable
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
82572
x-amz-cf-id
_hiuw0G61bpeBNWFDVr_S9bkKUndr-LXwQRoLxfc667qs-1R8hOxCw==
truncated
/ Frame 8A31 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e3c200db8d6aa0d7fbe2928105b7462b90f1f8f0d0a4a76542232a69f3db526

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
bundle.js
ib.3lift.com/rev/11f0e47a011a99e3dfda4319527b7a1b775cf7dd/dist/ Frame 81BE 		254 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/rev/11f0e47a011a99e3dfda4319527b7a1b775cf7dd/dist/bundle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71694d8ed80c586236db505697b3e29535c6bcefbb7b1ce3880e5c4bd5349227

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 22:31:34 GMT
content-encoding
gzip
last-modified
Wed, 06 Apr 2022 22:31:18 GMT
server
AmazonS3
age
813864
etag
"14ff31543d853139c5782ead225ac441"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
cache-control
max-age=31536000, immutable
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
82572
x-amz-cf-id
48HXhjmQKMRjiODSOh2jHXDJxezj51KviO0CeDMPBHD4ryJdP_3EcA==
truncated
/ Frame 81BE 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5ce50e5b6152a1061b5f4ebf63df50bcdb10e77ee99d16cb6563f8b694aa4800

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame F127 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CSXeB7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmAJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08qzbdRrKY1UqBVpykimHOvT_GpinaUSObmSTEeDlOz9hxMBi9XJlQ4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNDExMzY4MTg4MjMxMTQ1NRiE23s&sigh=JzlLS1TCEKc&uach_m=[UACH]&cid=CAQSPwCNIrLMb6pzi9BpCTr3KGSB4M9Hqn5HtqYjZXGmea8rDtbNQ19Zvk5yqXeMcllkOyB7GQo29xHIHtw9P05GuhgB
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
notify
rtb.fr.eu.criteo.com/google/auction/ Frame F127 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=U_znEuv_CsoH-gGdg2ICAgAAAKSanEVOk8FnJ8e-GXlf00gQ7H9aYo8VfIL1GOGXDNkVABI&wp=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
server
Kestrel
server-processing-duration-in-ticks
216744
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame 4AA2 		150 KB
48 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Requested by
Host: 56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
URL: https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
b3600913fd354dfbb39a489a1559727616f4797a8748907c3c8b58c1b85e9c61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:35:58 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=qr1D0EMtaS1Vj_8dYDPTCsRHSvD7gscXOyY54SyXrA09thopL_lgHWrHQ8_KMa3kTYMAhNc02_VJaVrj2z3xnW1VVj56vD2lxfAMr86s1_kvgXDfKqhcfq67cJ0K_Jy0smW4QEu5EjLCNx2QjanEKiNtUL73T3Pg32I-dlxb-MiuANRvwyFxe2bz4fFc_uvCASfyCMpWmhNgs9TUnjjURxpS3Kt_RkKQpnn96V2MHizsiVCPRqazLrog8qjrXzGgNG9xPA"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
92439531
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
truncated
/ Frame F127 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e268152d0d18c09c5a0281df0453846a57a9cbbf74d53d71590f770f38015761

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
r
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/r?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091161&rev=11f0e47&pr=un&bc=0.198&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10406292&crid=-1&ts=1650098156&bcud=198&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F&rr=creative&fid=10&rb=0&g=0&cb=54183
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
truncated
/ Frame 6747 		26 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame 8A31 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 03:36:58 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:36 GMT
server
AmazonS3
age
536341
etag
"ddf020e069f1706b72b7698b28fede09"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
3125
x-amz-cf-id
GujqIhn7oorAijunBp1cgmKOQ-FqBegez0hQIRnKs7BUXve833rDpg==
OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame 8A31 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 22:40:56 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:31 GMT
server
AmazonS3
age
381303
etag
"7ceab27af00fa466072a3c3360041755"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
3518
x-amz-cf-id
xqMeoK-uIm-G01pzYcBaOamHRcOgAlzPkMugMjZuFYWRV70LWBQzIA==
ctar
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ctar?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091161&rev=11f0e47&cta_render_method=1&cta_render_text=&cb=44810
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
js
tags.mathtag.com/notify/ Frame 313D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvWVdVNE5EWXpOMll0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNzcyNDkyMzg3MzQ2MjM4MjYvMTA0MDYyOTIvMTExNDI0ODEvNjIvY0hkRXZoNjNwSFZyajV0bEM4VGpzd0tZVmxWY0F2VHo4LTFoNUVMM0FpRS8xLzYyLzAvMC8xODUzOTIxLzMxMTc3ODM5NzAvMjE1NTQzLzExMjkyNzQvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC82Mjc3MjQ5MjM4NzM0NjIzODI2L3pyaC8wLzEwMDAyLzU5Lzk5OS8yNTgvMTg1LjIxMy4xNTUuMC8wLjAwMC8xNjUwMDk4MTU2LzE2NTAxMTA3NTYvNjIvOTI4Ni8/W-jYTNkx0KecHfZumDvt400nWM8&nodeid=2802&group=zrh&auctionid=6277249238734623826&shardkey=6277249238734623826&sid=11142481&cid=10406292&price=0.198&bp=a_bjiibd&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.139
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.308.0 /
Resource Hash
0c74419e28e8a390517789839cc898b379d1ac980cc75100c9e9ac42617a8541

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:58 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1650098156
Last-Modified
Sat, 16 Apr 2022 08:35:56 GMT
Server
MMBD/3.308.0
x-mm-latency
160 (1)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
pao-router-x80, zrh-bidder-x157
Connection
close
Content-Type
application/x-javascript; charset=UTF-8
Expires
Sat, 16 Apr 2022 08:35:57 GMT
aop
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/aop?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091161&rev=11f0e47&pr=un&bc=0.198&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10406292&crid=-1&ts=1650098156&bcud=198&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F&rr=creative&fid=10&rb=0&g=0&cb=75861
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
sync
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
04b54f057a4576212021f7954ba8b067e3214f04cfa1116300d2e3079d9906d7

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
462
content-type
text/html; charset=utf-8
date
Sat, 16 Apr 2022 08:35:58 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Sat, 16 Apr 2022 08:35:58 GMT
location
/sync?max=10&gdpr=false&cb=75922&ld=1
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
r
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/r?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091162&rev=11f0e47&pr=un&bc=0.198&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10406291&crid=-1&ts=1650098156&bcud=198&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F&rr=creative&fid=10&rb=0&g=0&cb=53963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame 81BE 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/11f0e47a011a99e3dfda4319527b7a1b775cf7dd/dist/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 03:36:58 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:36 GMT
server
AmazonS3
age
536341
etag
"ddf020e069f1706b72b7698b28fede09"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
3125
x-amz-cf-id
wDZ3ClxmCyq2niqnUcMRFY2wYMbrOqoDT7osTvkc65o0KAOII2kF3g==
OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame 81BE 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/11f0e47a011a99e3dfda4319527b7a1b775cf7dd/dist/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.202.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-123.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 22:40:56 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:31 GMT
server
AmazonS3
age
381303
etag
"7ceab27af00fa466072a3c3360041755"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
3518
x-amz-cf-id
JIG6LivvN3unMswCPoyfo1unOaw77Ob5NoBJIBjVKNv8NtW82Yt9Cg==
truncated
/ Frame F212 		26 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
ctar
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ctar?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091162&rev=11f0e47&cta_render_method=1&cta_render_text=&cb=81880
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
js
tags.mathtag.com/notify/ Frame AAF8 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvWVdVNE5EWXpOMll0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzM5NzE0MDYyMjk1MjA5Mjk3NzUvMTA0MDYyOTEvMTExNDI0ODEvNjIvY0hkRXZoNjNwSFZyajV0bEM4VGpzXzFSZ1laMEZZWUNUNmhpNG9xbG1DQS8xLzYyLzAvMC8xODUzOTIxLzMxMTc3ODM5NzAvMjE1NTQzLzExMjkyNzQvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8zOTcxNDA2MjI5NTIwOTI5Nzc1L3pyaC8wLzEwMDAyLzU5Lzk5OS8yNTgvMTg1LjIxMy4xNTUuMC8wLjAwMC8xNjUwMDk4MTU2LzE2NTAxMTA3NTYvNjIvOTI4Ni8/-34eBp4B7vu6oPCEoALUgRiY0ok&nodeid=2802&group=zrh&auctionid=3971406229520929775&shardkey=3971406229520929775&sid=11142481&cid=10406291&price=0.198&bp=a_bjiibd&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.132.88
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.308.0 /
Resource Hash
00aafc144c43d5e4c29bb64e0a63d757414a1624dcb9428ca26314ec50eecb28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:58 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1650098156
Last-Modified
Sat, 16 Apr 2022 08:35:56 GMT
Server
MMBD/3.308.0
x-mm-latency
160 (0)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
pao-router-x89, zrh-bidder-x157
Connection
close
Content-Type
application/x-javascript; charset=UTF-8
Expires
Sat, 16 Apr 2022 08:35:57 GMT
ev1
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ev1?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091161&rev=11f0e47&pr=0.151&bc=0.198&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10406292&crid=-1&ts=1650098156&bcud=198&ss=12&caid=0&unid=0&cepos=0&ceid=0&cb=45362
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
aop
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/aop?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091162&rev=11f0e47&pr=un&bc=0.198&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10406291&crid=-1&ts=1650098156&bcud=198&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F&rr=creative&fid=10&rb=0&g=0&cb=95134
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
sync
eb2.3lift.com/ Frame 6A3E 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
f1f94a4158844638eb5b93c3a8413cfd9f2d732135632de4a4aef6995f560245

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
520
content-type
text/html; charset=utf-8
date
Sat, 16 Apr 2022 08:35:58 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
generate_204
tpc.googlesyndication.com/ Frame 8C6F 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?aqIS5w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
xuid
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3658&xuid=cdaba960-d978-4608-b0ff-587fb99b7e8b&dongle=0cfd
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3658&xuid=cdaba960-d978-4608-b0ff-587fb99b7e8b&dongle=0cfd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://eb2.3lift.com/xuid?mid=3658&xuid=cdaba960-d978-4608-b0ff-587fb99b7e8b&dongle=0cfd
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
209
ebda
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&cmp_cs=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzU2OTc3NDQxMzM3MDk2NDE2NjU3OQ%3D%3D
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
248
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEChPfGmQmLX38Qk36hnZmt4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEChPfGmQmLX38Qk36hnZmt4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEChPfGmQmLX38Qk36hnZmt4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 9931
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzU2OTc3NDQxMzM3MDk2NDE2NjU3OQ%3D%3D
170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzU2OTc3NDQxMzM3MDk2NDE2NjU3OQ%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzU2OTc3NDQxMzM3MDk2NDE2NjU3OQ%3D%3D
date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 9931 		0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3569774413370964166579&dbredirect=true&gdpr=0&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 5CCC2E4830FC48708A58F1D4152715D3 Ref B: FRAEDGE1119 Ref C: 2022-04-16T08:35:58Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXcwWqTxkzGzKjGXG/npg==
xuid
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/3569774413370964166579?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-y6XCL_pE2oSsCDaaxUPdQ7WgFFXEeaV2dk.x5h3rTg--~A&dongle=0883
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-y6XCL_pE2oSsCDaaxUPdQ7WgFFXEeaV2dk.x5h3rTg--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Sat, 16 Apr 2022 08:35:58 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-y6XCL_pE2oSsCDaaxUPdQ7WgFFXEeaV2dk.x5h3rTg--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
xuid
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=3569774413370964166579&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=triplelift&user_id=3569774413370964166579&gdpr=0&gdpr_consent=
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=9f267c56-43bd-49b0-aea6-e295832fefda&ssp=triplelift
  • https://eb2.3lift.com/xuid?mid=2409&xuid=fabb218b-ac7f-418a-b90c-d25cf822c632&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2409&xuid=fabb218b-ac7f-418a-b90c-d25cf822c632&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=2409&xuid=fabb218b-ac7f-418a-b90c-d25cf822c632&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date
Sat, 16 Apr 2022 08:35:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
c.gif
c.bing.com/ Frame 9931 		42 B
594 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=3569774413370964166579&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:57 GMT
etag
"8120eaf0ff3ad81:0"
last-modified
Fri, 18 Mar 2022 19:39:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E1936DA202024EC9B7FF86BF58C173B7 Ref B: FRAEDGE1407 Ref C: 2022-04-16T08:35:58Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 9931
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=3569774413370964166579
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=3569774413370964166579&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=3569774413370964166579&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:58 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
AANZVK016E33EW8KC4JY
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=3569774413370964166579&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 9931
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75922&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
privacy_small.svg
static.criteo.net/flash/icon/ Frame 4AA2 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 08:35:58 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 4AA2 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 08:35:58 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 4AA2 		308 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Tue, 11 Apr 2023 08:35:58 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame 4AA2 		507 B
835 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Tue, 11 Apr 2023 08:35:58 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 4AA2 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=05WBJU8YYm7IlAVh3uPA5je62ioyuxPhiUgdwG4PkWO50EUAxb4_YrA3S3eVofehKGg5W4ZvOe4j0zFeq2DaOQ1lADwjM2EfxjKHUjf8TBJbV7m9xrLR3J0ZP9tQCyCD5MyViPxs6qp8Pdx4KrapmQeKWfEcADMpZZKI948ydEt2UN0BvqmgLEMGRBzn2hf5O5WSswfZ4E6Qe0JmEKWDsl78GdFFlewu-aUVE4sj-dKIbvhrqPyUEDWN6YLFdYdUX2T5Imz6k73FJZp3nx4U5mHtVvvr_M1u52kNfKWBw5PPF2W4XeIPUlEd6HvwG0ubZVHrWdueUTrDV3JRJRbWy4xyOl8V8sQpqMqo1VJjnIFlcfbu_HyXiyeDRysph_ccXnhhd0p6bsvrTj7XSpAy_5sFVKm-IUaZauyhYugtmMmwtOjgxEYeZcNHGDSJQvtZ7GPJUQ
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:57 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3581049
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
setuid
ib.adnxs.com/prebid/ Frame 6A3E 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=0&gdpr_consent=&uid=3569774413370964166579
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:58 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b8f36d8f-c013-4b4b-bd05-249d0bcb4179
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
ib.adnxs.com/prebid/ Frame 6A3E 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=3569774413370964166579
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:58 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
2526507b-9343-4c54-bd28-65aea0acc6b3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/trl
  • https://match.prod.bidr.io/cookie-sync/trl?_bee_ppp=1
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AACZ1E7EtQAAACGNGNce2Q&dongle=bzwx
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7255&xuid=AACZ1E7EtQAAACGNGNce2Q&dongle=bzwx
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=7255&xuid=AACZ1E7EtQAAACGNGNce2Q&dongle=bzwx
Date
Sat, 16 Apr 2022 08:35:58 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3702&xuid=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b&dongle=d54f&gdpr=0&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3702&xuid=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b&dongle=d54f&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=3702&xuid=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b&dongle=d54f&gdpr=0&gdpr_consent=
Date
Sat, 16 Apr 2022 08:35:57 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
3d723eee-bd60-11ec-aa48-bf8f7a8edf0b
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162&dongle=4430
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2319&xuid=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162&dongle=4430
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2319&xuid=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162&dongle=4430
Date
Sat, 16 Apr 2022 08:35:58 GMT
Connection
keep-alive
Content-Length
141
Content-Type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3657&xuid=Ylp-6wAAAIYq2AQA&dongle=3c0a&gdpr=0&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3657&xuid=Ylp-6wAAAIYq2AQA&dongle=3c0a&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650098158.372926,VS0,VE0
x-served-by
cache-hhn4071-HHN
x-cache
HIT
location
https://eb2.3lift.com/xuid?mid=3657&xuid=Ylp-6wAAAIYq2AQA&dongle=3c0a&gdpr=0&gdpr_consent=
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3335&xuid=8360310439731899993&dongle=4d58&gdpr=0&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3335&xuid=8360310439731899993&dongle=4d58&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:58 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
96d2506f-7dcb-41ba-91c2-694ba99b30a6
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eb2.3lift.com/xuid?mid=3335&xuid=8360310439731899993&dongle=4d58&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4945&xuid=d42b9a20-2748-4ef5-8d25-34667be62855&dongle=31ac
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4945&xuid=d42b9a20-2748-4ef5-8d25-34667be62855&dongle=31ac
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=4945&xuid=d42b9a20-2748-4ef5-8d25-34667be62855&dongle=31ac
Date
Sat, 16 Apr 2022 08:35:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=3544401046829132356&dongle=d407
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=3544401046829132356&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=3544401046829132356&dongle=d407
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
xuid
eb2.3lift.com/ Frame 6A3E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3690&xuid=724f625a-7fee-4200-bf3e-f332adb4d092&dongle=3995&gdpr=0&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3690&xuid=724f625a-7fee-4200-bf3e-f332adb4d092&dongle=3995&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=77451
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date
Sat, 16 Apr 2022 08:35:58 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x54 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eb2.3lift.com/xuid?mid=3690&xuid=724f625a-7fee-4200-bf3e-f332adb4d092&dongle=3995&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 16 Apr 2022 08:35:57 GMT
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 4AA2 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
188132
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJGJPWW%2FD%2BISYmDGDwlDi2YFrNhycEeW0uBxxmhgnxPL5FDBBJvIHiymabisiuN0fSCNbEioo1AkaZ3DL9kFIZj4LCNiVatIdQPW0ypXApc29bqy7PfhjNgu%2BchN5fhVG%2FSVDpVkd%2BE%2FT57h3Bf6%2FqmQ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6fcb9731dbd29152-FRA
expires
Thu, 06 Apr 2023 08:35:58 GMT
animejs.js
static.criteo.net/animejs/ Frame 4AA2 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 08:35:58 GMT
5870089f3f90468da177506c701904b3_cpn_970x250_1.jpg
static.criteo.net/design/dt/58172/220415/ Frame 4AA2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/design/dt/58172/220415/5870089f3f90468da177506c701904b3_cpn_970x250_1.jpg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
img
pix.eu.criteo.net/img/ Frame 4AA2 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?h=496&m=0&partner=58172&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F58172%2F210330%2Fdb53c7c2e72048c693c6b0d38777fa07_logo_w_vertical_03.png&v=3&w=558&s=uaQvxoByGHWNseD23J4YeMa7
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
5131eb1462038f07e5dc58040cba8969a88eb0beb8b7e61933469bf0a265b62e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:57 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=30213632
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
13583
expires
Sat, 01 Apr 2023 01:16:31 GMT
img
pix.eu.criteo.net/img/ Frame 4AA2 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=58172&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-chromebox_cxi4_premium_1000main.png&v=3&w=800&s=Qvwj8dbrxQokQDS2_mulKlus&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
635fc3642d77c0ffc3368165582c4d03124eff007d5f58f6beca929f7785904a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=722433
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
8576
expires
Sun, 24 Apr 2022 17:16:32 GMT
img
pix.eu.criteo.net/img/ Frame 4AA2 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=58172&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fn%2F_newacer_moinitor_xz2-series_xz272p_main_um.hx2ee.p10.png&v=3&w=800&s=QMsSik73o4pTZ23jK8f2iAra&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
8933a873c4fdfb4430d747dd3819e92352607a80cfe14a648a19d89ae394d764
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=547101
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
40377
expires
Fri, 22 Apr 2022 16:34:20 GMT
img
pix.eu.criteo.net/img/ Frame 4AA2 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=58172&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2Fv%2Fg%2Fvg0-series-vg220q-vg240y-vg270-vg270s-acerwp_modelmain_um.wv0ee.006.png&v=3&w=800&s=4IFToTAJXvg7BpLNWl4gC4Lt&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
9577a12bbc79783cd6ba502d741b2cc737d4abafc7c887d01355b2636f756325
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=547510
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
63214
expires
Fri, 22 Apr 2022 16:41:08 GMT
all
csm.eu.criteo.net/ Frame 4AA2 		0
128 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=qr1D0EMtaS1Vj_8dYDPTCsRHSvD7gscXOyY54SyXrA09thopL_lgHWrHQ8_KMa3kTYMAhNc02_VJaVrj2z3xnW1VVj56vD2lxfAMr86s1_kvgXDfKqhcfq67cJ0K_Jy0smW4QEu5EjLCNx2QjanEKiNtUL73T3Pg32I-dlxb-MiuANRvwyFxe2bz4fFc_uvCASfyCMpWmhNgs9TUnjjURxpS3Kt_RkKQpnn96V2MHizsiVCPRqazLrog8qjrXzGgNG9xPA&sds=2&rev=81123&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 08:35:58 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 4AA2 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 08:35:58 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 4AA2 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 08:35:58 GMT
css
fonts.googleapis.com/ Frame 4AA2 		2 KB
937 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 08:02:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 08:35:58 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 08:35:58 GMT
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v26/ Frame 4AA2 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/muli/v26/7Auwp_0qiz-afTLGLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ads.eu.criteo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 15:20:52 GMT
x-content-type-options
nosniff
age
234906
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31248
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:37:29 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Apr 2023 15:20:52 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041201&jk=3912258181573074&bg=!kJOlk9fNAAZvJBiFTyQ7ACkAdvg8Wnpf_8_JhZ7CwOa4j-enggyDqEuwevTbD6YnGmU92u9uIV0SUAIAAAMeUgAAAANoAQcKACNT564XS0LpZBZOtdqh9eMEhdLhC-dRd6dyFaPS3aLTwFDBxpkCmmAkX8TcXMB4CR9bseDdXv96wDMU78-0BEBoYjxglXgs9MwZvD2lQJygwXWcpcmW-LHSkj9tassOrHklzaFVCtiVRTBblzRg3gBDq076aWp-KIDIt_ubJvytT5Ymp43-qzijHzUSN4ORDTinxdXb-uzwSJ-Bm9FQPhign5Xs36y-93lD42wR3nboVFw-l6QiAyhz5lqu5GYa4w-S6TgChKVSQywenkLecnGuYpsR6BNbMiOLc2sbJJVgFT3bycDGlqsAWK006IH013QqIRKKg4LwE9FMQxgLjxeeBXTCRXyhOCAWJSxHSQy7SRdfYCZiwvntSmzJYypgu7R6sQWPKP7k167t4ESB_s6N-_SIfMjwJ5Z28BxUTqNR-VRu6RxpKR_EtI_qpiPhvDGMEIofRLwCClKdFJGYgDiLbJJ6VyrXFFVx4ZXSVUOUzfthC3CrshWrK82ZDhRc0lFHbnPZEnWzw2yhtq3S9x4ershEk7JZsTkXk38-zTzEQXA2faudveW8XIgE2Z-XERdUjRC2l9nLqEeeaKdL87l9AHP-IWxZq1YzrqAw8E12paQYwfKdZKTpQiPIVTs-RtDJgSEGEQh8AB5rYGYh4N_vGTPvipZuE9mdvt4UK82pMmFwQsTV4S-5LCG4aYNFgtg90VUhhHoUlnk_qO_9NFMb4b5-riH6CksyP3C7uoEot3BXPLXmVTondrqopoKC0kOuqUDzYYpeK82AfcXvsXwxlXCmSnN-jmmef8IpJD1_KWz4OYbADcxXcYcWEBWnucBDWdCNmYcn63cruygIT4DsMofrBgWGZRDNVQkCyykiWItcwm9X9D39vZsqAuDxkQnCoT6rjRpVTo3JuiYtcdLhvfrrxqLPvboFZG0ZWIdtnw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
uten8uck00se
hal9000.redintelligence.net/zone/ Frame 313D 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/uten8uck00se?subid=&gdpr=0&gdpr_consent=&rnd=6277249238734623826&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ss6&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091161%26mt_aid%3D6277249238734623826%26mt_id%3D10406292%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3251625a-7fee-4601-90f8-0782272494dd%26mt_cid%3D3251625a-7fee-4601-90f8-0782272494dd%26redirect%3D
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.149 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.149.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
7791f55a96697fc33a2b0c216f05bd7e195de9a41580d4c65b5e20c3d4e4251c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2875
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame 313D 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=6277249238734623826&node_id=2802&exch_id=62
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.308.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MMBD/3.308.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x74, zrh-bidder-x157
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Sat, 16 Apr 2022 08:35:58 GMT
img
pixel.mathtag.com/event/ Frame 313D 		43 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=62&v2=6277249238734623826&v3=1129274&v4=11142481&v5=10406292&mt_nsync=1&no_attr=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-210.deploy.static.akamaitechnologies.com
Software
MT3 4281 354de82 master cdg-pixel-x29 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MT3 4281 354de82 master cdg-pixel-x29 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 16 Apr 2022 08:35:58 GMT
img
tags.mathtag.com/event/ Frame 313D 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ss6&bid=6277249238734623826&st=11142481&time=1650098158&nodeid=2802
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.308.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MMBD/3.308.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x46, zrh-bidder-x157
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Sat, 16 Apr 2022 08:35:58 GMT
ynpsxyk40ika
hal9000.redintelligence.net/zone/ Frame AAF8 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/ynpsxyk40ika?subid=&gdpr=0&gdpr_consent=&rnd=3971406229520929775&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ss6&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091162%26mt_aid%3D3971406229520929775%26mt_id%3D10406291%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26mt_cid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26redirect%3D
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.149 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.149.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
fa3ebca2e1be6b7bb1dd9ed4f5c598c27cd08f2b286e44f62828ce21c09ae19e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2872
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame AAF8 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=3971406229520929775&node_id=2802&exch_id=62
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.308.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MMBD/3.308.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x90, zrh-bidder-x157
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Sat, 16 Apr 2022 08:35:58 GMT
img
pixel.mathtag.com/event/ Frame AAF8 		43 B
404 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=62&v2=3971406229520929775&v3=1129274&v4=11142481&v5=10406291&mt_nsync=1&no_attr=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.228.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-210.deploy.static.akamaitechnologies.com
Software
MT3 4281 354de82 master cdg-pixel-x7 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MT3 4281 354de82 master cdg-pixel-x7 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 16 Apr 2022 08:35:58 GMT
img
tags.mathtag.com/event/ Frame AAF8 		49 B
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ss6&bid=3971406229520929775&st=11142481&time=1650098158&nodeid=2802
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.308.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MMBD/3.308.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x100, zrh-bidder-x157
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Sat, 16 Apr 2022 08:35:58 GMT
request.php
hal900018.redintelligence.net/ Frame AAF8
Redirect Chain
  • https://hal900018.redintelligence.net/request.php?zone=ynpsxyk40ika&nw=20&renderingType=javascript&namespace=9b7d442366&subid=&uid=b7861c363e86aa40&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900018.redintelligence.net/request.php?zone=ynpsxyk40ika&nw=20&renderingType=javascript&namespace=9b7d442366&subid=&uid=b7861c363e86aa40&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
613 B
937 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/request.php?zone=ynpsxyk40ika&nw=20&renderingType=javascript&namespace=9b7d442366&subid=&uid=b7861c363e86aa40&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091162%26mt_aid%3D3971406229520929775%26mt_id%3D10406291%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26mt_cid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7471891609117&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
f21ec24e74243abd36015a27738230a37be7294681c3e12fc06edc3d3f761e29

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:59 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
79663500055179004380388011931018
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
331
Expires
Sat, 16 Apr 2022 09:35:59 +0200

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=ynpsxyk40ika&nw=20&renderingType=javascript&namespace=9b7d442366&subid=&uid=b7861c363e86aa40&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091162%26mt_aid%3D3971406229520929775%26mt_id%3D10406291%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26mt_cid%3D3351625a-7fee-4a01-a967-ad4537ec0667%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7471891609117&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Sat, 16 Apr 2022 09:35:59 +0200
request.php
hal900018.redintelligence.net/ Frame 313D
Redirect Chain
  • https://hal900018.redintelligence.net/request.php?zone=uten8uck00se&nw=20&renderingType=javascript&namespace=285ca16775&subid=&uid=04da3f24a008fd02&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900018.redintelligence.net/request.php?zone=uten8uck00se&nw=20&renderingType=javascript&namespace=285ca16775&subid=&uid=04da3f24a008fd02&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
613 B
937 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/request.php?zone=uten8uck00se&nw=20&renderingType=javascript&namespace=285ca16775&subid=&uid=04da3f24a008fd02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091161%26mt_aid%3D6277249238734623826%26mt_id%3D10406292%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3251625a-7fee-4601-90f8-0782272494dd%26mt_cid%3D3251625a-7fee-4601-90f8-0782272494dd%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7528433724860&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
HTTP/1.1
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
6f3ca547ee4e33217b1ba6cd01083f325f6aef3427d3ccd84398e396a8a2688e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:59 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
77620900055178904380390011931018
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
331
Expires
Sat, 16 Apr 2022 09:35:59 +0200

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=uten8uck00se&nw=20&renderingType=javascript&namespace=285ca16775&subid=&uid=04da3f24a008fd02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D12994800955978062091161%26mt_aid%3D6277249238734623826%26mt_id%3D10406292%26mt_adid%3D215543%26mt_sid%3D11142481%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3251625a-7fee-4601-90f8-0782272494dd%26mt_cid%3D3251625a-7fee-4601-90f8-0782272494dd%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=7528433724860&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Sat, 16 Apr 2022 09:35:59 +0200
activeview
pagead2.googlesyndication.com/pcs/ Frame F127 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjste6VKO-N6fcUinDI1DWcF2LaB5LfuRTGujutUS-KUEdGnEbaPoixeyjO2mNNv9OLyyjlew8ibI9WWpoIQKPIUw&sig=Cg0ArKJSzMkSRjnm_pasEAE&id=lidar2&mcvt=1000&p=8,315,258,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4166723991&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650098157444&rpt=670&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Sat, 16 Apr 2022 08:35:59 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1545
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame C72F
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=roBuLnxOMElxaXMzWUtLSVJFUGx5QzNxZUJqVXlEbXB6L0U0aUxHNjNyNmkvMVRYZmNWNUtPLzNzWjJTQURvVkgyZFkwMm5ERWxWbUg2NEhpR2EvNENxL05lL21SWlNhRFhWeDAvdll6Tko2bUhQSjJGd05ZeVlGOTlWSz...
342 B
616 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=roBuLnxOMElxaXMzWUtLSVJFUGx5QzNxZUJqVXlEbXB6L0U0aUxHNjNyNmkvMVRYZmNWNUtPLzNzWjJTQURvVkgyZFkwMm5ERWxWbUg2NEhpR2EvNENxL05lL21SWlNhRFhWeDAvdll6Tko2bUhQSjJGd05ZeVlGOTlWSzRXblh0OHpvZmZlM3RvNk9IRmZtWFNmeWkvQ085UVNLZS9Sd0pkeFJValRVLzkwTzh5SUNNWmdwdHRJM1Q5SWRiRWw5YkhHL3l4Z0hLbklMdmt1WldwcHh5ZUtqSjZ1YXU3UW9ZREJMWERPRDJnOU5UV0k4PXw&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
f1d6cc51d99789ae4d6b724de3328cbc5a37ae1412b724d6004f52e03fa54f58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:58 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3197
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
location
https://mug.criteo.com/sid?cpp=roBuLnxOMElxaXMzWUtLSVJFUGx5QzNxZUJqVXlEbXB6L0U0aUxHNjNyNmkvMVRYZmNWNUtPLzNzWjJTQURvVkgyZFkwMm5ERWxWbUg2NEhpR2EvNENxL05lL21SWlNhRFhWeDAvdll6Tko2bUhQSjJGd05ZeVlGOTlWSzRXblh0OHpvZmZlM3RvNk9IRmZtWFNmeWkvQ085UVNLZS9Sd0pkeFJValRVLzkwTzh5SUNNWmdwdHRJM1Q5SWRiRWw5YkhHL3l4Z0hLbklMdmt1WldwcHh5ZUtqSjZ1YXU3UW9ZREJMWERPRDJnOU5UV0k4PXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1670
content-length
482
expires
0
pd
u.openx.net/w/1.0/ Frame B662 		668 B
721 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
99bdbe49c9f3b7cb7ae4ef1d9129ee31e47c6bc02925561ed831cc49f54f29cd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
420
content-type
text/html
date
Sat, 16 Apr 2022 08:35:59 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7CA9 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=129378
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 08:35:59 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 17 Apr 2022 20:32:17 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame A685 		668 B
732 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
99bdbe49c9f3b7cb7ae4ef1d9129ee31e47c6bc02925561ed831cc49f54f29cd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
420
content-type
text/html
date
Sat, 16 Apr 2022 08:35:59 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame CA8B 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
11657
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Sat, 16 Apr 2022 08:35:59 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 196158
X-Served-By
cache-lga21972-LGA, cache-hhn4025-HHN
X-Timer
S1650098159.257129,VS0,VE0
ixmatch.html
js-sec.indexww.com/um/ Frame D6F7 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:35:59 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame F28D 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:35:59 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0212 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=129378
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 08:35:59 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 17 Apr 2022 20:32:17 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 0B2C 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
11657
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Sat, 16 Apr 2022 08:35:59 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 192524
X-Served-By
cache-lga21972-LGA, cache-hhn4068-HHN
X-Timer
S1650098159.257257,VS0,VE0
request_content.php
hal900018.redintelligence.net/ Frame 0DFE 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/request_content.php?s=79663500055179004380388011931018&a=2d681f24
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
df6a34384c85f83a3ddaa87b952051f665680424f93312e412f0696a33304336

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
1419
Content-Type
text/html; charset=utf-8
Date
Sat, 16 Apr 2022 08:35:59 GMT
Expires
Sat, 16 Apr 2022 09:35:59 +0200
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
request_content.php
hal900018.redintelligence.net/ Frame B3A7 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
12dc325bbc5a632bfc308051b035cea8f4a8f4caeac922c896354446398cd882

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
1420
Content-Type
text/html; charset=utf-8
Date
Sat, 16 Apr 2022 08:35:59 GMT
Expires
Sat, 16 Apr 2022 09:35:59 +0200
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
sd
eu-u.openx.net/w/1.0/ Frame A685
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x58 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 16 Apr 2022 08:35:58 GMT
sd
us-u.openx.net/w/1.0/ Frame A685
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame A685
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5900260929700950267
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5900260929700950267
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5900260929700950267
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame A685 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=1de2818e-0cf2-74a0-dc49-adf85a89678d&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame A685 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MzE4ZDUyNDQtYzU4NS0yYTA0LWM5YTktZjc0MTkwNmJhOWVk
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame A685
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
track.adform.net/adfscript/ Frame 0DFE 		747 B
940 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=54583808;click=https%3A%2F%2Fhal900018.redintelligence.net%2Fc%2Fpyzbkiineo40n5d%3Ftprde%3D
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=79663500055179004380388011931018&a=2d681f24
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0968606634e57496f01b50fac7a6f996ed210b39eeb3ceb47ff504f03d85daa9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
547
expires
-1
sd
eu-u.openx.net/w/1.0/ Frame B662
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x10 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3351625a-7fee-4a01-a967-ad4537ec0667
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 16 Apr 2022 08:35:58 GMT
sd
us-u.openx.net/w/1.0/ Frame B662
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=gP9JY4GrGWGb_k47hv1RZNesHTGb-x8w1a5AoFbG
pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame B662
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5548847042391361760
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5548847042391361760
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5548847042391361760
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame B662 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=1de2818e-0cf2-74a0-dc49-adf85a89678d&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame B662 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MzE4ZDUyNDQtYzU4NS0yYTA0LWM5YTktZjc0MTkwNmJhOWVk
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame B662
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJH7UygTw1UMD-8E8k3qMXo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
track.adform.net/adfscript/ Frame B3A7 		747 B
941 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=54583803;click=https%3A%2F%2Fhal900018.redintelligence.net%2Fc%2Fpwv7r78tpezv751%3Ftprde%3D
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
535c557112afbad375ff58eae51abfdf33da5bfb31ee61566f618490e5260697
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
549
expires
-1
viewability
hal900018.redintelligence.net/ Frame 0DFE 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/viewability?s=79663500055179004380388011931018&a=c4164daa&vb=m
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=79663500055179004380388011931018&a=2d681f24
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/request_content.php?s=79663500055179004380388011931018&a=2d681f24
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
ev
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ev?inv_code=Threatpost_ROS_HDX&aid=12994800955978062091161&rev=11f0e47&pr=0.151&bc=0.198&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10406292&crid=-1&ts=1650098156&bcud=198&ss=12&caid=0&unid=0&cepos=0&ceid=0&cb=45591
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
async_usersync
ib.adnxs.com/ Frame CA8B 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:59 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
5792e56d-584c-49e9-b739-bfb6f5ddc7e8
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 0B2C 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:35:59 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6513dc1f-b8e0-4867-99c5-3740f8de6ac9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
viewability
hal900018.redintelligence.net/ Frame B3A7 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/viewability?s=77620900055178904380390011931018&a=ba248c56&vb=m
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:35:59 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 0DFE 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=54583808;click=https%3A%2F%2Fhal900018.redintelligence.net%2Fc%2Fpyzbkiineo40n5d%3Ftprde%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sun, 17 Apr 2022 12:08:27 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame B3A7 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=54583803;click=https%3A%2F%2Fhal900018.redintelligence.net%2Fc%2Fpwv7r78tpezv751%3Ftprde%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sun, 17 Apr 2022 12:08:27 GMT
all
csm.eu.criteo.net/ Frame 4AA2 		0
127 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=qr1D0EMtaS1Vj_8dYDPTCsRHSvD7gscXOyY54SyXrA09thopL_lgHWrHQ8_KMa3kTYMAhNc02_VJaVrj2z3xnW1VVj56vD2lxfAMr86s1_kvgXDfKqhcfq67cJ0K_Jy0smW4QEu5EjLCNx2QjanEKiNtUL73T3Pg32I-dlxb-MiuANRvwyFxe2bz4fFc_uvCASfyCMpWmhNgs9TUnjjURxpS3Kt_RkKQpnn96V2MHizsiVCPRqazLrog8qjrXzGgNG9xPA&sds=2&rev=81123&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ylp_7QAArIkIu8jSAAhwEXD_M5-Ga3h6DGF6Qg&u=%7Cn%2FVhp94TePK%2F9IqcU7kR%2FqfsZ0BmqSYaRQE871d1oN4%3D%7C&c1=2P_wVlUbBFvUtJMceObjNouN5UYi7q7WBlwMhQciZgBd02NHdixnhjZnO7RmAotpYtIhHwN70p2BVQoAGUqwREVsKw2xBK8rYDe_vS5J0R_FPaogokIC1khQHv7tdG74cKdWQxqYKJyHUvZqTKe8Jf7oQ1Y_ANDU3d8NqiYsxhoSWMwIqugCrxkyU-Q4YM3PPuAMkb-i085Tma5GsUlYUdCJkKOnCg_OOT_KtCdiWQ-a_orY0y2QkBYLo1Ro8PTml4L7yzA259jvEYT_eAOXXiI8eLC3Cf_4zeMgBV2Qayc_mPs_PkBQNdY8bIlmzNAWyoCwfIKmYfuq0ewiXcuWs6hhpSkNcpNPZFsqxit_lcZmwn8brUnhGaxU4haKB5_kZexjxBcNVH1k2DdZzupnAPJsb7kFq7X4O1PEIABVMhsC2dehavKQEWUfCOv416cFjEZtuCP4GTN9nJOwLx_zXu73ZXqAbOvP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCNhZe7X9aYonZAtKR7_UPkeCh0A3JntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTQxMTM2ODE4ODIzMTE0NTWgAdW20uoDyAEJqQJf_TUn9ySyPuACAKgDAaoEmwJP0CxAlV09azcp3LLd0kFJUNamxAP-BtnNLHPEjgPfYXO9-3jRiDMvDZithQkuPea46KqPEUNWDYOre5Bzz-A-J_S4yhCNvgn1VGgIavTSDQJnzRk26l3RUQloB8uNl2ivHkNeNInF6PlbbUiDs1titrHWF0OcYrwuWYGqhhQytoc3UuXd06SB2sKcnXCOrEd3cTztgLnpM9qRESAkdCdu68_7KVB9ur9_R6eovmsWiIwVeKRcxqJyeE9r8GylJZOPaMLD8IIYu2fgSHPn-buyzwlvhjSkWI_v4gwkWXrZNneC4ejqivk0E-9dUrd-lr08q3TfZyAfWtaS6QCwKbHzG8fPsiNsWw2DG5AMRZ-8cMZdKJ0X2IrvOHYX4AQBgAaGo_KFjZSwgzugBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggFCIhhEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3X8c57885P-G-TgaBfTQMIokD-oA%26client%3Dca-pub-4113681882311455%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 08:35:58 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=roBuLnxOMElxaXMzWUtLSVJFUGx5QzNxZUJqVXlEbXB6L0U0aUxHNjNyNmkvMVRYZmNWNUtPLzNzWjJTQURvVkgyZFkwMm5ERWxWbUg2NEhpR2EvNENxL05lL21SWlNhRFhWeDAvdll6Tko2bUhQSjJGd05ZeVlGOTlWSzRXblh0OHpvZmZlM3RvNk9IRmZtWFNmeWkvQ085UVNLZS9Sd0pkeFJValRVLzkwTzh5SUNNWmdwdHRJM1Q5SWRiRWw5YkhHL3l4Z0hLbklMdmt1WldwcHh5ZUtqSjZ1YXU3UW9ZREJMWERPRDJnOU5UV0k4PXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Sat, 16 Apr 2022 08:35:58 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1606
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
track.adform.net/adfserve/ Frame 0DFE 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?CC=1&bn=54583808;click=https%3A%2F%2Fhal900018.redintelligence.net%2Fc%2Fpyzbkiineo40n5d%3Ftprde%3D;js=1;adfxid=1x;756;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fthreatpost.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b75d93883f98f2266e7a06045a6b417c6bd27d187fce846aedd2dc02ebc55945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2010
expires
-1
/
track.adform.net/adfserve/ Frame B3A7 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?CC=1&bn=54583803;click=https%3A%2F%2Fhal900018.redintelligence.net%2Fc%2Fpwv7r78tpezv751%3Ftprde%3D;js=1;adfxid=2x;865;set=en-US|en-US|1600X1200|0|350|300|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fthreatpost.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a0ccb12a401ab3a0a2e064c2e37a6607895b30adf49dc70f87e9747b352d26f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2011
expires
-1
truncated
/ Frame 0DFE 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame B3A7 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 0DFE 		90 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sun, 17 Apr 2022 12:09:16 GMT
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame B3A7 		90 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sun, 17 Apr 2022 12:09:16 GMT
/
track.adform.net/csimpr/ Frame 0DFE 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=54583808&csi=bKV637o_iI95NeRQ8QpB2pU6ftYzsjPfKiMPUVEJZ6cJDwKV3Zer3AJ_kGLVL0xsgmLrTWgIHZzvJgiDT4ByIN6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900018.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900018.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
10999324.js
s1.adform.net/Banners/Elements/Files/160090/10999324/ Frame 6442 		100 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/10999324.js?ADFassetID=10999324&bv=258
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e6dca68564933ce7425afe8aa112a0425af9aa15379fa5a1e206e8d7066ea4be
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
W/"622b2571-19197"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
/
track.adform.net/csimpr/ Frame B3A7 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=54583803&csi=AsXtJnrNwHiTFMdVr1fGvu9It_hTnn5-KiMPUVEJZ6cJDwKV3Zer3AJ_kGLVL0xs57aZ3s-9CgsOnQAGe7pH3t6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900018.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:35:59 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900018.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
10999322.js
s1.adform.net/Banners/Elements/Files/160090/10999322/ Frame EDB7 		105 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/10999322.js?ADFassetID=10999322&bv=258
Requested by
Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
ef9726a329bab863c4a956d5c23b32ab54c220a4a185690ad9d92eb167b7a3c6
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Fri, 11 Mar 2022 10:33:20 GMT
server
nginx
etag
W/"622b2570-1a578"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame 6442 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 12:35:29 GMT
server
nginx
etag
W/"609e6e91-76d9"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
Enabler.js
s0.2mdn.net/ads/studio/ Frame 6442 		134 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/Enabler.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:32:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46435
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:47:21 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 16 Apr 2022 08:47:45 GMT
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame EDB7 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:35:59 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 12:35:29 GMT
server
nginx
etag
W/"609e6e91-76d9"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
Enabler.js
s0.2mdn.net/ads/studio/ Frame EDB7 		134 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/Enabler.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:32:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46435
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:47:21 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 16 Apr 2022 08:47:45 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 8A31 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5uhGPBgo6GTeLyoW-gXniNFcEHTvy9m0h8_96r_y-okbHutT9HOTjwA28CwP7Q0ku1wIV34LMCfudBmoi1OfY_hjjs3Cijz8Uu3-MA3zoY-IFtXnyRukn-XTjjOvwYsUnX1YK_5VdrWcP9gtdzCgTFnUJ1rbmTbqMnIhcCv0ujapev59PyM9abWa2M6ZCqGV-WtQwWlkdn8hxS3KslpWoIELGisNHHJQ3hrPAju2c8_oCZM99EmQve6J58QFO64zpYHCnGKbQ6CT19Bmn-erYD0zmI6sEdbQCXpqCPSiGjxZf3p3ndmGlgypVyN5JeSyfCNAUW6KN&sai=AMfl-YTuVeVTGcayjISoHTlV4Nq4PYeFJnyKQS3ApfmQv9AWkixcpZ2lwCoVehsr8xu8CAXMZuZq3jzpM_47ZNuJneQ7k7bAjzcFcYOMpi7icDVQYEYAzHVUsvLl0I9kbcyH&sig=Cg0ArKJSzNNLkro7KxOmEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 08:35:59 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 16 Apr 2022 08:35:59 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 81BE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteULqdtG-P_m5n8C1TL8rJ0Oq8ayLyUT2V-fDuR87nbwK04ZfNA4xKdFVCziJXHrg5GzBYcRBYXB0Ze0oSosHz2jREMuQfPaCh2MANcV3oQkC9QxRHTNpxvqf3RuFG6Z9Cm_tWXh-aJjNbnE0sNSdY2EH3U7aBpLyhFq6Je7okiQAhoHMUaO00T18nx2-0f6BsNi8HVd-2NshJQTeZrpZ_HvnvvEeo3WxIUzPCn51qTuI5B4PMsmYRMUlAviYdrqG3Xl3t6zPGoQzz79iJjgMS_awXbPuIHzPsLT7LN9GgdkNDZUh0HAhLiyM6hDEQR4V_r54dHWat&sai=AMfl-YTigdVV7LI5lxVfbgIf8Y-np87E8SPH1tv_bztHY9AovqXfpkjG9pbvgo2YKNNvzkiAGkWFQKGvUaTIECKvD6VHCjwR_EbFXaIq_VO0mH2cowNz2GqMmwAw7kTnWnij&sig=Cg0ArKJSzOCSzjvJs776EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 08:35:59 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 16 Apr 2022 08:35:59 GMT
async_usersync
ib.adnxs.com/ Frame CA8B 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:00 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
cd6f23a8-2652-46a6-92c8-e118ae5bfb0b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 0B2C 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:00 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
36dc25ba-7bb8-4fa7-9d69-025a1875cd4e
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
viewability
hal900018.redintelligence.net/ Frame B3A7 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900018.redintelligence.net/viewability?s=77620900055178904380390011931018&a=ba248c56&vb=v
Requested by
Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.199.91.76.144.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/request_content.php?s=77620900055178904380390011931018&a=66da4a7c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:36:00 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
abt
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:36:00 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
activeview
pagead2.googlesyndication.com/pcs/ Frame 8A31 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstoBGaAFh3urnzefni4kNRwxFeS1k2KMxhlHOY0LHqCpaH5UVhdgEWR2DEKZmfTB8XUa24X2z-x5YLt97NRNW9t8p9ljVhHsck64yx8y4eMMH1bZ4i&sig=Cg0ArKJSzN1BgYxzb5g_EAE&id=lidar2&mcvt=1000&p=416,1064,696,1400&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220413&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1414505084&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650098157446&rpt=2392&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
track.adform.net/serving/unload/ Frame B3A7 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/unload/?version=15&unload=5548847042391361760@@54583803,5607408541460216486,100|1193|0|0|0|0|0|0|0||58|1|||||1|0|0|BNXvtPxkdUHxBx_RTJEBJ6FA23J3VjfdjPNAimS0OlaSeYlLmdBl2PL_QlhaeLlf0|||11||0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900018.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:01 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900018.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D8B0 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=129376
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 08:36:01 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 17 Apr 2022 20:32:17 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame F935 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:36:01 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame B90B
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=42551
Connection
Keep-Alive
Content-Length
4947
Content-Type
text/html
Date
Sat, 16 Apr 2022 08:36:02 GMT
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1650098162.dop113.am5.t,1650098162.cds288.am5.shn,1650098162.dop113.am5.t,1650098162.cds277.am5.c
age
0
etag
"1b0ebac83fe30af80513039edbdf566f"
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
tx000000000000000ea299b-006259d4a7-17ac40a8-nyc3a
x-rgw-object-type
Normal

Redirect headers

cache-control
no-cache
content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
async_usersync.html
acdn.adnxs.com/dmp/ Frame CBB2 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
11660
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Sat, 16 Apr 2022 08:36:01 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 192559
X-Served-By
cache-lga21972-LGA, cache-hhn4068-HHN
X-Timer
S1650098162.943817,VS0,VE0
sync.html
public.servenobid.com/ Frame ECBB 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=86400
content-encoding
br
content-type
text/html
date
Sat, 16 Apr 2022 08:36:01 GMT
etag
"866b66bb3ccc5c8de41913672c69b8f7"
last-modified
Tue, 15 Mar 2022 23:39:48 GMT
server
AmazonS3
x-amz-id-2
xGMWZIfRzjaJGzXs4D9NbA5QGm+0K0xgMdg3jJurIKGD8+NdjPgTJ+ykLI37IZ/gyG05fFhIZMA=
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5
d97b029b026ab1b5da9f71fc8f6cf19a
x-amz-meta-codebuild-content-sha256
1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-request-id
FQPXPHBFW3QEXRJM
x-azure-ref
08n9aYgAAAADki5pKSKQgTJ3SaHVhGG2MRlJBRURHRTEwMTYAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
x-azure-ref-originshield
0FZlZYgAAAABkjiWISzFpT4b/l6IELuDLQU1TMDRFREdFMTkxOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache
TCP_HIT
ixmatch.html
js-sec.indexww.com/um/ Frame 414F 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:36:01 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 84DA 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
38405bad729c4e15a084cfaceadc92d575a3c4d7d37e9c40ff4550861b1ef455

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
624
content-type
text/html; charset=utf-8
date
Sat, 16 Apr 2022 08:36:01 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
beacon
ap.lijit.com/ Frame F65D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13394437
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Sat, 16 Apr 2022 08:36:02 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap3ams1
pd
eu-u.openx.net/w/1.0/ Frame FFA6 		542 B
357 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
d5f22152a8d53b87f4b24e340f7aeb31746f35ddfd4eda322e2adfba355282b0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
338
content-type
text/html
date
Sat, 16 Apr 2022 08:36:01 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 84DA 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=83&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 -, , ASN (),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:01 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
xuid
eb2.3lift.com/ Frame 84DA
Redirect Chain
  • https://sync.hgrtb.com/triplelift?redir=http%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D7666%26xuid%3Dmy_external_user_id%26dongle%3D8f7
  • https://eb2.3lift.com/xuid?mid=7666&xuid=bf932f19-c076-4a6c-aa1c-b9257759b2f1&dongle=8f7
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7666&xuid=bf932f19-c076-4a6c-aa1c-b9257759b2f1&dongle=8f7
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
http://eb2.3lift.com/xuid?mid=7666&xuid=bf932f19-c076-4a6c-aa1c-b9257759b2f1&dongle=8f7
date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
118
strict-transport-security
max-age=15724800; includeSubDomains
content-type
text/html; charset=utf-8
current
triplelift-match.dotomi.com/match/bounce/ Frame 84DA 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://triplelift-match.dotomi.com/match/bounce/current?networkId=74572&version=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1370 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
xuid
eb2.3lift.com/ Frame 84DA
Redirect Chain
  • https://cms.quantserve.com/pixel/p-VtN-a_yLd-GB-.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=jqVe5I_xDuaVpFm8iKdG49n2CraVoQi32_SR1-wM
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=jqVe5I_xDuaVpFm8iKdG49n2CraVoQi32_SR1-wM
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:01 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=jqVe5I_xDuaVpFm8iKdG49n2CraVoQi32_SR1-wM
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
iu3
aax-eu.amazon-adsystem.com/s/ Frame 84DA
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=3569774413370964166579
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3569774413370964166579&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3569774413370964166579&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Server
52.94.223.167 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9T8AGV3177GY6E1VX26G
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3569774413370964166579&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
value=3569774413370964166579
sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/ Frame 84DA
Redirect Chain
  • https://sasinator.realestate.com.au/rea/setid/external=TRIPLELIFT/value=3569774413370964166579
  • https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=3569774413370964166579
43 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=3569774413370964166579
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
54.66.168.86 -, , ASN (),
Reverse DNS
Software
Match/6817.2933fd11c233c2bdcb1c706b698b10fcabbf4860 (i-0269611b2085a84a6) /
Resource Hash
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
Match/6817.2933fd11c233c2bdcb1c706b698b10fcabbf4860 (i-0269611b2085a84a6)
p3p
CP="NOI NID ADMa PSAa OUR BUS COM NAV"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
image/gif
content-length
43
expires
-1

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
Match/6817.2933fd11c233c2bdcb1c706b698b10fcabbf4860 (i-00c18a2a3a5d42cf2)
p3p
CP="NOI NID ADMa PSAa OUR BUS COM NAV"
location
https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=3569774413370964166579
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
expires
-1
usermatch
usersync.getpublica.com/ Frame 84DA 		0
198 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.getpublica.com/usermatch?provider=triplelift&TripleLiftID={$UID}
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.218.231.183 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate
Content-Length
0
Vary
Origin
Expires
0
xuid
eb2.3lift.com/ Frame 84DA
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=1%26gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=1%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=6019&xuid=BJQHhMZw1NFDUu5&dongle=465e&gdpr=1&gdpr_consent=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=6019&xuid=BJQHhMZw1NFDUu5&dongle=465e&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:01 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eb2.3lift.com/xuid?mid=6019&xuid=BJQHhMZw1NFDUu5&dongle=465e&gdpr=1&gdpr_consent=
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 84DA
Redirect Chain
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=1&gdpr_consent=
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=1&gdpr_consent=&tc=1
  • https://eb2.3lift.com/xuid?mid=6547&xuid=yPINVuM4F8WCZRiCt9hi&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=&tc=1
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=6547&xuid=yPINVuM4F8WCZRiCt9hi&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=&tc=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=6547&xuid=yPINVuM4F8WCZRiCt9hi&dongle=45fg&pi=triplelift&gdpr=1&gdpr_consent=&tc=1
pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT, Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
cookiesync
bttrack.com/pixel/ Frame 84DA 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=3a66d299-1ebd-4293-884e-8e6f36dc1a6a&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 -, , ASN (),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

X-ServerName
Track003-iad
Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
async_usersync
ib.adnxs.com/ Frame CBB2 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e6856d1e-0c8e-4d52-8c6f-44f0d0e7a8d4
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame F935 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:36:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=69819
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9541
Expires
Sun, 17 Apr 2022 03:59:40 GMT
dds
rtb.openx.net/sync/ Frame FFA6 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 -, , ASN (),
Reverse DNS
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:01 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
sb38o0jeslmv154o1ojeo9t2si7no250
8925e7ca-9c5e-e6e9-ed9e-bb0da5deaac4
pr-bh.ybp.yahoo.com/sync/openx/ Frame FFA6 		43 B
993 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/8925e7ca-9c5e-e6e9-ed9e-bb0da5deaac4?gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:cf48:bf87:67aa:ca6e Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
eu-u.openx.net/w/1.0/ Frame FFA6
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BJQHhMZw1NFDUu5
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BJQHhMZw1NFDUu5
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:01 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0ae965e2f8a6b4310@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BJQHhMZw1NFDUu5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame FFA6
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=CGfZPpRTRxZI5Dd_Ytu5J7nVm6I&user_group=1&ssp=openx
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=fabb218b-ac7f-418a-b90c-d25cf822c632&gdpr=&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=fabb218b-ac7f-418a-b90c-d25cf822c632&gdpr=&gdpr_consent=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//us-u.openx.net/w/1.0/sd?id=537072968&val=fabb218b-ac7f-418a-b90c-d25cf822c632&gdpr=&gdpr_consent=
Date
Sat, 16 Apr 2022 08:36:02 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sd
eu-u.openx.net/w/1.0/ Frame FFA6
Redirect Chain
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8360310439731899993
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8360310439731899993
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
1e1c5d76-88ce-48d0-9a3b-4e07d8a4a208
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8360310439731899993
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
redir
rtb-csync.smartadserver.com/ Frame FFA6
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ox
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDWjFFN0V0UUFBQUNHTkdOY2UyUQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACZ1E7EtQAAACGNGNce2Q&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACZ1E7EtQAAACGNGNce2Q&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AACZ1E7EtQAAACGNGNce2Q&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
HTTP/1.1
Server
185.86.137.133 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:01 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
13926
g2.gumgum.com/usync/ Frame DE99 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
af6eda338f046f0579e4b178e1802a993d95b8460d13320d70741a35629526f3

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Sat, 16 Apr 2022 08:36:02 GMT
etag
W/"0fcd84d20be0ba28b6c0e985eb9339531"
server
nginx
timing-allow-origin
*
ps
pixel.33across.com/ Frame C87B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 -, , ASN (),
Reverse DNS
Software
33XP004 /
Resource Hash

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Sat, 16 Apr 2022 08:36:01 GMT
server
33XP004
x-33x-status
2000208
/
onetag-sys.com/usync/ Frame 9200 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame 5FF7 		774 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.108 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
96e54cacc6e16eba7016e16b01f959032f44917d00f4f73f32dfd34d71835587

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
774
content-type
text/html
date
Sat, 16 Apr 2022 08:36:01 GMT
usermatch
ssum-sec.casalemedia.com/ Frame F2BB
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
edc0d03a8b8ec4836b613bacd56253e951ed407c8be0d245b02f7805cfaf0598

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1466
Content-Type
text/html
Date
Sat, 16 Apr 2022 08:36:02 GMT
Dropped-Udsids
241|45|230|39|5|105|176|130
Expires
Sat, 16 Apr 2022 08:36:02 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync

Redirect headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Date
Sat, 16 Apr 2022 08:36:02 GMT
Expires
Sat, 16 Apr 2022 08:36:02 GMT
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
sync
ads.servenobid.com/ Frame ECBB
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=8360310439731899993
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=8360310439731899993
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
7d8eea5f-c293-4d2f-9856-e1bdd0d60b88
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=8360310439731899993
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame ECBB
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ads.servenobid.com/sync?pid=310&uid=83f930727f2221cb25061fe4
0
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=83f930727f2221cb25061fe4
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=83f930727f2221cb25061fe4
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame ECBB 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sat, 16 Apr 2022 08:36:02 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
sync
ads.servenobid.com/ Frame ECBB
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1650098162472
  • https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
0
336 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
sync
ads.servenobid.com/ Frame ECBB
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5133329520973415817
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5133329520973415817
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5133329520973415817
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame ECBB 		0
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 -, , ASN (),
Reverse DNS
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/ Frame ECBB
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=8b4a4ccb-9728-4495-ab9d-6c8a6fa99861&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=8b4a4ccb-9728-4495-ab9d-6c8a6fa99861&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=8b4a4ccb-9728-4495-ab9d-6c8a6fa99861&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Sat, 16 Apr 2022 08:36:01 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame ECBB
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-wjiLFH5E2uEFAm_N911NJ5H6MnTVScNvO0DFZR4-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-wjiLFH5E2uEFAm_N911NJ5H6MnTVScNvO0DFZR4-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-wjiLFH5E2uEFAm_N911NJ5H6MnTVScNvO0DFZR4-~A
date
Sat, 16 Apr 2022 08:36:02 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
ecm3
aax-eu.amazon-adsystem.com/s/ Frame F935
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Vfl9rY_EQ7CQCXCy_Fq-Mg&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vfl9rY_EQ7CQCXCy_Fq-Mg
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vfl9rY_EQ7CQCXCy_Fq-Mg
Protocol
HTTP/1.1
Server
52.94.223.167 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
928NVCHHPF52EC2R1AYG
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vfl9rY_EQ7CQCXCy_Fq-Mg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame F935
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGUwNjRkMTVhN2I2MmZjMGY4M2IwZmJmZDkxNmY3YzJiM2ZiMjRiNA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGUwNjRkMTVhN2I2MmZjMGY4M2IwZmJmZDkxNmY3YzJiM2ZiMjRiNA
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGUwNjRkMTVhN2I2MmZjMGY4M2IwZmJmZDkxNmY3YzJiM2ZiMjRiNA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame F935 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
setuid
px.ads.linkedin.com/ Frame F935
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L21LU625-1L-1CLF
0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L21LU625-1L-1CLF
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 8996603D6E2E4044979A4FF610F698BC Ref B: FRAEDGE1119 Ref C: 2022-04-16T08:36:02Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXcwWrS6vw3j+n2HIy/LA==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L21LU625-1L-1CLF
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame F935
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L21LU625-1L-1CLF&sigv=1&esig=2~65a61e7985df12d0a4968619bc4fc1211968dde4
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L21LU625-1L-1CLF&sigv=1&esig=2~65a61e7985df12d0a4968619bc4fc1211968dde4
Protocol
H2
Server
2a00:1288:80:807::2 -, , ASN (),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L21LU625-1L-1CLF&sigv=1&esig=2~65a61e7985df12d0a4968619bc4fc1211968dde4
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame F935
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEE5-WJ7Grur_2rnf2d67wZk&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEE5-WJ7Grur_2rnf2d67wZk&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.139 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
611afce88997db6fdd35eb213e662871
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEE5-WJ7Grur_2rnf2d67wZk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F935
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDIxTFU2MjUtMUwtMUNMRg==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDIxTFU2MjUtMUwtMUNMRg==
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDIxTFU2MjUtMUwtMUNMRg==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame F935
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=jOpEnSYbQYmaFHVEdiw-8Q&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=jOpEnSYbQYmaFHVEdiw-8Q
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=jOpEnSYbQYmaFHVEdiw-8Q
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TW14NFWD9SMV984HJ8X3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=jOpEnSYbQYmaFHVEdiw-8Q
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cta2.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/cta2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
159ebfcc5f37ffb30a47afb3153e5f212fffd3e97cf7f528aecd64f2b98ec4c6
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-69b"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
1691
yellowtext.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/yellowtext.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8d5fe75e8a407f0b393631c93b8a9133e5e990328f983e9127dac830045b88a8
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:18 GMT
server
nginx
etag
"622b256e-396e"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
14702
t.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/t.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
df3ee6542919d7fa834f7a7c879fa5d099b3cbc12cee89b6d05016f76d2c6b97
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:18 GMT
server
nginx
etag
"622b256e-ea5"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
3749
badges.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/badges.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
32fd7d3af8cc39cd251f3b88469a44f5e778307f532e8810376ea503add096dc
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-1499"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5273
text.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/text.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
7502e034f95191b9c0cb8b3e31e342e54ac473e702dd98d0cf3323cb69d3a7f1
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-171b"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5915
logo2.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/logo2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bb677d7657006fb57417c73ef3da95da5ba9449790f75fb82a2f11afb18cdefb
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-b72"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
2930
pic.jpg
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/pic.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
d5bac6b1a58aeab9067f62cf2f2fec237f301ad008889d6cd28320b0d15be865
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:18 GMT
server
nginx
etag
"622b256e-8395"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
33685
logo1.png
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/logo1.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
35861a24167aa45139a124bb7979a78897393977570c8aa01b26f568b85a4eb6
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-113d"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
4413
bg.jpg
s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/ Frame 6442 		67 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999324/bvpath_258/bg.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
5aaf2d66dc4f809d840f93c7908e786cef7ba11e296732a7e751d0e8d659992b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-10b66"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
68454
cta2.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/cta2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
96314d02d76191e51edcab9bc6aaf688309d74d5c85b89cd694eba351029a400
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:20 GMT
server
nginx
etag
"622b2570-1788"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
6024
yellowtext.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/yellowtext.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0f3fd0ed90baa4ff0c2a2d85c05154a32a9e8cb1d5e3d254dfde552f1dfc18df
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:20 GMT
server
nginx
etag
"622b2570-360a"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
13834
t.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/t.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
36b61b0bf0a254bae70f1fa3b46ad701c826505cfb3218cbb6f44d79c282ca03
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:17 GMT
server
nginx
etag
"622b256d-2588"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
9608
badges.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/badges.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8fb6affc01bf27eadca684fb07fa0229dad3fa641b355fb344da2313c228c783
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-3287"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
12935
text_1.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/text_1.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
cd4546cfc562b8dfb834b74e46ccd0f78bf0ab7ee91ff7dc715c4e0208cb640c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:21 GMT
server
nginx
etag
"622b2571-186b"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
6251
logo2.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/logo2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
44f6695c51586cc0b4a547993c48a26f782854827d7def03baae806268fd2596
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:17 GMT
server
nginx
etag
"622b256d-2441"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
9281
pic.jpg
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/pic.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a269d42d95b2870e7d8f4d657ea60cfa7f726b0e0987a4e2aab7d4ba0706eec2
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:20 GMT
server
nginx
etag
"622b2570-ca2c"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
51756
logo1.png
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/logo1.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
27847522718bbb814ccec374aa507bdf1777a98b2bf451ad33b23c4ce0c5ef69
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:20 GMT
server
nginx
etag
"622b2570-371a"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
14106
bg.jpg
s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/ Frame EDB7 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/10999322/bvpath_258/bg.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
43265755803fb71a6973a294e82d49478ef21ff36848b47535c2da61413de767
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900018.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
last-modified
Fri, 11 Mar 2022 10:33:17 GMT
server
nginx
etag
"622b256d-15ad"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
5549
st
capi-tier-2-us-east-2.connatix.com/tr/ Frame 0AF4 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/st?v=158870
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.223.222.71 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-222-71.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sync
ads.servenobid.com/ Frame 5FF7 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=4861650731656054009&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame 5FF7
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=780fbc4a-9e88-4425-8453-b99ffbd2bba6&gdpr_consent=null&gdpr=0
43 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=780fbc4a-9e88-4425-8453-b99ffbd2bba6&gdpr_consent=null&gdpr=0
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.133 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=780fbc4a-9e88-4425-8453-b99ffbd2bba6&gdpr_consent=null&gdpr=0
date
Sat, 16 Apr 2022 08:36:02 GMT
server
_
content-length
0
redir
rtb-csync.smartadserver.com/ Frame 5FF7
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&gdpr=0
43 B
412 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&gdpr=0
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.133 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACZ1E7EtQAAACGNGNce2Q&gdpr=0
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
/
rtb-csync.smartadserver.com/redir/ Frame 5FF7
Redirect Chain
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1650098162499
  • https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.137.133 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:01 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
bsync
visitor.omnitagjs.com/visitor/ Frame 5FF7 		0
158 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.omnitagjs.com/visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.153 -, , ASN (),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
content-length
0
expires
0
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=8360310439731899993
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=8360310439731899993
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4ffc3166-c880-482d-b84d-93c322f664af
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=8360310439731899993
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
odr.mookie1.com/t/v2/ Frame DE99
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=fabb218b-ac7f-418a-b90c-d25cf822c632&ssp=gumgum2&gdpr=0&gdpr_consent=
43 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=fabb218b-ac7f-418a-b90c-d25cf822c632&ssp=gumgum2&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.98.67.61 -, , ASN (),
Reverse DNS
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=fabb218b-ac7f-418a-b90c-d25cf822c632&ssp=gumgum2&gdpr=0&gdpr_consent=
Date
Sat, 16 Apr 2022 08:36:02 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame DE99
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28670dPv8uFWpYds_yOjitZ98icx1yRCKz8rVN8FoHGDX_57K1LH8spuoMSo6QytXX%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7&obuid=ENC(670dPv8uFWpYds_yOjitZ98icx1yRCKz8rVN8FoHGDX_57K1LH8spuoMSo6QytXX)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
8.43.72.98 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6734403d2cb3625dc1fef1bbd4a17cf3
Content-Type
image/gif

Redirect headers

Location
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268
Date
Sat, 16 Apr 2022 08:36:03 GMT
X-TraceId
75d0864c24727ea897bd6604aca9ec16
Content-Length
0
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=eadf25fe-24e7-4cf6-bb32-bd1592d966cb
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=eadf25fe-24e7-4cf6-bb32-bd1592d966cb
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=eadf25fe-24e7-4cf6-bb32-bd1592d966cb
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-0867d93e-9453-4716-48e4-377f62dbb927$ip$185.213.155.162
Date
Sat, 16 Apr 2022 08:36:02 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-iYkVtYxE2pf7CY7yeSIaddaz7gRQVs_v5YOT~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-iYkVtYxE2pf7CY7yeSIaddaz7gRQVs_v5YOT~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Sat, 16 Apr 2022 08:36:02 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-iYkVtYxE2pf7CY7yeSIaddaz7gRQVs_v5YOT~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=3d723eed-bd60-11ec-aa48-bf8f7a8edf0b
Date
Sat, 16 Apr 2022 08:36:01 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
3fbddbc8-bd60-11ec-aa48-bf8f7a8edf0b
services
sync.technoratimedia.com/ Frame DE99 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
132.226.41.106 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
746696358
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame DE99 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 -, , ASN (),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0
server
b
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=JOqmMhj21NqjSC1omJhg&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2SSPOFWU22DKGIYU44LKKNBTC33NJJUGOJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JOqmMhj21NqjSC1omJhg&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JOqmMhj21NqjSC1omJhg&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JOqmMhj21NqjSC1omJhg&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame DE99
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=8e2623aa-7fe9-4d95-9f02-6a2ec5bb8f97
35 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=8e2623aa-7fe9-4d95-9f02-6a2ec5bb8f97
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.241.76.6 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:01 GMT
server
envoy
content-type
image/gif
cache-control
private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time
5
x-region
ireland
content-length
35
expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=8e2623aa-7fe9-4d95-9f02-6a2ec5bb8f97
date
Sat, 16 Apr 2022 08:36:02 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1650098162519
  • https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
usersync
rtb.gumgum.com/ Frame DE99
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=PzPoLl4EgO1W&ev=1&pid=558355
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=PzPoLl4EgO1W&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://rtb.gumgum.com/usersync?b=pln&i=PzPoLl4EgO1W&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-84dd458cf8-sbmp2
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame DE99 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.108 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0
sync
ads.servenobid.com/ Frame DE99 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_69692f80-2acc-4c0d-9981-2d58ba3f3cd7
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame 1647
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=3351625a-7fee-4a01-a967-ad4537ec0667&gdpr=0&gdpr_consent=
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=3351625a-7fee-4a01-a967-ad4537ec0667&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Sat, 16 Apr 2022 08:36:02 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Sat, 16 Apr 2022 08:36:02 GMT
Expires
Sat, 16 Apr 2022 08:36:01 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4335 2c68c00 master ord-pixel-x57 config:1.0.0
location
https://rtb.gumgum.com/usersync?b=mmh&i=3351625a-7fee-4a01-a967-ad4537ec0667&gdpr=0&gdpr_consent=
usersync
usersync.gumgum.com/ Frame E457
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=atm&i=Ylp-6wAAAIYq2AQA&gdpr=0&gdpr_consent=
35 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=Ylp-6wAAAIYq2AQA&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.6 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif
date
Sat, 16 Apr 2022 08:36:01 GMT
expires
0
pragma
no-cache
server
envoy
x-envoy-upstream-service-time
6
x-region
ireland

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Sat, 16 Apr 2022 08:36:02 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=Ylp-6wAAAIYq2AQA&gdpr=0&gdpr_consent=
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4071-HHN
x-timer
S1650098163.516128,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame 716C 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82OTY5MmY4MC0yYWNjLTRjMGQtOTk4MS0yZDU4YmEzZjNjZDc=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 08:36:02 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3636 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=129375
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 08:36:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 17 Apr 2022 20:32:17 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usersync
rtb.gumgum.com/ Frame DA3C
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=cdaba960-d978-4608-b0ff-587fb99b7e8b&t=1652690162
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=cdaba960-d978-4608-b0ff-587fb99b7e8b&t=1652690162
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Sat, 16 Apr 2022 08:36:02 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
private,no-cache, must-revalidate
content-length
209
content-type
text/html
date
Sat, 16 Apr 2022 08:36:02 GMT
location
https://rtb.gumgum.com/usersync?b=ttd&i=cdaba960-d978-4608-b0ff-587fb99b7e8b&t=1652690162
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usync.html
eus.rubiconproject.com/ Frame 1ECF
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:36:02 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Sat, 16 Apr 2022 08:36:02 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usersync
usersync.gumgum.com/ Frame B62C
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
  • https://cs.emxdgt.com/umcheck?apnxid=8360310439731899993&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
  • https://usersync.gumgum.com/usersync?b=emx&uid=8360310439731899993brt30101650098162586068f1
35 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=emx&uid=8360310439731899993brt30101650098162586068f1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.6 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif
date
Sat, 16 Apr 2022 08:36:01 GMT
expires
0
pragma
no-cache
server
envoy
x-envoy-upstream-service-time
0
x-region
ireland

Redirect headers

content-length
0
content-type
text/html
date
Sat, 16 Apr 2022 08:36:01 GMT
location
https://usersync.gumgum.com/usersync?b=emx&uid=8360310439731899993brt30101650098162586068f1
usersync
rtb.gumgum.com/ Frame 0BB5
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=Ylp-88Co5r8AAPjCInwAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=Ylp-88Co5r8AAPjCInwAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Sat, 16 Apr 2022 08:36:03 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Sat, 16 Apr 2022 08:36:03 GMT
Location
https://rtb.gumgum.com/usersync?b=sus&i=Ylp-88Co5r8AAPjCInwAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
1
X-SO-Cluster-ID
54
X-SO-HostName
a-ad40370.dc2p.scaleout.jp
X-SO-IP
185.213.155.162
X-SO-Key
Ylp-88Co5r8AAPjCInwAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":54,"gdpr":true,"ipv4":"0.0.0.0","key":"Ylp-88Co5r8AAPjCInwAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40370"}
X-SO-LB-Hostname
a-tgng40001.dc2p.scaleout.jp
X-SO-Upstream-ID
a-ad40370
usersync
rtb.gumgum.com/ Frame 3DFC
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=ijz7eT5R9A6qfnOgve48&pi=gumgum&tc=1
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=ijz7eT5R9A6qfnOgve48&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Sat, 16 Apr 2022 08:36:02 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Sat, 16 Apr 2022 08:36:02 GMT Sat, 16 Apr 2022 08:36:02 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=ijz7eT5R9A6qfnOgve48&pi=gumgum&tc=1
pragma
no-cache
usync.js
eus.rubiconproject.com/ Frame 1ECF 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:36:02 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=69818
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9541
Expires
Sun, 17 Apr 2022 03:59:40 GMT
dcm
s.amazon-adsystem.com/ Frame F2BB
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8MWTAQF5ZZ3N81HJ1VA2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
GMNMTFN9Y563KM6CAJ1R
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame F2BB
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Ylp-8gsbjIiJA7nNAGiTiQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEF2OdmhaH1AkKjQ7QORFDRg&google_cver=1&gdpr=1
43 B
1022 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEF2OdmhaH1AkKjQ7QORFDRg&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 16 Apr 2022 08:36:02 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEF2OdmhaH1AkKjQ7QORFDRg&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F2BB 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame F2BB 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 08:36:02 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ix
ad4m.at/ad/sim/ Frame F2BB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad4m.at/ad/sim/ix?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
crum
dsum-sec.casalemedia.com/ Frame F2BB
Redirect Chain
  • https://d.adroll.com/cm/index/ssp?gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
43 B
974 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 16 Apr 2022 08:36:02 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date
Sat, 16 Apr 2022 08:36:02 GMT
server
nginx/1.20.0
content-length
76
113
match.deepintent.com/usersync/ Frame F2BB 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 -, , ASN (),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0
server
b
crum
dsum-sec.casalemedia.com/ Frame F2BB
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACZ1E7EtQAAACGNGNce2Q&expiration=1651307762&gdpr=1
43 B
995 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACZ1E7EtQAAACGNGNce2Q&expiration=1651307762&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
HTTP/1.1
Server
104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-29-65.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 16 Apr 2022 08:36:02 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACZ1E7EtQAAACGNGNce2Q&expiration=1651307762&gdpr=1
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
sync
ads.servenobid.com/ Frame F2BB 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=Ylp_8gsbjIiJA7nNAGiTiQAABL8AAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.244.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-244-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
um
cs.emxdgt.com/ Frame 1768 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
content-type
text/html
date
Sat, 16 Apr 2022 08:36:01 GMT
usync.html
eus.rubiconproject.com/ Frame 46A1
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 16 Apr 2022 08:36:02 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Sat, 16 Apr 2022 08:36:02 GMT
location
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
server
AkamaiGHost
uc.html
go.sonobi.com/ Frame B91C 		43 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.148 -, , ASN (),
Reverse DNS
Software
sonobi-go /
Resource Hash
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, private
Content-Encoding
gzip
Content-Type
text/html
Date
Sat, 16 Apr 2022 08:36:02 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Server
sonobi-go
Tcn
Choice
Transfer-Encoding
chunked
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-10
X-Xss-Protection
0
cm
gift-connect-d.openx.net/w/1.0/ Frame C510 		0
83 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Sat, 16 Apr 2022 08:36:02 GMT
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2847 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=129375
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 08:36:02 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 17 Apr 2022 20:32:17 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
i.gif
e.serverbid.com/udb/9969/sync/ Frame B90B
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=8360310439731899993
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=8360310439731899993
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8dd76277-3ae8-4495-8d32-8e44b681d77e
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=8360310439731899993
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame B90B
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Ylp-8gsbjIiJA7nNAGiTiQAA%261215
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Ylp-8gsbjIiJA7nNAGiTiQAA%261215
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0

Redirect headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=Ylp-8gsbjIiJA7nNAGiTiQAA%261215
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
282
Expires
Sat, 16 Apr 2022 08:36:02 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame B90B
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=83f930727f2221cb25061fe4
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=83f930727f2221cb25061fe4
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0

Redirect headers

Date
Sat, 16 Apr 2022 08:36:02 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=83f930727f2221cb25061fe4
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
usa
sync.go.sonobi.com/ Frame B90B 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 -, , ASN (),
Reverse DNS
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame B90B
Redirect Chain
  • https://pixel.advertising.com/ups/56621/occ
  • https://pixel.advertising.com/ups/56621/occ?verify=true
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP3fd5f832-bd60-11ec-9b9e-02dcd461876a
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP3fd5f832-bd60-11ec-9b9e-02dcd461876a
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP3fd5f832-bd60-11ec-9b9e-02dcd461876a
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 08:36:02 GMT
content-length
0

Redirect headers

location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP3fd5f832-bd60-11ec-9b9e-02dcd461876a
date
Sat, 16 Apr 2022 08:36:02 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
us.gif
sync.go.sonobi.com/ Frame B90B
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
  • https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
49 B
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Server
178.162.133.149 -, , ASN (),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
cache-control
no-cache
content-length
0
56939
i6.liadm.com/s/ Frame B90B
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48&_li_chk=true&previous_uuid=06262493d6c34f0093d989d4290fb0a5
  • https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
43 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Server
2600:1f18:444a:4680:6bbe:49e:bc45:59 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:36:03 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
Date
Sat, 16 Apr 2022 08:36:03 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
usync.js
eus.rubiconproject.com/ Frame 46A1 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 16 Apr 2022 08:36:02 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=69818
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9541
Expires
Sun, 17 Apr 2022 03:59:40 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame 1ECF 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L21LU625-1L-1CLF
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
611afce88997db6fdd35eb213e662871
Content-Type
image/gif
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 46A1 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=L21LU625-1L-1CLF
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
8.43.72.98 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6734403d2cb3625dc1fef1bbd4a17cf3
Content-Type
image/gif
async_usersync
ib.adnxs.com/ Frame CBB2 		0
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 16 Apr 2022 08:36:02 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
9cf301b9-47d7-4f8b-b3be-7edb48b651fe
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Verdicts & Comments Add Verdict or Comment

420 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| gform string| gAMP_urlhost string| gAMP_urlpath string| gAMP_urlquery string| gAMP_contentid string| gAMP_category string| gAMP_contenttags number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug boolean| gTrackVisibility boolean| gLazyLoad boolean| gTrackPageVisibility number| k30SecondRefreshInterval number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| k999SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent object| gGDPR_NonTCFVendors string| gGDPR_publisherCountryCode string| gGDPR_logoURL string| gGDPR_privacyPolicyURL string| kAmazonPublisherID object| ad728x90ATF object| ad300x250ATF object| ad300x250ATF2 object| ad728x90ATFTAB object| ad728x90STICKY object| ad300x250ATFTAB object| ad300x250ATF2TAB object| ad320x50ATF object| ad300x250ATFM object| ad300x250ATF2M object| ad2x2skin object| adGoogleAdXInterstitial number| gBrowserWidth object| desktopAdUnits object| tabletAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount function| _0x2484c2 object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gIntersectionObserver object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gPrebidBidsBack object| googletag object| pbjs function| _0x47b6 boolean| gHasGDPRCMP object| gGDPRTCData function| amp_getBidsForAllChannels function| amp_dumpBids function| amp_dumpWins function| amp_dumpTable function| amp_getBestBids function| sendAdserverRequest function| _0x4815 function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| scheduleConsentUpdates function| sendBidRequests function| doSendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| attachCloseBoxSVG function| configureAdSlot function| getCookie object| apstag function| cnx function| $ function| jQuery object| gdprDynamicStrings object| gdprStrings object| kss object| sNew object| s0 object| dataLayer boolean| jQueryMigrateHelperHasSentDowngrade object| cnx_usr_storage object| I5R7aZ2 function| I5R7aZ3 object| xop boolean| apstagLOADED object| FontAwesomeConfig object| ___FONT_AWESOME___ function| __tcfapi object| __cmpAPI object| __GVL object| __cmpTCModel function| __cmpOpenUI boolean| creativeVendorLibraryLoaded function| pbjsChunk object| _pbjsGlobals object| ADAGIO string| nobidVersion object| nobid object| MZ1D6o2 function| MZ1D6o3 function| xblocker function| __uspapi function| __uspOpenUI object| ggeac object| google_tag_data object| google_js_reporting_queue object| player_instance_97d321774c044e6c92679dcd0abec296 object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins object| A640Ps function| A640PB function| xblacklist object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| kasperskyDynamicaReCaptchaData object| jQuery1124016768404395517167 object| kaspersky object| prmOm object| omPlatformsSettings function| trackKLReferrer function| trackTrialSubmit function| trackFraud function| getFilename function| trackFile function| trackTrial function| trackTrialKMS function| trackPU function| trackPU2 function| trackDoc function| trackBeta function| trackDBUpdate function| trackDRFile function| trackLink function| trackCountrySelector function| trackLRC function| trackIPP function| trackPage function| trackLRCFallback function| trackMaxymiser function| trackAuditories function| trackCroSegment function| trackCta function| trackDownload function| trackEvent function| trackExit function| trackForm function| trackGoToPayment function| trackChangePaymentMethod function| trackLena function| trackMarketLincGroup function| trackMarketLincVisitor function| trackPageView function| trackPageViewOnLoad function| trackPartnerLocatorSearchEvent function| trackProductView function| trackRegistration function| trackSaleButton function| trackSignin function| trackSignIn function| trackUpsellPage function| omSetContext function| omSetOmnitureParameters function| omChooseCookieDomain function| omGetAbsoluteUrl function| omGetBusinessType function| omGetGoogleAnalyticsClientId function| omGetHostName function| omGetOrigin function| omGetPageNameFromPath function| omGetQueryParam function| omReadCookie function| omRemoveAllUrlParameters function| omRemoveAllUrlParametersForDownloads function| omRemoveUrlParameter function| omRemoveCookie function| omSafeParseJson function| omSetCookie function| omSetInp function| removeHashFromString function| omPushEventToDataLayer function| omCreateEventParamsObj function| omPushTrackingObjectToDataLayer function| omPrepareProductsString function| omHandleClick function| omHandleMessage function| e object| sng object| s object| visitorConfigObj function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in object| _uxa number| s_objectID number| s_giq object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp object| google_tag_manager function| postscribe object| google_tag_manager_external string| GoogleAnalyticsObject function| ga object| _qevents function| twq object| PublisherCommonId object| ID5 function| sprintf function| vsprintf object| gform_i18n object| gf_global object| gf_legacy_multi object| gf_legacy undefined| google_measure_js_timing function| cnxProxyTask function| gtag object| twttr function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| announceAJAXValidationErrors function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile object| _gformPriceFields undefined| _anyProductSelected function| gformIsHidden function| gformCalculateTotalPrice function| gformUpdateTotalFieldPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRoundPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformToggleShowPassword function| gformToggleCheckboxes function| gformToggleRadioOther function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformAdjustRowAttributes function| gformToggleIcons function| gformAddRepeaterItem function| gformDeleteRepeaterItem function| gformResetRepeaterAttributes function| gformToggleRepeaterButtons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| GFMergeTag function| GFCalc undefined| __gf_keyup_timeout function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gformReInitTinymceInstance function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar function| HandleUnsavedChanges function| renderRecaptcha function| gformIsRecaptchaPending object| gfMultiFileUploader undefined| __gf_timeout_handle function| gf_apply_rules function| gf_check_field_rule function| gf_get_field_logic function| gf_apply_field_rule function| gf_get_field_action function| gf_is_match function| gf_is_match_checkable function| gf_is_checkable_empty function| gf_is_match_default function| gf_format_number function| gf_try_convert_float function| gf_matches_operation function| gf_get_value function| gf_do_field_action function| gf_do_next_button_action function| gf_do_action function| gf_reset_to_default function| gf_is_hidden_pricing_input number| google_global_correlator object| gaplugins object| gaGlobal object| gaData object| Placeholders object| gf_form_conditional_logic string| gf_number_format function| do_callback object| recaptcha function| onYouTubeIframeAPIReady object| closure_lm_620418 object| sas object| apntag object| _ADAGIO string| main_loc object| in_domain object| locale_out undefined| url_path_start_latam undefined| locale_out_latam string| firstPart undefined| locale object| url_path_start undefined| domain_loc function| getSelector function| getLargestLayoutShiftEntry function| getLargestLayoutShiftSource function| wasFIDBeforeDCL function| getDebugInfo function| getRating function| calculateRating function| sendToDataLayer function| SetCookie string| newCookieValue string| _linkedin_data_partner_id function| lintrk boolean| _already_called_lintrk object| webVitals number| google_unique_id object| s_i_kaspersky-single-suite object| GoogleGcLKhOms boolean| DFPSFMessageEnabled object| ONFOCUS object| ampInaboxIframes object| ampInaboxPendingMessages number| _tlTagsPending object| google_image_requests function| cnxAddEventListener

76 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgAIQnJKPjIMwCgoIgQIQjvWOjIMwCgoIggIQnJKPjIMwCgoIhwIQjvWOjIMwCgkICRCO9Y6MgzAKCQhJELj1joyDMAoJCAsQjvWOjIMwCgoIjAIQjvWOjIMwCgoIjgEQuPWOjIMwCgoIzgEQuPWOjIMwCgoIjwIQnJKPjIMwCgoIkQIQuPWOjIMwCgoIkgIQuPWOjIMwCgoIlAIQuPWOjIMwCgoI1gEQuPWOjIMwCgoIlgIQnJKPjIMwCgkIGxC49Y6MgzAKCgjeARCcko-MgzAKCQhfEI71joyDMAoJCB8QuPWOjIMwCgoIoQEQjvWOjIMwCgoI4gEQjvWOjIMwCgoIogIQnJKPjIMwCgoI4wEQnJKPjIMwCgoI5gEQjvWOjIMwCgoI5wEQnJKPjIMwCgkIcxCcko-MgzAKCQg5ELj1joyDMAoJCDoQjvWOjIMwCgoI_wEQnJKPjIMw
.threatpost.com/ Name: _cs_mk
Value: 0.44452350457909007_1650098155564
.demdex.net/ Name: demdex
Value: 73868497542728440871343779965848463154
.threatpost.com/ Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Ylp-6wAAAIYq2AQA
threatpost.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.threatpost.com/ Name: _gid
Value: GA1.2.1798834588.1650098156
.threatpost.com/ Name: _gat_UA-35676203-21
Value: 1
.dpm.demdex.net/ Name: dpm
Value: 73868497542728440871343779965848463154
.threatpost.com/ Name: _pubcid
Value: ce4ebed7-a575-4b57-869f-65103eae5470
.twitter.com/ Name: personalization_id
Value: "v1_D4J0OPx23TaqbxQUUrQ1fg=="
.t.co/ Name: muc_ads
Value: 5109a639-a704-4c01-ba30-55ad16741d05
.openx.net/ Name: i
Value: ce4ebed7-a575-4b57-869f-65103eae5470|1650098156
.quantserve.com/ Name: mc
Value: 625a7fec-32900-faaa3-6c2cc
.adnxs.com/ Name: icu
Value: ChgIzLJhEAoYAiACKAIw7P_pkgY4AkACSAIQ7P_pkgYYAQ..
.adnxs.com/ Name: uuid2
Value: 8360310439731899993
prebid.a-mo.net/ Name: __amc
Value: 1_1650098156_1650098156
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/ Name: ljt_reader
Value: 83f930727f2221cb25061fe4
.threatpost.com/ Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19099%7CMCMID%7C75552733648771418692088814172376303976%7CMCAAMLH-1650702955%7C6%7CMCAAMB-1650702955%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1650105355s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19106%7CvVersion%7C4.4.0
.rubiconproject.com/ Name: khaos
Value: L21LU625-1L-1CLF
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB0Q8VBpyL8Znj5APvdogVCbaTd6KyMQnau0RTcz8e+19U7zbRomxXVnb05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.threatpost.com/ Name: __qca
Value: P0-2018618797-1650098156179
e.serverbid.com/ Name: azk
Value: ue1-sb1-18cc14d0-e151-43dc-a205-84e672fe2d48
.threatpost.com/ Name: _gat_UA-63997723-2
Value: 1
threatpost.com/ Name: CookieConsent
Value: {stamp:969061560=='|Cnecessary:true|Cpreferences:true|Cstatistics:true|Cmarketing:true|Cver:1|Cutc:1733653945|Cregion:'not_gdpr'}
threatpost.com/ Name: usprivacy
Value: 1---
.threatpost.com/ Name: _gcl_au
Value: 1.1.1990330182.1650098157
.linkedin.com/ Name: UserMatchHistory
Value: AQKjDLfq0RcVfQAAAYAxg7TDNk7HpOoko0MHJTzmNO-ul-5qekpx6Z7Gcg3oZ_Qxv4rzc66BPvyeKQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLwHo18EM329wAAAYAxg7TDNefw4RS-BE9eD7azWEgrWeFmtTtx95kctqk5e8-rhBEL7DZSvElvBs2mAzgpow
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&c3f698d3-5726-45f2-8aac-407ff752afe1"
.linkedin.com/ Name: lidc
Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2647:u=1:x=1:i=1650098156:t=1650184556:v=2:sig=AQHdVZ-nWxX8dyuJCdggRXf1oE6WYCZk"
.threatpost.com/ Name: _ga_YP1JLG57CH
Value: GS1.1.1650098156.1.0.1650098156.0
.threatpost.com/ Name: _ga
Value: GA1.1.1797681163.1650098156
.threatpost.com/ Name: s_cc
Value: true
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&2022041608355626a7e207-23b4-4a75-867d-3c2b67356660AQEtqbMQ8wm4Bol-9Y9j7m-iKkNSZF2b"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTAwOTgxNTY7MjswMjHvRKwkYxVVzE2ZvX14grTbP1PMQKOh2j8ZbFPoqt7VxQ==
.threatpost.com/ Name: __gads
Value: ID=8bf9568bf74f864c-2291ac0878cd001f:T=1650098157:S=ALNI_MZVeEn37h3mMaazqM04GMwNze2g5w
.doubleclick.net/ Name: IDE
Value: AHWqTUlto8L21XnR0_NwdZAQcWtC8bgzifAP-3gpzyHSJmAY_pvcRAyV4vTzvU8BisE
.3lift.com/ Name: tluid
Value: 3569774413370964166579
.adnxs.com/ Name: anj
Value: dTM7k!M4/YDunaTF']wIg2E?dx8l*B!]tbP6j2F-.aDE7BAf@@gm4JmigR[we9i2mlvdDce9heTjH-x`mBem-kLd?p*g0D(ViYrs
.adnxs.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJ0cmlwbGVsaWZ0X25hdGl2ZSI6eyJ1aWQiOiIzNTY5Nzc0NDEzMzcwOTY0MTY2NTc5IiwiZXhwaXJlcyI6IjIwMjItMDctMTVUMDg6MzU6NThaIn19LCJiaXJ0aGRheSI6IjIwMjItMDQtMTZUMDg6MzU6NThaIn0=
.bing.com/ Name: MUID
Value: 0971422789B2613E3E5153AF88D96024
.bidswitch.net/ Name: tuuid
Value: fabb218b-ac7f-418a-b90c-d25cf822c632
.bidswitch.net/ Name: c
Value: 1650098158
.bidswitch.net/ Name: tuuid_lu
Value: 1650098158
.turn.com/ Name: uid
Value: 3544401046829132356
.adsrvr.org/ Name: TDID
Value: cdaba960-d978-4608-b0ff-587fb99b7e8b
.yahoo.com/ Name: A3
Value: d=AQABBO5_WmICEBzCcrXdnq40KJ6BFIFWGBoFEgEBAQHRW2JkYgAAAAAA_eMAAA&S=AQAAAiDTdSK17JW_kXzEQW8Kecc
.adsrvr.org/ Name: TDCPM
Value: CAESFgoHc3Z4OXQ1MBILCIyJ2JzF4886EAUYBSABKAIyCwjm8vPJ2-PPOhAFOAE.
.bidr.io/ Name: bito
Value: AACZ1E7EtQAAACGNGNce2Q
.bidr.io/ Name: bitoIsSecure
Value: ok
ads.avct.cloud/ Name: uuid
Value: 9f267c56-43bd-49b0-aea6-e295832fefda
.mfadsrvr.com/ Name: tuuid
Value: d42b9a20-2748-4ef5-8d25-34667be62855
.mfadsrvr.com/ Name: c
Value: 1650098158
.mfadsrvr.com/ Name: tuuid_lu
Value: 1650098158
.mfadsrvr.com/ Name: ssh
Value: !triplelift,1650098158
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-0867d93e-9453-4716-48e4-377f62dbb927.xa4c05XMB49WzsRSKW1ScQOVzm%2BcTc9c5E%2FYrotolzo
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3ACGfZPpRTRxZI5Dd_Ytu5J7nVm6I.Y8zM9wdivRZQMkl4f39KWWMOjG5PDZR%2B9CvEdYWLwZw
.ipredictive.com/ Name: cu
Value: 3d723eed-bd60-11ec-aa48-bf8f7a8edf0b|1650098158705
.amazon-adsystem.com/ Name: ad-id
Value: A-U8sXtTbklvpWKQ77ryaHI
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.mathtag.com/ Name: uuid
Value: 3351625a-7fee-4a01-a967-ad4537ec0667
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: 35b9442b7af0ff34
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 5548847042391361760
.adform.net/ Name: TPC
Value: 1650098159541
.threatpost.com/ Name: cto_bundle
Value: OBIhAF82UmFsTFdubUxIa3B4UlNUb3BLU2E4S2xDdVdxMSUyRlZCU3VNcmg4WjZJdm9QbkI5QU9RMHVDJTJGT2I1N3V3OFRhJTJGTGtKMExyRlBZZWZ2V1A5T2hwd2JXWU5mMCUyQlBFWDBwdms2MW55YVRSSk1VS3dkRm05akdvY2ZPMEl2NzBQVnV5
.threatpost.com/ Name: cto_bidid
Value: AXfy_l9sek91dU16SzdnUUNZSVZsZ1kyMnRYTmNlWFE4RDNBZ3ZkZUtLcmNrUmlqYzRXT1ZrQTgwVGRJc1ZiRjdWbVA2c0FGdFF5b0cyNVdianMyMDFSbVl4QSUzRCUzRA
.openx.net/ Name: pd
Value: v2|1650098159.2|kiiygevNgun0.gqsLommOnsgi
.quantserve.com/ Name: d
Value: EBMBEwH1JYqsMNre0gA
.w55c.net/ Name: wfivefivec
Value: BJQHhMZw1NFDUu5
.w55c.net/ Name: matchtriplelift
Value: 5
.w55c.net/ Name: matchopenx
Value: 5

25 Console Messages

Source Level URL
Text
network error URL: https://static.criteo.net/design/dt/58172/220415/5870089f3f90468da177506c701904b3_cpn_970x250_1.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://hal900018.redintelligence.net').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://hal900018.redintelligence.net').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

56c9c55f95e05f792e76bb9b22fc92bd.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ad4m.at
ads.avct.cloud
ads.eu.criteo.com
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cat.nl.eu.criteo.com
cd.connatix.com
cdn.id5-sync.com
cdnjs.cloudflare.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cms.quantserve.com
creativecdn.com
cs.emxdgt.com
csm.eu.criteo.net
csync.loopme.me
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
gum.criteo.com
hal9000.redintelligence.net
hal900018.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.3lift.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
imasdk.googleapis.com
img.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pix.eu.criteo.net
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.mathtag.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.fr.eu.criteo.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
s1.adform.net
sasinator.realestate.com.au
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
snap.licdn.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.hgrtb.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
tags.mathtag.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
triplelift-match.dotomi.com
u.openx.net
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
us.creativecdn.com
usersync.getpublica.com
usersync.gumgum.com
vid.connatix.com
visitor.omnitagjs.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
104.102.28.254
104.102.29.65
104.244.42.197
104.244.42.67
104.89.31.187
104.92.100.195
104.92.72.137
104.92.74.8
108.128.72.205
108.156.255.177
13.107.42.14
13.248.245.213
13.36.218.177
132.226.41.106
134.209.129.254
138.201.63.149
142.250.186.130
142.250.186.34
142.250.186.70
143.204.202.123
144.76.91.199
147.75.38.124
151.101.129.108
151.101.130.137
151.101.130.49
151.101.194.137
169.197.150.7
178.128.135.80
178.162.133.148
178.162.133.149
178.250.0.162
178.250.2.135
178.250.2.146
178.250.2.148
18.158.84.255
18.184.64.118
18.193.145.56
18.193.253.159
18.194.10.133
18.195.155.181
18.223.222.71
185.184.10.30
185.184.8.90
185.255.84.153
185.33.221.13
185.33.221.87
185.64.189.110
185.64.189.112
185.85.15.23
185.86.137.108
185.86.137.133
192.132.33.46
193.0.160.128
198.148.27.140
199.232.188.157
2001:678:cb4:bbbb::11
202.241.208.53
205.185.216.10
209.54.180.3
213.19.147.42
213.19.147.45
216.200.232.253
216.52.2.19
23.205.235.133
23.35.228.210
23.88.75.189
2600:1f18:444a:4680:6bbe:49e:bc45:59
2600:9000:206f:600:6:44e3:f8c0:93a1
2600:9000:214f:9e00:0:5c46:4f40:93a1
2600:9000:2315:5600:2:9275:3d40:93a1
2602:803:c004:200::143
2606:4700:20::681a:8a9
2606:4700:20::681a:ad1
2606:4700:3030::ac43:cf70
2606:4700::6810:7daf
2606:4700::6811:190e
2606:4700::6812:372
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:1ec:21::14
2620:1ec:46::45
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2006
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:812::2003
2a00:1450:4001:812::200a
2a00:1450:4001:813::200a
2a00:1450:4001:827::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2004
2a00:1450:400c:c0b::9a
2a02:2638:1::4
2a02:2638::1c
2a02:2638::2
2a02:2638::3
2a02:26f0:ef::5c7b:c25a
2a02:fa8:8806:16::1370
2a05:d018:d29:3601:cf48:bf87:67aa:ca6e
3.122.208.3
3.126.56.137
3.218.231.183
34.200.203.167
34.240.59.138
34.241.76.6
34.98.64.218
34.98.67.61
35.157.246.167
35.173.160.135
35.186.253.211
35.244.174.68
35.71.131.137
37.157.4.29
37.157.5.73
37.157.6.252
44.200.208.73
46.105.202.126
51.89.21.8
51.89.9.252
52.17.2.116
52.49.126.217
52.50.60.18
52.86.49.126
52.94.223.167
54.154.244.32
54.159.94.231
54.170.158.38
54.194.18.46
54.66.168.86
54.75.68.230
64.140.160.2
64.202.112.159
65.9.7.86
66.155.71.25
67.202.105.24
69.173.144.138
69.173.144.139
70.42.32.159
72.251.249.9
74.121.143.246
8.43.72.98
00aafc144c43d5e4c29bb64e0a63d757414a1624dcb9428ca26314ec50eecb28
0110a6e4d589bcbdacb5f52fce50bb67bf65d2316469adc080a59897f3e44e7a
036b61e6b5f8ccedeb8c12de2d0aa066ed0129599e1c5907eec34c30f9949c49
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
04b54f057a4576212021f7954ba8b067e3214f04cfa1116300d2e3079d9906d7
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06a793927feca2f42aa3fcd56a2af58ae8314adb1229088c722e04de7add4b02
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
07aa23f1921ceaa1b1691dcad88c848435325b951fcd5e0f29e27496a80cce8e
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0968606634e57496f01b50fac7a6f996ed210b39eeb3ceb47ff504f03d85daa9
0a628086981f0dc7fc8c9eee0ef1096874c75c8b0275335c8a24fc99633bc027
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0bf9c5aa79c391d8c058e342b9510d1341ed5e4b750a7767568c012f3d667f9c
0bfa346d7611b406e1c95c3ae1c7bd1a9a7c5340a7a197842f0005f7380546be
0c1dac07d5320fcab30e974fef7d432f3944f529b928c7a0df1b56133e81f21a
0c74419e28e8a390517789839cc898b379d1ac980cc75100c9e9ac42617a8541
0d8869d84962b393799fec91b2ea9b19610907a444f82a02f3ce0116d29a7e2c
0f3fd0ed90baa4ff0c2a2d85c05154a32a9e8cb1d5e3d254dfde552f1dfc18df
12dc325bbc5a632bfc308051b035cea8f4a8f4caeac922c896354446398cd882
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
155e83f6818321fc885180acb03ae7e04ebef5de34a4980ca90c62aacf4ace73
159ebfcc5f37ffb30a47afb3153e5f212fffd3e97cf7f528aecd64f2b98ec4c6
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d
1f745160d3a4d10e65d3bec72d44435bbea540e4398167995b3b88f30bb132da
219f3ba8ea938e8f531e190d5e0b3d3fabec6f2cf765b85ac11b2eef4c93675d
2234f26d6e0fb2960f54e26f79953b9b3e957c44eaf0dc6e622e9996e682d8fd
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
24565ad74894f2c69f146774a8580a528142847de40e88710b1e9fa70a78a156
2565a3c9e6ce572244756112bb146e57568e4e934718b8a2c0d95d31e8bfb199
2767df6736abef725fe8b1e39307f402dc27a7c8341f9354a8c1b883dcc563dc
27847522718bbb814ccec374aa507bdf1777a98b2bf451ad33b23c4ce0c5ef69
2936330cd46e98181cdbde407d3ecbe097b9b291d6259d7c78d545381126bfb8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
32fd7d3af8cc39cd251f3b88469a44f5e778307f532e8810376ea503add096dc
342605b22799d82793e47b7fa2eeeb339ca47d41cb07fd7598a2b980890aeb69
35861a24167aa45139a124bb7979a78897393977570c8aa01b26f568b85a4eb6
367efe36fb18b5432c84e6848d5b40f0b97af61c2db17edecd36d27816ecdbf9
36b61b0bf0a254bae70f1fa3b46ad701c826505cfb3218cbb6f44d79c282ca03
3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
38405bad729c4e15a084cfaceadc92d575a3c4d7d37e9c40ff4550861b1ef455
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e9eefb59277748bb91f68907a4ddbc3d5ff18307fb8af50285f925427145afd
3f69aa3a3561b921a4d84ac2778cceab67241b021c055a04338dffbb172a1db9
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41b3f13650df6ad8c9b57f97400941950670a85cf7b0d9029f9025a599db7aee
41e10243ef36e5dcb16f6be77746c3bac6c16c94ad27b827c1d15cde773d51fb
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
420bce394b49bb01fc2f82089d5b3793b6a9ae2d53e60b08dd9a2d532eb0a7a3
43265755803fb71a6973a294e82d49478ef21ff36848b47535c2da61413de767
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44f6695c51586cc0b4a547993c48a26f782854827d7def03baae806268fd2596
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
467a2cd5ed135cb8eb65567637979c6519d6b41e3f5d93375c81a66d18f8651d
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bfeda82d8f8d941eabd86272cc40ec4d77d285e61035e04778303a1f00fba2f
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4dd6a1f730784865345ee2d651995e0230eea7ab450aa74e7e32037032258761
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
4f54e77ab88cca0fd0a3af9541749786583e63015054e4233a33dfdce6a03c7a
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
5131eb1462038f07e5dc58040cba8969a88eb0beb8b7e61933469bf0a265b62e
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
52cac1193a3683e35353723a38e01a9bcc0c5f9bf2be42d29c96905527c7923d
535c557112afbad375ff58eae51abfdf33da5bfb31ee61566f618490e5260697
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56e56345d064e91c9c4d9c776fe8f808a8756ab983255eeca4cdbff243a0f21f
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5aaf2d66dc4f809d840f93c7908e786cef7ba11e296732a7e751d0e8d659992b
5ce50e5b6152a1061b5f4ebf63df50bcdb10e77ee99d16cb6563f8b694aa4800
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
635fc3642d77c0ffc3368165582c4d03124eff007d5f58f6beca929f7785904a
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
68192768a821bf219008fa53520e8dde0f2b24ee3bb98af0b4ae764f4c39e73b
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6a5986b74741befd7ff20b506e4d282de81c53623d27a6e840c9f15948fb18db
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6e3c200db8d6aa0d7fbe2928105b7462b90f1f8f0d0a4a76542232a69f3db526
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
6f3ca547ee4e33217b1ba6cd01083f325f6aef3427d3ccd84398e396a8a2688e
7074cb3fadd5faa68093bdff82e7c3d0fdc28e455b9b27735d180db690115da9
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
70ea08a8009dbfe0adb0fd0aa9daa492a615b900634fdc05e91125971dc16c61
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
71694d8ed80c586236db505697b3e29535c6bcefbb7b1ce3880e5c4bd5349227
71ea16faa5f8c07405435763484bd6597c6b7c9e2bae4aaefad26e8d2dd9c23e
726c158c620b166f015fd694cca30ac24abd16054ad7bc7c21b87288c37bebf1
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
74536e40801257d0012af449232b65f8a948d0f2066016a7b9c82849f5c58b97
7502e034f95191b9c0cb8b3e31e342e54ac473e702dd98d0cf3323cb69d3a7f1
7791f55a96697fc33a2b0c216f05bd7e195de9a41580d4c65b5e20c3d4e4251c
793c1fa20d428c9cc9f0af0179d9de217c124f5d19d31c6b36878ba793bbacd2
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681
7af817561503f0d47c43e0dce714162d9ce7dd2cef82efc5fd37e8a5a08d5f73
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7fc6e2e09d4301ef1ff984079279e7106ab4c2f73b89781a866c73b51d7f3251
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
80f91a29c82d5fde195df816681bb4c5d702bb683688db356b9c3ea26277251d
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
888e1d6b87f7dddfe8cef180a9371668d144834aff03916fbbfb663e9e548f29
8933a873c4fdfb4430d747dd3819e92352607a80cfe14a648a19d89ae394d764
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d5fe75e8a407f0b393631c93b8a9133e5e990328f983e9127dac830045b88a8
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
8fb6affc01bf27eadca684fb07fa0229dad3fa641b355fb344da2313c228c783
9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
949ce08c8b86d6d986c1dd7043588e95515b6cd7f799575317d19705543d500c
9577a12bbc79783cd6ba502d741b2cc737d4abafc7c887d01355b2636f756325
96314d02d76191e51edcab9bc6aaf688309d74d5c85b89cd694eba351029a400
96e54cacc6e16eba7016e16b01f959032f44917d00f4f73f32dfd34d71835587
97e30ed7d9fc7fbf9fc24ec44cf8e4b7dfab13821d00dcc476b2bdad053cbbc7
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
98ea9fa6d4b3f0d5589e686c9ed57fc3bd4e6ad5f89bdea1ffa5dd4b3467cabc
99b874c4939eaa83ab36ff4e0d2863ce2092cee1d35b09ae298ccfa996aa4c3f
99bdbe49c9f3b7cb7ae4ef1d9129ee31e47c6bc02925561ed831cc49f54f29cd
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0ccb12a401ab3a0a2e064c2e37a6607895b30adf49dc70f87e9747b352d26f4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1267fb5f954298273455537282a988283137c3ebeb9bef9f99d653a0a7ccd71
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a1f51498df355a283f64c074b908a09e8c2f8dbdbce6d805263c3ca350680fcf
a269d42d95b2870e7d8f4d657ea60cfa7f726b0e0987a4e2aab7d4ba0706eec2
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a305e296b3c2a3fba17a5f6b6394e00fecf59a31c26b94649ff8c37c7ba81539
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a456bf28a5123773ddbda9e5c9d4ac572ab1e11874353ad8cea7119f52ad3128
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad36227667a9446995367ef9c37da7f1a2a52cd4392c509b208d6e55b08ed0e6
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583
af6eda338f046f0579e4b178e1802a993d95b8460d13320d70741a35629526f3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b3600913fd354dfbb39a489a1559727616f4797a8748907c3c8b58c1b85e9c61
b3b3cb90a7ed89725522255170cc8b7a4b98d4f457ba4ebe222101e978d4ba15
b713c4d60db13b6748f0e57674ff4a364c1ee805223c52786c9ce2ea8d07a8fa
b75d93883f98f2266e7a06045a6b417c6bd27d187fce846aedd2dc02ebc55945
ba7191a02c744aa142257b09ca4a062062b2ecf19f5026de78d322ce4c81dac6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb677d7657006fb57417c73ef3da95da5ba9449790f75fb82a2f11afb18cdefb
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768
c842fa8019eafc4beae4bd989e2c486d3ecd7a407edb21804c35a1726a90fec7
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cbd89112d374e4faf23af4d9cb78221371834a829a152a06005aaf2e8c8282f4
cd3767c9daaaaf6b31ba6dd8821d1cf09594ffdddb05a60b81d960aa4e2f44e9
cd4546cfc562b8dfb834b74e46ccd0f78bf0ab7ee91ff7dc715c4e0208cb640c
cee8a91b121b56b386c7aa08d35fafaeef6dcf9376fbf2b74dc5a2ca06910a39
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d4ebd98a601019bccb9240ed20ecf6dd6c3c35c6fb48ed879ca8a8856595bda4
d5bac6b1a58aeab9067f62cf2f2fec237f301ad008889d6cd28320b0d15be865
d5f22152a8d53b87f4b24e340f7aeb31746f35ddfd4eda322e2adfba355282b0
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
ddc30e7e4d1bfa3161c4b6ecb34ab48de620162fb9a06434bfa2a92d632860a4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df3ee6542919d7fa834f7a7c879fa5d099b3cbc12cee89b6d05016f76d2c6b97
df6a34384c85f83a3ddaa87b952051f665680424f93312e412f0696a33304336
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e268152d0d18c09c5a0281df0453846a57a9cbbf74d53d71590f770f38015761
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e6dca68564933ce7425afe8aa112a0425af9aa15379fa5a1e206e8d7066ea4be
e83ff0916b6db59b1e99b7410f519b3564dd9d83e8814f5bae77284d0bdfe311
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
edc0d03a8b8ec4836b613bacd56253e951ed407c8be0d245b02f7805cfaf0598
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9726a329bab863c4a956d5c23b32ab54c220a4a185690ad9d92eb167b7a3c6
f0a4d16aad94ac27eb35c9707b8a74b3c383baaccac7d80fbd2822830c52cc18
f11c6031ca3c508bf2f56da52fb5799e93999cf6c35b5668333a09e8bb4eb67a
f1d6cc51d99789ae4d6b724de3328cbc5a37ae1412b724d6004f52e03fa54f58
f1f94a4158844638eb5b93c3a8413cfd9f2d732135632de4a4aef6995f560245
f21ec24e74243abd36015a27738230a37be7294681c3e12fc06edc3d3f761e29
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f55265270de9453566191c1964020f9f32a8af865fc7835516112af11878f851
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f8b0b39d9f8ab49977cfe084c90dd9bb60fa12cf4e9cfb01c765547f3da69763
fa3ebca2e1be6b7bb1dd9ed4f5c598c27cd08f2b286e44f62828ce21c09ae19e
fd13552b5ad4c9348e8774af6d882d25101464bd7b997c11e2a7f7db0cf8c9b7
fe026386fcd84fb3aad7ba6016aaa81846b4ab5782399b5de2100b84ec21bdc7