urlscan.io logo urlscan.io
SecurityTrails logo

www.aiupnow.com Open in urlscan Pro
2a00:1450:4001:812::2013  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Submission: On December 16 via api from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 91 IPs in 11 countries across 84 domains to perform 565 HTTP transactions. The main IP is 2a00:1450:4001:812::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is www.aiupnow.com.
TLS certificate: Issued by GTS CA 1D4 on December 2nd 2021. Valid for: 3 months.
This is the only time www.aiupnow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2.18.235.93 16625 (AKAMAI-AS)
11 151.139.128.11 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
21 2a00:1450:400... 15169 (GOOGLE)
21 172.66.41.9 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f00... 32934 (FACEBOOK)
4 2a00:1450:400... 15169 (GOOGLE)
1 184.73.100.94 14618 (AMAZON-AES)
10 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
37 2a00:1450:400... 15169 (GOOGLE)
2 199.232.196.134 54113 (FASTLY)
1 12 2a02:6b8::1:119 208722 (YNDX)
20 2a00:1450:400... 15169 (GOOGLE)
1 34.204.113.242 14618 (AMAZON-AES)
9 188.65.124.90 41690 (DAILYMOTI...)
26 2a03:2880:f10... 32934 (FACEBOOK)
1 2 2600:1901:1:c... 15169 (GOOGLE)
46 2606:4700:303... 13335 (CLOUDFLAR...)
20 2a00:1450:400... 15169 (GOOGLE)
1 107.20.147.136 14618 (AMAZON-AES)
1 142.250.185.66 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
16 2600:9000:215... 16509 (AMAZON-02)
8 151.101.128.134 54113 (FASTLY)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.66.42.247 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.231.31.218 14618 (AMAZON-AES)
1 67.202.105.33 32748 (STEADFAST)
2 7 2.18.234.21 16625 (AKAMAI-AS)
1 51.75.86.98 16276 (OVH)
6 6 185.64.190.79 62713 (AS-PUBMATIC)
4 4 142.250.185.194 15169 (GOOGLE)
2 2 185.64.189.110 62713 (AS-PUBMATIC)
2 2 198.47.127.20 3257 (GTT-BACKB...)
4 4 185.33.221.87 29990 (ASN-APPNEX)
1 34.98.64.218 15169 (GOOGLE)
3 3 18.156.0.31 16509 (AMAZON-02)
3 3 213.19.147.45 26120 (RHYTHMONE)
2 3 3.33.220.150 16509 (AMAZON-02)
1 1 64.202.112.159 23352 (SERVERCEN...)
1 178.162.133.149 60781 (LEASEWEB-...)
1 52.19.63.112 16509 (AMAZON-02)
1 174.137.133.49 27257 (WEBAIR-IN...)
2 2 3.120.70.243 16509 (AMAZON-02)
1 38.27.122.158 174 (COGENT-174)
2 2 216.52.2.39 29791 (VOXEL-DOT...)
1 1 193.0.160.129 54312 (ROCKETFUEL)
1 67.202.105.21 32748 (STEADFAST)
5 2a04:4e42:62:... 54113 (FASTLY)
1 104.16.138.31 13335 (CLOUDFLAR...)
1 217.20.147.3 47764 (MAILRU-AS...)
1 151.101.0.84 54113 (FASTLY)
1 151.101.129.140 54113 (FASTLY)
1 192.0.77.40 2635 (AUTOMATTIC)
1 87.240.190.67 47541 (VKONTAKTE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
18 178.79.242.16 22822 (LLNW)
6 2a00:1450:400... 15169 (GOOGLE)
16 188.65.124.59 41690 (DAILYMOTI...)
3 2a00:1450:400... 15169 (GOOGLE)
2 34.243.64.153 16509 (AMAZON-02)
1 34.120.195.249 15169 (GOOGLE)
1 71 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 2 209.54.180.3 16509 (AMAZON-02)
1 1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 2a05:d018:d29... 16509 (AMAZON-02)
2 2 18.194.149.16 16509 (AMAZON-02)
1 3.124.200.54 16509 (AMAZON-02)
1 141.193.213.20 209242 (CLOUDFLAR...)
17 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:2800:233... 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1288:80:... 203220 (YAHOO-DEB)
2 52.217.169.81 16509 (AMAZON-02)
11 143.204.101.204 16509 (AMAZON-02)
1 188.65.124.91 41690 (DAILYMOTI...)
3 2.16.186.115 20940 (AKAMAI-ASN1)
1 34.73.247.27 396982 (GOOGLE-PR...)
2 2 2a00:1450:400... 15169 (GOOGLE)
7 10 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 188.65.124.38 41690 (DAILYMOTI...)
2 199.212.255.245 25948 (FHMNET)
1 199.232.194.49 54113 (FASTLY)
2 199.232.192.134 54113 (FASTLY)
15 188.65.126.236 41690 (DAILYMOTI...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 151.101.194.137 54113 (FASTLY)
1 104.111.214.240 16625 (AKAMAI-AS)
1 162.247.243.147 13335 (CLOUDFLAR...)
565 91
12    2a00:1450:4001:812::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.aiupnow.com
5    2a00:1450:4001:802::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.blogger.com
resources.blogblog.com
1    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
11    151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)
cdn.shareaholic.net
m9m6e2w5.stackpathcdn.com
1    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
7    2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
4.bp.blogspot.com
1.bp.blogspot.com
yt3.ggpht.com
3.bp.blogspot.com
21    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.co.uk
21    172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
rt3009.infolinks.com
9    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
4    2a03:2880:f007:8:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    184.73.100.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-100-94.compute-1.amazonaws.com
www.shareaholic.net
10    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
37    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.co.uk
2    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
sigma2.disqus.com
12    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
mc.yandex.ru
20    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    34.204.113.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-113-242.compute-1.amazonaws.com
analytics.shareaholic.com
9    188.65.124.90 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: fp.dc3.dailymotion.com
www.dailymotion.com
graphql.api.dailymotion.com
26    2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
open.spotify.com
46    2606:4700:3035::6815:1ac5 (United States)

ASN13335 (CLOUDFLARENET, US)
snd.click
20    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
feeds.feedburner.com
1    107.20.147.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-147-136.compute-1.amazonaws.com
partner.shareaholic.com
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
partner.googleadservices.com
3    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
16    2600:9000:2156:0:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
c.disquscdn.com
8    151.101.128.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
9    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:80e::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)
rt3009.infolinks.com
1    2606:4700::6810:a10d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.viglink.com
1    34.231.31.218 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-31-218.compute-1.amazonaws.com
recs.shareaholic.com
1    67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net
de.tynt.com
7    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
1    51.75.86.98 (France)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu
onetag-sys.com
6    185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
4    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
cm.g.doubleclick.net
2    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image4.pubmatic.com
4    185.33.221.87 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
3    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    213.19.147.45 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
3    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    64.202.112.159 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
1    52.19.63.112 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-63-112.eu-west-1.compute.amazonaws.com
s.cpx.to
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
2    3.120.70.243 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-70-243.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    38.27.122.158 (United States)

ASN174 (COGENT-174, US)
match.bnmla.com
2    216.52.2.39 (United States)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
1    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
5    2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
i.scdn.co
1    104.16.138.31 (None, )

ASN13335 (CLOUDFLARENET, US)
api.bufferapp.com
1    217.20.147.3 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: ip3.147.odnoklassniki.ru
connect.ok.ru
1    151.101.0.84 (United States)

ASN54113 (FASTLY, US)
api.pinterest.com
1    151.101.129.140 (United States)

ASN54113 (FASTLY, US)
www.reddit.com
1    192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com
api.tumblr.com
1    87.240.190.67 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS vk.com, RU)
PTR: srv67-190-240-87.vk.com
vk.com
1    2606:4700::6812:1b47 (United States)

ASN13335 (CLOUDFLARENET, US)
www.yummly.com
18    178.79.242.16 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-16.fra.llnw.net
static1.dmcdn.net
vendorlist.dmcdn.net
6    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
16    188.65.124.59 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: ebed2.dm.gg
pebed.dm-event.net
3    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
2    34.243.64.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-64-153.eu-west-1.compute.amazonaws.com
api.viglink.com
1    34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o22381.ingest.sentry.io
71    2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
doc-14-1o-docs.googleusercontent.com
9    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
casale-match.dotomi.com
1    2a05:d018:d29:3602:76e9:6e08:1a45:971c (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
2    18.194.149.16 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-149-16.eu-central-1.compute.amazonaws.com
pm.w55c.net
1    3.124.200.54 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-200-54.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blogs.windows.com
17    2606:4700::6812:bc37 (United States)

ASN13335 (CLOUDFLARENET, US)
www.windowscentral.com
1    2606:4700::6812:4c34 (United States)

ASN13335 (CLOUDFLARENET, US)
passport.mobilenations.com
2    2606:2800:233:af6:eab:2108:1892:6d8 (United States)

ASN15133 (EDGECAST, US)
o.aolcdn.com
1    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
img.youtube.com
3    2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
2    52.217.169.81 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
media-mbst-pub-ue1.s3.amazonaws.com
11    143.204.101.204 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-204.fra50.r.cloudfront.net
d2908q01vomqb2.cloudfront.net
1    188.65.124.91 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: st.dc3.dailymotion.com
speedtest.dailymotion.com
3    2.16.186.115 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-115.deploy.static.akamaitechnologies.com
s2.dmcdn.net
1    34.73.247.27 (North Charleston, United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 27.247.73.34.bc.googleusercontent.com
www.saastr.com
2    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
drive.google.com
docs.google.com
10    2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
5    188.65.124.38 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: icscale-01-pub-ix7.vip.dailymotion.com
dmxleo.dailymotion.com
pdc.dmleonyc.com
2    199.212.255.245 (Canada)

ASN25948 (FHMNET, CA)
node228.impressionssl.adshop.infolinks.com
1    199.232.194.49 (United States)

ASN54113 (FASTLY, US)
a.disquscdn.com
2    199.232.192.134 (United States)

ASN54113 (FASTLY, US)
referrer.disqus.com
15    188.65.126.236 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: proxy-019.dc3.dailymotion.com
proxy-019.dc3.dailymotion.com
1    2a02:26f0:6c00:2ad::2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
is5-ssl.mzstatic.com
1    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
youtube.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a02:26f0:6c00:299::1fcf (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
js-cdn.music.apple.com
1    2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
1    2606:4700:3037::6815:4e07 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    104.111.214.240 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-240.deploy.static.akamaitechnologies.com
cdn.iubenda.com
1    162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Apex Domain
Subdomains		 Transfer
89 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
2 MB
46 snd.click
snd.click Failed
451 KB
40 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
static.doubleclick.net
269 KB
35 gstatic.com
fonts.gstatic.com
www.gstatic.com
ssl.gstatic.com
491 KB
28 dailymotion.com
www.dailymotion.com Failed
speedtest.dailymotion.com
dmxleo.dailymotion.com
proxy-019.dc3.dailymotion.com
graphql.api.dailymotion.com
1 MB
26 facebook.com
www.facebook.com Failed
14 KB
25 google.com
apis.google.com
adservice.google.com
accounts.google.com
drive.google.com
docs.google.com
www.google.com
412 KB
24 infolinks.com
resources.infolinks.com
router.infolinks.com
rt3009.infolinks.com
node228.impressionssl.adshop.infolinks.com
267 KB
21 dmcdn.net
static1.dmcdn.net
vendorlist.dmcdn.net
s2.dmcdn.net
1 MB
18 youtube.com
www.youtube.com
img.youtube.com
youtube.com
815 KB
17 windowscentral.com
www.windowscentral.com
928 KB
17 disquscdn.com
c.disquscdn.com
a.disquscdn.com
708 KB
16 dm-event.net
pebed.dm-event.net
3 KB
14 googleapis.com
ajax.googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
482 KB
12 yandex.ru
mc.yandex.ru
69 KB
12 disqus.com
sigma2.disqus.com
disqus.com
referrer.disqus.com
113 KB
12 aiupnow.com
www.aiupnow.com
425 KB
11 cloudfront.net
d2908q01vomqb2.cloudfront.net
5 MB
10 pubmatic.com
image8.pubmatic.com
image2.pubmatic.com
image4.pubmatic.com
3 KB
10 stackpathcdn.com
m9m6e2w5.stackpathcdn.com
124 KB
9 googletagservices.com
www.googletagservices.com
329 KB
7 casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
7 KB
6 blogspot.com
4.bp.blogspot.com
1.bp.blogspot.com
3.bp.blogspot.com
103 KB
5 feedburner.com
feeds.feedburner.com
4 KB
5 scdn.co
open.scdn.co
i.scdn.co
87 KB
4 yahoo.com
ups.analytics.yahoo.com
pr-bh.ybp.yahoo.com
2 KB
4 adnxs.com
ib.adnxs.com
4 KB
4 google-analytics.com
www.google-analytics.com
59 KB
4 facebook.net
connect.facebook.net
195 KB
4 blogger.com
www.blogger.com
164 KB
3 yimg.com
s.yimg.com
1 MB
3 adsrvr.org
match.adsrvr.org
1 KB
3 viglink.com
cdn.viglink.com
api.viglink.com
30 KB
3 google.co.uk
adservice.google.co.uk
1 KB
3 shareaholic.com
analytics.shareaholic.com
partner.shareaholic.com
recs.shareaholic.com
953 B
2 dmleonyc.com
pdc.dmleonyc.com
202 B
2 googleusercontent.com
doc-14-1o-docs.googleusercontent.com
25 KB
2 amazonaws.com
media-mbst-pub-ue1.s3.amazonaws.com
440 KB
2 aolcdn.com
o.aolcdn.com
278 KB
2 w55c.net
pm.w55c.net
1 KB
2 amazon-adsystem.com
s.amazon-adsystem.com
1 KB
2 lijit.com
ap.lijit.com
1 KB
2 advertising.com
pixel.advertising.com
677 B
2 1rx.io
sync.1rx.io
1 KB
2 spotify.com
open.spotify.com Failed
1011 B
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
84 KB
2 shareaholic.net
cdn.shareaholic.net
www.shareaholic.net
7 KB
1 nr-data.net
bam-cell.nr-data.net
724 B
1 iubenda.com
cdn.iubenda.com
5 KB
1 newrelic.com
js-agent.newrelic.com
13 KB
1 fontawesome.com
use.fontawesome.com
247 KB
1 apple.com
js-cdn.music.apple.com
54 KB
1 cloudflare.com
cdnjs.cloudflare.com
7 KB
1 googletagmanager.com
www.googletagmanager.com
36 KB
1 mzstatic.com
is5-ssl.mzstatic.com
214 KB
1 2mdn.net
s0.2mdn.net
17 KB
1 saastr.com
www.saastr.com
65 KB
1 mobilenations.com
passport.mobilenations.com
50 KB
1 windows.com
blogs.windows.com
513 KB
1 bidswitch.net
x.bidswitch.net
220 B
1 dotomi.com
casale-match.dotomi.com
187 B
1 sentry.io
o22381.ingest.sentry.io
245 B
1 yummly.com
www.yummly.com
724 B
1 vk.com
vk.com
482 B
1 tumblr.com
api.tumblr.com
392 B
1 reddit.com
www.reddit.com
1 KB
1 pinterest.com
api.pinterest.com
350 B
1 ok.ru
connect.ok.ru
2 KB
1 bufferapp.com
api.bufferapp.com
410 B
1 ggpht.com
yt3.ggpht.com
2 KB
1 33across.com
ssc-cms.33across.com
72 B
1 rfihub.com
p.rfihub.com
753 B
1 bnmla.com
match.bnmla.com
114 B
1 adkernel.com
dsp.adkernel.com
233 B
1 cpx.to
s.cpx.to
945 B
1 sonobi.com
sync.go.sonobi.com
474 B
1 zemanta.com
b1sync.zemanta.com
288 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
475 B
1 openx.net
u.openx.net
306 B
1 onetag-sys.com
onetag-sys.com
814 B
1 tynt.com
de.tynt.com
289 B
1 googleadservices.com
partner.googleadservices.com
645 B
1 blogblog.com
resources.blogblog.com
300 B
1 media.net
contextual.media.net
94 KB
565 84
Domain Requested by
69 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
www.aiupnow.com
pagead2.googlesyndication.com
46 snd.click www.aiupnow.com
ajax.googleapis.com
snd.click
35 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
www.youtube.com
26 www.facebook.com www.aiupnow.com
ajax.googleapis.com
www.facebook.com
connect.facebook.net
20 fonts.gstatic.com fonts.googleapis.com
www.youtube.com
20 pagead2.googlesyndication.com www.aiupnow.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
srcdoc
www.googletagservices.com
tpc.googlesyndication.com
17 www.windowscentral.com www.aiupnow.com
17 static1.dmcdn.net www.dailymotion.com
www.aiupnow.com
static1.dmcdn.net
16 pebed.dm-event.net www.dailymotion.com
static1.dmcdn.net
16 c.disquscdn.com sigma2.disqus.com
disqus.com
c.disquscdn.com
15 proxy-019.dc3.dailymotion.com static1.dmcdn.net
15 www.youtube.com apis.google.com
www.youtube.com
snd.click
14 router.infolinks.com resources.infolinks.com
router.infolinks.com
ssum-sec.casalemedia.com
12 mc.yandex.ru 1 redirects www.aiupnow.com
mc.yandex.ru
12 www.aiupnow.com www.aiupnow.com
ajax.googleapis.com
11 d2908q01vomqb2.cloudfront.net www.aiupnow.com
10 www.google.com 7 redirects googleads.g.doubleclick.net
www.youtube.com
tpc.googlesyndication.com
10 fonts.googleapis.com www.aiupnow.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
snd.click
10 m9m6e2w5.stackpathcdn.com cdn.shareaholic.net
www.aiupnow.com
9 www.googletagservices.com googleads.g.doubleclick.net
9 www.gstatic.com apis.google.com
googleads.g.doubleclick.net
static1.dmcdn.net
www.gstatic.com
9 apis.google.com www.aiupnow.com
apis.google.com
accounts.google.com
www.youtube.com
8 disqus.com sigma2.disqus.com
c.disquscdn.com
6 ssl.gstatic.com accounts.google.com
www.aiupnow.com
6 image8.pubmatic.com 6 redirects
5 feeds.feedburner.com www.aiupnow.com
5 www.dailymotion.com www.aiupnow.com
ajax.googleapis.com
www.dailymotion.com
static1.dmcdn.net
4 graphql.api.dailymotion.com static1.dmcdn.net
4 open.scdn.co open.spotify.com
open.scdn.co
4 ib.adnxs.com 4 redirects
4 cm.g.doubleclick.net 4 redirects
4 rt3009.infolinks.com resources.infolinks.com
www.aiupnow.com
4 www.google-analytics.com www.aiupnow.com
www.google-analytics.com
www.googletagmanager.com
4 connect.facebook.net www.aiupnow.com
connect.facebook.net
4 resources.infolinks.com www.aiupnow.com
resources.infolinks.com
4 www.blogger.com www.aiupnow.com
3 dmxleo.dailymotion.com static1.dmcdn.net
3 s2.dmcdn.net www.aiupnow.com
3 s.yimg.com www.aiupnow.com
3 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
3 imasdk.googleapis.com www.dailymotion.com
static1.dmcdn.net
imasdk.googleapis.com
3 match.adsrvr.org 2 redirects ssum-sec.casalemedia.com
3 ups.analytics.yahoo.com 3 redirects
3 ssum-sec.casalemedia.com 1 redirects router.infolinks.com
ssum-sec.casalemedia.com
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.co.uk pagead2.googlesyndication.com
3 4.bp.blogspot.com www.aiupnow.com
2 pdc.dmleonyc.com static1.dmcdn.net
2 youtube.com 2 redirects
2 referrer.disqus.com www.aiupnow.com
2 node228.impressionssl.adshop.infolinks.com www.aiupnow.com
blank
2 doc-14-1o-docs.googleusercontent.com 1 redirects www.aiupnow.com
2 media-mbst-pub-ue1.s3.amazonaws.com www.aiupnow.com
2 o.aolcdn.com www.aiupnow.com
2 pm.w55c.net 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 api.viglink.com cdn.viglink.com
2 ap.lijit.com 2 redirects
2 pixel.advertising.com 2 redirects
2 sync.1rx.io 2 redirects
2 image4.pubmatic.com 2 redirects
2 image2.pubmatic.com 2 redirects
2 open.spotify.com www.aiupnow.com
ajax.googleapis.com
2 sigma2.disqus.com www.aiupnow.com
sigma2.disqus.com
2 maxcdn.bootstrapcdn.com www.aiupnow.com
maxcdn.bootstrapcdn.com
2 1.bp.blogspot.com www.aiupnow.com
1 bam-cell.nr-data.net js-agent.newrelic.com
1 cdn.iubenda.com snd.click
1 js-agent.newrelic.com www.aiupnow.com
1 use.fontawesome.com snd.click
1 static.doubleclick.net www.youtube.com
1 js-cdn.music.apple.com snd.click
1 cdnjs.cloudflare.com snd.click
1 www.googletagmanager.com snd.click
1 is5-ssl.mzstatic.com snd.click
1 a.disquscdn.com www.aiupnow.com
1 s0.2mdn.net imasdk.googleapis.com
1 docs.google.com 1 redirects
1 drive.google.com 1 redirects
1 www.saastr.com www.aiupnow.com
1 speedtest.dailymotion.com static1.dmcdn.net
1 vendorlist.dmcdn.net static1.dmcdn.net
1 img.youtube.com www.aiupnow.com
1 3.bp.blogspot.com www.aiupnow.com
1 passport.mobilenations.com www.aiupnow.com
1 blogs.windows.com www.aiupnow.com
1 x.bidswitch.net ssum-sec.casalemedia.com
1 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 casale-match.dotomi.com 1 redirects
1 o22381.ingest.sentry.io open.scdn.co
1 i.scdn.co open.spotify.com
1 www.yummly.com m9m6e2w5.stackpathcdn.com
1 vk.com m9m6e2w5.stackpathcdn.com
1 api.tumblr.com m9m6e2w5.stackpathcdn.com
1 www.reddit.com m9m6e2w5.stackpathcdn.com
1 api.pinterest.com m9m6e2w5.stackpathcdn.com
1 connect.ok.ru m9m6e2w5.stackpathcdn.com
1 api.bufferapp.com m9m6e2w5.stackpathcdn.com
1 yt3.ggpht.com www.youtube.com
1 ssc-cms.33across.com router.infolinks.com
1 p.rfihub.com 1 redirects
1 match.bnmla.com router.infolinks.com
1 dsp.adkernel.com router.infolinks.com
1 s.cpx.to router.infolinks.com
1 sync.go.sonobi.com router.infolinks.com
1 b1sync.zemanta.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 u.openx.net router.infolinks.com
1 onetag-sys.com router.infolinks.com
1 de.tynt.com router.infolinks.com
1 recs.shareaholic.com m9m6e2w5.stackpathcdn.com
1 cdn.viglink.com m9m6e2w5.stackpathcdn.com
1 accounts.google.com apis.google.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 partner.shareaholic.com m9m6e2w5.stackpathcdn.com
1 analytics.shareaholic.com m9m6e2w5.stackpathcdn.com
1 www.shareaholic.net cdn.shareaholic.net
1 resources.blogblog.com www.aiupnow.com
1 ajax.googleapis.com www.aiupnow.com
1 cdn.shareaholic.net www.aiupnow.com
1 contextual.media.net www.aiupnow.com
565 122
Subject Issuer Validity Valid
www.aiupnow.com
GTS CA 1D4		 2021-12-02 -
2022-03-02		 3 months crt.sh
*.blogger.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
cdn.shareaholic.net
R3		 2021-11-09 -
2022-02-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-15 -
2022-07-14		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-25 -
2021-12-24		 3 months crt.sh
*.stackpathcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-31 -
2022-05-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.shareaholic.net
R3		 2021-12-03 -
2022-03-03		 3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2020-04-20 -
2022-05-09		 2 years crt.sh
*.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2021-07-28 -
2022-01-07		 5 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
shareaholic.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
www.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-12-11 -
2022-03-11		 3 months crt.sh
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
*.shareaholic.com
R3		 2021-11-29 -
2022-02-27		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google.co.uk
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
a.disquscdn.com
Amazon		 2021-10-31 -
2022-11-28		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
ssl1029306.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2021-07-12 -
2022-06-30		 a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
onetag-sys.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
*.adkernel.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-22 -
2022-01-05		 a year crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.scdn.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-06 -
2022-09-02		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
api.bufferapp.com
DigiCert SHA2 Secure Server CA		 2020-06-24 -
2022-08-16		 2 years crt.sh
*.ok.ru
GeoTrust RSA CA 2018		 2021-02-18 -
2022-03-21		 a year crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-27 -
2022-08-05		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-05 -
2022-04-02		 6 months crt.sh
tumblr.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-09 -
2022-04-14		 2 years crt.sh
*.vk.com
GlobalSign Organization Validation CA - SHA256 - G2		 2020-06-09 -
2022-06-10		 2 years crt.sh
*.dmcdn.net
ZeroSSL RSA Domain Secure Site CA		 2021-11-10 -
2022-02-08		 3 months crt.sh
*.dm-event.net
ZeroSSL RSA Domain Secure Site CA		 2021-12-15 -
2022-03-15		 3 months crt.sh
viglink.com
Amazon		 2021-11-13 -
2022-12-11		 a year crt.sh
*.ingest.sentry.io
R3		 2021-10-24 -
2022-01-22		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-24 -
2022-02-16		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
blogs.windows.com
Microsoft RSA TLS CA 01		 2021-11-05 -
2022-11-05		 a year crt.sh
windowscentral.com
Cloudflare Inc ECC CA-3		 2021-06-05 -
2022-06-04		 a year crt.sh
misc.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
o.aolcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-28 -
2022-06-02		 a year crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-11-08 -
2021-12-29		 2 months crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-01-11 -
2022-02-11		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
speedtest.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-26 -
2022-01-24		 3 months crt.sh
api.dmcdn.net
R3		 2021-11-09 -
2022-02-07		 3 months crt.sh
www.saastr.com
R3		 2021-11-23 -
2022-02-21		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
dmxleo.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-25 -
2022-01-23		 3 months crt.sh
node228.impressionssl.adshop.infolinks.com
R3		 2021-11-01 -
2022-01-30		 3 months crt.sh
*.disquscdn.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
*.dc3.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-21 -
2022-01-19		 3 months crt.sh
itunes.apple.com
Apple Public EV Server RSA CA 2 - G1		 2021-06-22 -
2022-07-22		 a year crt.sh
authorize.music.apple.com
Apple Public EV Server RSA CA 2 - G1		 2021-01-06 -
2022-02-05		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
www.iubenda.com
DigiCert SHA2 Secure Server CA		 2021-03-26 -
2022-03-31		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh
graphql.api.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-27 -
2022-01-25		 3 months crt.sh
playerdiagnosticscollector.dmxleo.com
ZeroSSL RSA Domain Secure Site CA		 2021-11-18 -
2022-02-16		 3 months crt.sh

This page contains 56 frames:

Primary Page: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Frame ID: 4B77DE123749927CF1ADA0DE7FBE4ADA
Requests: 169 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 545A7B2C2AE97AA26D1AEB95EFEC30F6
Requests: 1 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Frame ID: B36018A3D6FFFEA97DCC0EE969E3529F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Frame ID: FA80B4C8A6A6887A55FA8AEB12C051EF
Requests: 1 HTTP requests in this frame

Frame: https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Frame ID: 3B6EBD646E7C34A4AD7E40DA957E35E5
Requests: 1 HTTP requests in this frame

Frame: https://snd.click/mjI0tjt?embed=1
Frame ID: FE14B8CE475528ABFAF73F3AE74A62E8
Requests: 1 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Frame ID: 41C979D55EC23EB9EDE62BBDE6150AE5
Requests: 17 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Frame ID: 19C56077A805A1C8F78640DDD83CEF48
Requests: 60 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Frame ID: 018CF3B089A694CF9E8F8CADCBF9BD0C
Requests: 23 HTTP requests in this frame

Frame: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Frame ID: 9ABAA853114DBB28887ECD7E1723B45B
Requests: 7 HTTP requests in this frame

Frame: https://snd.click/mjI0tjt?embed=1
Frame ID: 787A7DCC8ADABC701A060017219BEDB0
Requests: 59 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Frame ID: 6DC07D2D56520E08B30DD2A6C70BE106
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Frame ID: 712D278C6B4FD0909C6DC263EC869F4C
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Frame ID: 560CDA8F099602C786062DCF66D9DA5A
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Frame ID: 42B52ECB06323DADE7499751D909E867
Requests: 14 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Frame ID: A41E592E1A17581C39F50611D8EA83C8
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Frame ID: F99BBEB1F31A1605632A82F75CB5B1A8
Requests: 9 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Frame ID: 66D4E19B98C0C224963E4AA83C92685F
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Frame ID: C1C97003FAC093A31A35BAC464E4D6FB
Requests: 7 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: AC9945F1A6A0E6863DC09CDF37A9BB06
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: A45892D3BDAE89790CDFC7858404C775
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: FBCD5B92AEC71340F6F29FEB3AA3BB5C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Frame ID: 836F16691A5C95EDCC6DCF7E96BCCB5A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Frame ID: C8E1D55D6C38CC1BAC645615BEC1F574
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Frame ID: EAA13DD56D07F40B4230814465FDB9F3
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&adk=1812271804&adf=3025194257&lmt=1639609134&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398348&bpp=1&bdt=629&idt=596&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600%2C250x250&nras=1&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=9&uci=a!9&fsb=1&dtd=611
Frame ID: EE139522DAF18BFA2B1F63D8AAEDB024
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Frame ID: 034205CF0178FC37EFBB67EE3234FF7A
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 951A131B59648B0139EC8ECD0E8B4CD7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Frame ID: 5C731051DB53658792BAA29991E7DB2A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B608B6CFD6C2CAFCBAAC87D645F13DDE
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Frame ID: 5ADC1A3B1C6D2A8F2BE49C63E6B406DB
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E0DE47975000F4CE15B81DC178DB8A30
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 1228386F7A9CDFDF65457318C77C2498
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2EC595207B3121F9CB297406B489E2D9
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B002E3187CF2456272EB99ABDD08BA34
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Frame ID: 51F3E365C1BE7C905CCD7A1DB32A4E53
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D6AA7FB3D33B1B58D8461B7E5845EFC6
Requests: 2 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Frame ID: 1EB3301D47D2662875D69D0F249A1547
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E74148432489DD81F701450A1F310D9E
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Frame ID: 3FE0017F66689D0672B035A8BC05E957
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: 598C7C4B2762FF549EC057C30A17A2CA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C4AADBFFAA75F5F8A59CE04FC109600C
Requests: 1 HTTP requests in this frame

Frame: https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1397385015&agy=414981&aid=640059&cid=640065&gid=640066&id=640067&st=1639635398&kwid=0&skw=social%20networking%20site&sid=3169767_13&sip=1508806144&pid=14&tid=2&mime=image/jpeg&dev=0&mtyp=503&agtyp=0&rid=f1c82701-0f74-41bf-86c4-4f2ff5de51a4&idfa=&gaid=
Frame ID: 5A67CB26C71879C36ED4486F901FB25F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: 1FE6166A5422F06A76E2A9B1D102691F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: 6FE61AB903446D02DEDC8930C94C7D20
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 312E0408E9742C508DA1F6BE56B56346
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: 704AC39DE20BA3C611B632BE6D4C6FF7
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 4144C9D1B57A03FD2CA775D476B42D22
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 3416A689C5D6EC0AA8416D8443E12BA2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Frame ID: B6DB679387925F37278B44A86C95D451
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 7992D5C14B6E1AA6C23B30F17A843502
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4DE0F5B065C0613AEC226D621610F12D
Requests: 2 HTTP requests in this frame

Frame: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Frame ID: 69FC1B29ED6814ADF9F88410DA3E6BF0
Requests: 12 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df14db6e556497f8%26domain%3Dwww.aiupnow.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.aiupnow.com%252Fff3347fffae398%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&locale=en_US&numposts=5&sdk=joey&version=v2.0&width=
Frame ID: DF8B4C488952536250F7A66A21D3902A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 83F12641D1885450AE7FDCA7A70B0A40
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CED6B8B40D01BF17535D8004C1E23BC0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials #Cybersecurity - The Entrepreneurial Way with A.I.

Page Statistics

565
Requests

96 %
HTTPS

43 %
IPv6

84
Domains

122
Subdomains

91
IPs

11
Countries

19321 kB
Transfer

31995 kB
Size

74
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light HTTP 301
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Request Chain 115
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Request Chain 117
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUExMTJBNkItNzFEMi00ODgwLTk1NDAtNTFFMEJDMUM2M0FG&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D0840FBD7-3FE4-406E-8991-93E6855C9219 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
Request Chain 118
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
  • https://router.infolinks.com/dyn/apn-usync?user_id=2474772255915933107
Request Chain 120
  • https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
  • https://router.infolinks.com/dyn/VR-usync?uid=y-ZpUSiAxE2uGn4b0jUWPjcPkeXZcrfY1hAJH3GMo-~A
Request Chain 121
  • https://sync.1rx.io/usersync2/infolinks HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4531523659 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4531523659 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/76eaaba9-a022-46ce-a4b9-adce9b50399f HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003 HTTP 302
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003
Request Chain 122
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
  • https://router.infolinks.com/dyn/zmn-usync?uid=
Request Chain 124
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.aiupnow.com%252F2021%252F12%252Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.aiupnow.com%25252F2021%25252F12%25252Fhackers-using-malicious-iis-server.html%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2474772255915933107
Request Chain 126
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UPbaa48959-5e37-11ec-a355-06323c827ac4 HTTP 302
  • https://router.infolinks.com/dyn/outh-usync?uid=y-ssIrZh5E2uEaqQ1L2Xor1xsFeIt19O7O~A~UPbaa48959-5e37-11ec-a355-06323c827ac4
Request Chain 128
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
  • https://router.infolinks.com/dyn/sovrn-usync?uid=43bb7d2911283285c3fdde80
Request Chain 129
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDg0MEZCRDctM0ZFNC00MDZFLTg5OTEtOTNFNjg1NUM5MjE5&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D0840FBD7-3FE4-406E-8991-93E6855C9219 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
Request Chain 130
  • https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
  • https://router.infolinks.com/dyn/zeta-usync?uid=5124322320639551250
Request Chain 133
  • https://mc.yandex.ru/watch/53791720?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfpgygy63o3j%3Afp%3A996%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A13840100265%3Ahid%3A396170086%3Az%3A0%3Ai%3A20211216061638%3Aet%3A1639635399%3Ac%3A1%3Arn%3A966339549%3Arqn%3A1%3Au%3A16396353991036985383%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639635397039%3Ads%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C595%2C38%2C%2C%2C%2C1279%3Adsn%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C244%2C39%2C%2C%2C%2C1278%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1639635399%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr(14)aw(1)ti(2) HTTP 302
  • https://mc.yandex.ru/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfpgygy63o3j%3Afp%3A996%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A13840100265%3Ahid%3A396170086%3Az%3A0%3Ai%3A20211216061638%3Aet%3A1639635399%3Ac%3A1%3Arn%3A966339549%3Arqn%3A1%3Au%3A16396353991036985383%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639635397039%3Ads%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C595%2C38%2C%2C%2C%2C1279%3Adsn%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C244%2C39%2C%2C%2C%2C1278%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1639635399%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
Request Chain 189
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB&dcc=t
Request Chain 190
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESECrEvS2lzjmYiclvqb5Qoy4&google_cver=1
Request Chain 192
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbrZxqPeBnkhKBrHhDzkgQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO-cTEPEzSCoiW_4Q0hnstU&google_cver=1&gdpr=1
Request Chain 193
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1639721799&gdpr=1
Request Chain 195
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=dlE3Hli01MXK4f5&gdpr=1
Request Chain 315
  • https://drive.google.com/uc?id=1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH HTTP 302
  • https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH HTTP 302
  • https://docs.google.com/nonceSigner?nonce=4k9kkhgv280jm&continue=https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH&hash=hu3hdire87pl4qjmd5kesdksjvu9bq7q HTTP 302
  • https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=4k9kkhgv280jm&user=06222150506394430363Z&hash=asuei5uonr42v4t2pgt9cahohic2k0k9
Request Chain 324
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 359
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 384
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 385
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 403
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 408
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 490
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 492
  • https://youtube.com/embed//RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer HTTP 303
  • https://youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer HTTP 301
  • https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer

565 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request hackers-using-malicious-iis-server.html
www.aiupnow.com/2021/12/ 		302 KB
57 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c065b1be26a26b657d9c95a2314d6da2316d981f6139e795a1a14685f8fd292b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9

Response headers

content-type
text/html; charset=UTF-8
expires
Thu, 16 Dec 2021 06:16:37 GMT
date
Thu, 16 Dec 2021 06:16:37 GMT
cache-control
private, max-age=0
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
etag
W/"1cbfba9482e8b9884a59758054c4a202189837d261e218ef046446e40201a717"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
57618
server
GSE
1529571102-css_bundle_v2.css
www.blogger.com/static/v1/widgets/ 		35 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcd5919bf34c7672ee85e44fd8c6a695a7ffbdd2126f4e54caecca5ca6996eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:19:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
129445
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7804
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 15:51:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 14 Dec 2022 18:19:12 GMT
dmedianet.js
contextual.media.net/ 		282 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CUN68BAV
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cfa9eb61fc8151655bb4081417610d49fb91cd53242d1880092a0d1c20fc3b34
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-mnt-h
8-11
content-encoding
gzip
server
Apache
etag
"30bc6e6d7875b522b17aa0b5f801f6c5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-10
expires
Thu, 16 Dec 2021 06:21:38 GMT
shareaholic.js
cdn.shareaholic.net/assets/pub/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
3077cb5e37d8dc041b829c7f823616f6433006e6cc7aa94e2e44692b20c2c720

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:37 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:49 GMT
server
nginx
x-amz-request-id
G0NQ63SZVHFATGX4
etag
"90e9d5610fc8e91cef45750757b9d1a7"
x-hw
1639635397.cds063.lo4.hn,1639635397.cds005.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=1200, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
4264
x-amz-id-2
Q+qfTFpS4by0EsFYjgtGMjjfFBYbTni4b1Mt9MR+3qbVu5sIvXjHyUoCf76c6criiGfn/DAsD4E=
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:30:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38785
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33576
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Dec 2022 19:30:12 GMT
apple-touch-icon.png
4.bp.blogspot.com/-OvGRVWKCtEI/XrFSUNK8zTI/AAAAAAAAf-o/RxScepL4BaQynp6TJIZk-zO6PMljMoB4wCK4BGAYYCw/s1600/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-OvGRVWKCtEI/XrFSUNK8zTI/AAAAAAAAf-o/RxScepL4BaQynp6TJIZk-zO6PMljMoB4wCK4BGAYYCw/s1600/apple-touch-icon.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c1dd3ae27cd0cf43059c6571c71a67429c3071d2fba84eba2d62809aa38ba3d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:37 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="apple-touch-icon.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38044
x-xss-protection
0
server
fife
etag
"v7feb"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 15 Dec 2021 13:02:29 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b58937d9caf0695d97edc06070a8c2deea94626b7ac5dfbe77b33ed36804ad49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51877
x-xss-protection
0
server
cafe
etag
6659938092832986609
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Dec 2021 06:16:37 GMT
icon18_edit_allbkg.gif
resources.blogblog.com/img/ 		162 B
300 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.blogblog.com/img/icon18_edit_allbkg.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 17:58:40 GMT
x-content-type-options
nosniff
last-modified
Sat, 11 Dec 2021 09:02:54 GMT
server
sffe
age
389877
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
162
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Sat, 18 Dec 2021 17:58:40 GMT
infolinks_main.js
resources.infolinks.com/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be5c8b54b173607-MAN
date
Thu, 16 Dec 2021 06:16:37 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 15 Dec 2021 14:45:02 GMT
server
cloudflare
age
12679
etag
W/"d66-5d33059cfc081"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
content-encoding
gzip
expires
Thu, 16 Dec 2021 03:45:18 GMT
platform.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
51dc201352664df8a472d290e8da5387964769924e98c6989726b8c391b3b8b0
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WFo7aJUFLl5o0nBjHxJMYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
cross-origin-opener-policy
same-origin
etag
"cbe05d0ffec5ecb141a76eb91aaeeb84"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-WFo7aJUFLl5o0nBjHxJMYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 16 Dec 2021 06:16:38 GMT
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
tFZOqdQ9d41NLo2bMFQbBsKl0DPckkmR1vXsIq4amnGwVdNlHBgQcC30tS/SkcY/GJirxL5iKsSASnEoSJjkiA==
x-fb-trip-id
720026100
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
bg1.png
1.bp.blogspot.com/-0bObXH0-WHI/VmnwwA4dQiI/AAAAAAAACVY/NEHl0xoZ58s/s0-r/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-0bObXH0-WHI/VmnwwA4dQiI/AAAAAAAACVY/NEHl0xoZ58s/s0-r/bg1.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8b82f883c1cd11ad9b0f4cd6cea48c70c84a84f41c57ee6e637417ef78182f50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 03:27:10 GMT
x-content-type-options
nosniff
age
10167
content-disposition
inline;filename="bg1.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5069
x-xss-protection
0
server
fife
etag
"v957"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 06 Oct 2021 17:59:18 GMT
main.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		147 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
10ae4d64b0c71483f2e7214da1da2b2f86279ad766492a028146d6e0623e230c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:37 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
G0NVJ6H0HP8GNGHM
etag
"c786ff130fd3e1a456555bb66b7a746f"
x-hw
1639635397.cds085.lo4.hn,1639635397.cds287.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
42511
x-amz-id-2
UH7DmSnm+N46phwWcT71PY+sQ8g+ecsxvmVOE8lYpxYzaUdSSDSJlsJox81y3+LMSuVXmJXL/5I=
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2504
date
Thu, 16 Dec 2021 05:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 16 Dec 2021 07:34:54 GMT
e68e51f46304cc485d7732b4cf6276c7.json
www.shareaholic.net/config/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.shareaholic.net/config/e68e51f46304cc485d7732b4cf6276c7.json
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.73.100.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-100-94.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6e6221f8603843e33aea69f1eff610fc753d5689ce75d5324f27144a10cb475f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-client-geo-country
GB,United Kingdom
date
Wed, 15 Dec 2021 06:29:56 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
content-length
2066
server
nginx
x-client-geo-region
x-client-geo-metrocode
etag
W/"6e6221f8603843e33aea69f1eff610fc"
access-control-max-age
2000
x-client-geo-city
x-varnish
320778064 296597667
via
1.1 varnish (Varnish/6.0)
access-control-expose-headers
Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control
max-age=3, public, must-revalidate
x-client-geo-zip
accept-ranges
bytes
content-type
application/json
access-control-allow-headers
*
x-client-geo-latlong
51.496400,-0.122400
tumblr_static_8ivylfvb6r4sw840g0cc4k0s8%2B%25281%2529.jpg
4.bp.blogspot.com/-6CyFYpbgHns/XbbfhTPasCI/AAAAAAAAbl0/FSPC-1XBPZkDRPA36WlpLde2w8pzROJegCK4BGAYYCw/s1600/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-6CyFYpbgHns/XbbfhTPasCI/AAAAAAAAbl0/FSPC-1XBPZkDRPA36WlpLde2w8pzROJegCK4BGAYYCw/s1600/tumblr_static_8ivylfvb6r4sw840g0cc4k0s8%2B%25281%2529.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e9c61cb3ab5d2bcfbf8ebddad7f6c531ea3621fc5ab2adfe61a51f479fc3b69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="tumblr_static_8ivylfvb6r4sw840g0cc4k0s8 (1).jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55898
x-xss-protection
0
server
fife
etag
"v6e5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 10 Dec 2021 07:52:54 GMT
css
fonts.googleapis.com/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8dcb8e128bd3aa982b2fe3a53685a5a6fe9ad4f6ec590611052b74813631e5f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 06:16:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:38 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:38 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617
age
20498980
cdn-cachedat
2021-04-23 02:06:15
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
f07a6a1e3a2be9775bad960520140228
cf-ray
6be5c8b6efea0e1e-MXP
cdn-requestcountrycode
IT
cdn-requestpullsuccess
True
authorization.css
www.blogger.com/dyn-css/ 		1 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7525488504328308640&zx=f1a31e36-e3c8-4fa8-aba9-62e91dc083e4
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Dec 2021 06:16:38 GMT
server
GSE
date
Thu, 16 Dec 2021 06:16:38 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=848707030&t=pageview&_s=1&dl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ul=en-us&de=UTF-8&dt=Hackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1942011557&gjid=1816431705&cid=1143674651.1639635398&tid=UA-135957145-1&_gid=500541169.1639635398&_r=1&_slc=1&z=271360635
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
2653164334924589
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2653164334924589?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
edd44cad5cd50082407878419dee3031955cfb380d85653ce1100cea73bf9eef
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
UqRqSc8NiF191rTghEVc+EENLXAB4KGz5qzXq9TvlvAilSFS5+rs+s/RYb8m4Xr8VPFtvXLJUvToYd1u5CezkA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 		276 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1037f1e0d1ae470df705a7179a41aa2c969aec5ff56771a7438edc74fc46a9f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101736
x-xss-protection
0
server
cafe
etag
6975236974516728872
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 16 Dec 2021 06:16:38 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 545A 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 18:37:20 GMT
expires
Wed, 29 Dec 2021 18:37:20 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
41958
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookienotice.js
www.aiupnow.com/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/js/cookienotice.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Dec 2021 05:53:19 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
2026
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 23 Dec 2021 06:16:38 GMT
1564622764-widgets.js
www.blogger.com/static/v1/widgets/ 		155 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1564622764-widgets.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9245e24051590798719955aeb2a4d749974644490c27a7141e142f8f203cb246
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:53:15 GMT
x-content-type-options
nosniff
age
102203
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
158722
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 22:07:50 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 15 Dec 2022 01:53:15 GMT
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
55fe82818b43523a014e2f98669e78ad0f672a8446fe7b2f6354c2051ad56947
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
ByeKHNx12Cmrpc+d93eHYA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Thu, 16 Dec 2021 06:35:28 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1688
x-fb-rlafr
0
x-fb-debug
EK21SYtbzfQKlWVj0+SYwNEPekT/zmG8ZeXnRHXTZCVI2JAHUHfKVNcxM+0YEq+Lr3NqLcjFUCnBV2vFuBhqAQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
3a2e0f9c21fefac1efd6fc6cd168e7b5
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:38 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"bdd22ec04691d30231cdac46fd700d81"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
embed.js
sigma2.disqus.com/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sigma2.disqus.com/embed.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
cdd297fd79b6ba4200519c00d3d9b7c596e397e40cd6af96eb5a63332f91bf8b
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:38 GMT
Content-Encoding
gzip
Server
openresty
Age
40
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router_gunicorn
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
24630
Cross-Origin-Resource-Policy
cross-origin
ice.js
resources.infolinks.com/js/1769.027-3.025/ 		207 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/ice.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be5c8b69b9f3607-MAN
date
Thu, 16 Dec 2021 06:16:38 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
11713
etag
W/"33cca-5d2d8ec5512a4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Sat, 15 Jan 2022 03:01:25 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ 		179 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b7fbd43d6a71c8bddad3eeeb139c57a9db40de0180b47c78aee87e25342100a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:20:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35794
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60520
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:20:04 GMT
x7zgqmr
www.dailymotion.com/embed/video/ Frame B360 		0
0
page.php
www.facebook.com/plugins/ Frame FA80 		0
0
/
open.spotify.com/follow/1/ Frame 3B6E 		0
0
mjI0tjt
snd.click/ Frame FE14 		0
0
tag.js
mc.yandex.ru/metrika/ 		194 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
39b61bb2c44b3429206f042c0e70a94c6d592f45fae36b786c66a7920c44ce5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
br
last-modified
Wed, 15 Dec 2021 16:08:50 GMT
etag
"61b9e8e2-1078a"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
67466
expires
Thu, 16 Dec 2021 07:16:38 GMT
default
www.aiupnow.com/feeds/posts/ 		95 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&max-results=5&callback=jQuery111009923631939546902_1639635398064&_=1639635398065
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
b1fc6b300942d8a4130ee178e5aedc2fb8759c1c49715e99cfceb22301cacc63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"e8cd4ce5b72f5ad9ec0e152ee4ec5b13f4a8cfefacc3ed2178d73db3f3330b26"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
28533
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
Microsoft
www.aiupnow.com/feeds/posts/default/-/ 		74 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Microsoft?alt=json-in-script&max-results=4&callback=jQuery111009923631939546902_1639635398066&_=1639635398067
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
21c3979547c7a7283f7ff462e0d8db01d8b648b7ca66a5fe5693d73b1133c502
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"8da107edead12ab0dd852aaa91a95b442607894a93ce34b6b70d558ed83b40e2"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
22810
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
Amazon
www.aiupnow.com/feeds/posts/default/-/ 		84 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Amazon?alt=json-in-script&max-results=4&callback=jQuery111009923631939546902_1639635398068&_=1639635398069
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
120dd585aad17ae7b2f98d532ac5f78acfb20cbc808b5458cdea9ee95d6da139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"ebbca36370e0fff64b4f2a7b05e133f1bb06d52029dddc6a5cb25f212ec45553"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
24590
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
Apple
www.aiupnow.com/feeds/posts/default/-/ 		77 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Apple?alt=json-in-script&max-results=4&callback=jQuery111009923631939546902_1639635398070&_=1639635398071
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
249e0a6820514d94f797d39b2c6155c7465c870e8aa8228686b60b784a1b761f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"723f37300f86d3af5d81bd99220039d02153adc70759d565daf045dcf9f1164e"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
24204
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
VR
www.aiupnow.com/feeds/posts/default/-/ 		132 KB
35 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/VR?alt=json-in-script&max-results=4&callback=jQuery111009923631939546902_1639635398072&_=1639635398073
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
81378bffc819362ba4204facf328c565b8a963ab4b5c292c835d945e63713003
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"30516d1330332820b32f62940ce6e35bbc982882f131e47981a42e92c3a72054"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
35347
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
repeat-bg.png
4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/ 		229 B
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/repeat-bg.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2baf0db4101196df611d843d4741b65c2ebde9d4d458196ab9fb71039d8ccec7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 04:37:30 GMT
x-content-type-options
nosniff
age
5948
content-disposition
inline;filename="repeat-bg.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
229
x-xss-protection
0
server
fife
etag
"v9cf"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 17 Nov 2021 20:02:56 GMT
sdk.js
connect.facebook.net/en_US/ 		284 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=d230c964e91378700a4b54f6450bc8ac
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
474766eea123bf4e329e67866d3656d1998ba48b118b951f324f61452cf6ad34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.aiupnow.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
z7+mVufXqIMFC9EFqtRAdQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Fri, 16 Dec 2022 05:40:10 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
81990
x-fb-rlafr
0
x-fb-debug
bLy/YRwGYwWGpjzjrOtthLPT8nxXtVqstMb+SVl0VTZu/Q12cSPqOWemwYsA8KRqqGot5IIRdDpRrclB6OG7ig==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
287f5e94556c9dff657c5a81cbd3a5c1
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:38 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"51c5b2bb2e6116f7681d92f0fd744a2e"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
authorization.css
www.blogger.com/dyn-css/ 		1 B
43 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7525488504328308640&zx=f1a31e36-e3c8-4fa8-aba9-62e91dc083e4
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Dec 2021 06:16:38 GMT
server
GSE
date
Thu, 16 Dec 2021 06:16:38 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:52:02 GMT
x-content-type-options
nosniff
age
491076
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:52:02 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 14:28:31 GMT
x-content-type-options
nosniff
age
402487
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7900
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:02:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 11 Dec 2022 14:28:31 GMT
memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v27/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 14:26:25 GMT
x-content-type-options
nosniff
age
143413
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17768
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:32:14 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 14:26:25 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 04:20:35 GMT
x-content-type-options
nosniff
age
525363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:48 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 04:20:35 GMT
manage
router.infolinks.com/usync/ Frame 41C9 		9 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
218558585458a13a0561c9747e86fc90db372981a72ba884d87af47e8b3ce13c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-type
text/html;charset=UTF-8
cache-control
no-store
p3p
CP="NON DSP NID OUR COR"
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6be5c8b76bf33607-MAN
content-encoding
gzip
lcmanage
router.infolinks.com/usync/ 		0
52 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6be5c8b76bf43607-MAN
content-length
0
gsd
router.infolinks.com/ 		316 B
488 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&jsv=1769.027-3.025&_cb=16396353982870
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac978cb44cb684b3b4d68c67826683b37e5ada690aa4e031c4c505921331756e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/javascript;charset=UTF-8
content-encoding
gzip
cache-control
max-age=0
cf-ray
6be5c8b76bf53607-MAN
expires
Thu, 01 Jan 1970 00:00:00 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 718
age
37652
cdn-cachedat
2021-08-02 20:43:32
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/woff2
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
28557335b4662445583b1248d894b0b8
accept-ranges
bytes
cf-ray
6be5c8b80ab73749-MXP
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
e
analytics.shareaholic.com/ 		43 B
380 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.shareaholic.com/e
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.204.113.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-113-242.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Content-Security-Policy referrer always

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
vary
Origin
p3p
CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
referer-policy
unsafe-url
content-security-policy
referrer always
content-type
image/gif
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT
x7zgqmr
www.dailymotion.com/embed/video/ Frame 19C5 		26 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
f46b2d4a856ea7159beddd14178005a469671e498cc36f6cd1ffc088eb0431f0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
9425
Content-Security-Policy
upgrade-insecure-requests
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Dec 2021 06:16:38 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Link
<https://static1.dmcdn.net>; rel=preconnect
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Server-Timing
total;dur=237, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
page.php
www.facebook.com/plugins/ Frame 018C 		14 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a1d91ae72925e0ed23501502a4152657a2252df43a9071e61fdfc8a46272cc96
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
dSYFEtX6HdR2lOKMwUknaJQwBrkMdmvo2AP4tomfus2Duty1AQoh6wjnUDw7TvVD7CYkP8Q6GiBZfE9JU2FGaw==
date
Thu, 16 Dec 2021 06:16:38 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
1
open.spotify.com/follow/ Frame 9ABA
Redirect Chain
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
2 KB
949 B 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
0ff2df2ef4e19d34978c7767adf55210307603d2ece3f7ffdef9231b1c6e6c4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
9909691a-bac7-4b6a-bb7e-d3c4271bc107
content-encoding
br
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
820e50567c58d7d3
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-type
text/html
location
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
f95c8c1a416c1f31
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
vary
Accept-Encoding
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
mjI0tjt
snd.click/ Frame 787A 		44 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://snd.click/mjI0tjt?embed=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e564a3162413efc438ca1087c6d299b042e35695cb79b44f655fe699e5d46fc7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-type
text/html; charset=UTF-8
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKo5BYPf0qWwrFwmhzy4ACZFxR%2FTkcEP1KypdCkHpncRg7HiMx6v40%2BzdAgJ%2BOsPNWcNo99aurRLBBODLrxEqcR1BXLHFuDbLck%2FY%2Byp5cQ6T2pnaRbABuAz15ad2naheI0O6j2noUc%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6be5c8b7ba1159b9-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:35:21 GMT
x-content-type-options
nosniff
age
204077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7776
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 13 Dec 2022 21:35:21 GMT
default
www.aiupnow.com/feeds/posts/ 		299 KB
76 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&callback=jQuery111009923631939546902_1639635398074&_=1639635398075
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
f11b16a761b9b2d565e3d57f0d2430b7666beedffd2022b59bd544ccb130c27b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"991813ebafc64874261d0221774a22a921f04d41a17af7b411d444b4c411a9dd"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
77282
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
london-based-fintech-startup-toucan.html
www.aiupnow.com/2021/12/ 		300 KB
56 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/london-based-fintech-startup-toucan.html
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
287a9e7feb492441a1f9f99bbf1b00a2ff11de8b3c8cd7af352710f492e5f71a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
GSE
etag
W/"1cbfba9482e8b9884a59758054c4a202189837d261e218ef046446e40201a717"
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0
content-length
57177
x-xss-protection
1; mode=block
expires
Thu, 16 Dec 2021 06:16:38 GMT
hamburg-based-dealcode-nabs-1-million.html
www.aiupnow.com/2021/12/ 		300 KB
56 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/hamburg-based-dealcode-nabs-1-million.html
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
754364afcadb8b459f52deecd98837f91aba0e49aba84fad5b96fd6bacb92144
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
GSE
etag
W/"1cbfba9482e8b9884a59758054c4a202189837d261e218ef046446e40201a717"
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0
content-length
57221
x-xss-protection
1; mode=block
expires
Thu, 16 Dec 2021 06:16:39 GMT
noreply@blogger.com%20(Ravie%20Lakshmanan)
www.aiupnow.com/feeds/posts/default/-/ 		78 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/noreply@blogger.com%20(Ravie%20Lakshmanan)?alt=json-in-script&max-results=3&callback=jQuery111009923631939546902_1639635398076&_=1639635398077
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
b1dfa2a8da20548fee650f32f03b13149c5c6a68ed7efc0e60cfde82dc92cd19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"af05a500e8d3371db80d33e418dd4340ecd6a929ed603c6b3db91c4ae85904af"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
24264
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=ytsubscribe/exm=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=ytsubscribe/exm=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
00bd2bb1b8188c634c6181687ecb0c5c708941277c19332687ebcd4dbf0f3bf0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:20:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35793
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10021
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:20:05 GMT
cb=gapi.loaded_2
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ 		76 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_2
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
04e9804c14c35b04a24d8ef3fed241423d2b533d0b96c1253bacf8d0008e24aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:20:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35793
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27241
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:20:05 GMT
subscribe_embed
www.youtube.com/ Frame 6DC0 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e568b10e0bb7610abbe4f1f62ccb35ba7d479ef4b125936b97a2cc80ba9c3a98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=31536000
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sharebuttons.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		178 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
956c937c18e92293c7ef920d33914118c5c3b5930f608c9f59b76367d9c409d9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
XKBQ0ZCJN8T0JWWK
etag
"1b7d36dcdcb5fe22c177a72eb41a6b49"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds109.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
37690
x-amz-id-2
Gpfzu1c4HAvB7tTGwj6ocC3HVzfzugMQF8tVDDiT2Gza64pyG3I2rbcEEdMmfssrqA4GsQfkf8U=
recommendations.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		92 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/recommendations.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9904ccc112b0cbf11bac902cb4c91ce4af8398396917bc1d3d8dd5d355ace176

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:47 GMT
server
nginx
x-amz-request-id
XKBP8GA4DSG80AM6
etag
"124b1ddaa6b830a55e18ae7f9c66309a"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds252.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
12739
x-amz-id-2
QubKB136HUDrXNwKBkh3KlnGViIKNFVgsGCDdwlXpKDATcA4jCIIWdTdi9KG3VrFt+NCSnhECMw=
cookieconsent.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/cookieconsent.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
34fa06f4b9082afd593822ef7a15e41e2df8c335d9e696ec864c061cdabe483b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
7N3JWBEJFKDYPN0N
etag
"c9aa93e9b05376764d3741510358494e"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds281.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
2370
x-amz-id-2
EJSjooTlbls7VGIS73GsWrI41+kM3mrP/xSufVGfnIlM40OeIkWpdmDf94hQU8ysvISyF4AIWVM=
affiliatelinks.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		991 B
801 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/affiliatelinks.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
bef5318f625cf3dad8e4db35a1eb5a8548dae2317569c5aa4647e8a198cdd60a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
XKBTD0Z08RQT9KR3
etag
"481e1d8072d6fefe9f42b0f9898cd18e"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds033.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
594
x-amz-id-2
EzqYPFJ4MH4ddsTqnvHB5sWOBUYQTKawP8P+CERXgfj2TZ1RZSWZPpfumdzONMl3L7S9M2EYoXM=
anchorad.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/anchorad.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
be43a684a99f6071923acef248515dadee8bf4db7cc059aed54dda51b6d3dd44

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
7N3VTG63QCXWKFNG
etag
"f475b56277bd3553e78cf2bb834126b5"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds212.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
2637
x-amz-id-2
eAPqZMT1zzAPjvIIjpk3VzgSvvnxAzJ6w4UdR7lJL9DSnLFvZVeLyFIsGRV+w6nJng8x6viRJ4s=
adminbadgei.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/adminbadgei.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
d50b115ed15f11d96d3ab369d091db9bf261ff6a41ee29ef08599464913bb0d9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
STCS4WHZSC5A0EK4
etag
"1a370075234e5a4741e8e74bf7eab3b9"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds036.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
4076
x-amz-id-2
aIrtMxvgpwZpf9ZraMhjESwfu5mnJ8lN7pg+W/zXfgdSgAivkflTgIOlMUQKxN6qRACTZhmIDAs=
partners.js
partner.shareaholic.com/ 		0
265 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&cl=en-US&id_sync=c4c5bd61-cc22-4262-ae19-21a9ca7c5fec&minify=1&pvs=1&site=e68e51f46304cc485d7732b4cf6276c7
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.147.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-147-136.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
vary
Accept-Encoding, User-Agent
p3p
CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=utf-8
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		215 B
645 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.aiupnow.com&callback=_gfp_s_&client=ca-pub-1342347843351338
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
22908da9abc1662fdb453bff43b2533c10e76c711d7e457dd50f440639d83c29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
201
x-xss-protection
0
integrator.js
adservice.google.co.uk/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 712D 		75 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
635ac3ba0c0db271dfb39b0e2df6037f242edac8d26cb7c6ab7cc8e6775eab1c
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL7p9OvV5_QCFTjRuwgd2coMwg&gqi=xtm6YensHeeA3gOKoq-oBA&layout=/sadbundle/%24csp%253Der3%24/215047436056395776/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL7p9OvV5_QCFTjRuwgd2coMwg&gqi=xtm6YensHeeA3gOKoq-oBA&layout=/sadbundle/%24csp%253Der3%24/215047436056395776/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
25089
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ 		0
26 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
715771
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26065
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-65d1"
content-type
text/css; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
lxTBRoHT9KsYUrbBhoshJKMimvuNMUxW9WXGmeQQwX_N00vDJcuhQg==
x-cache-hits
0
common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ 		0
93 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 14:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4462268
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94779
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Fri, 22 Oct 2021 00:26:02 GMT
server
nginx
etag
"6172051a-1723b"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 25 Oct 2022 14:45:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
WW1MEAWzNFO6Tdm5p0rp_z5qdj0TOv1gNA-k5FUvZFO2xjoulbkvYQ==
x-cache-hits
0
lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ 		0
121 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
715771
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
122873
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1dff9"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
md35f84ALVyTgqrNUvOlYSIYLO8RJ9WVef8XC0q_Hd7QgyalZJZC-g==
x-cache-hits
0
config.js
disqus.com/next/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:38 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
32
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
recommendations.js
sigma2.disqus.com/ 		63 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sigma2.disqus.com/recommendations.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
ac56d1b1b22c128f9d0743f4670ad1248a51697da5c2ecde14e6c8e9a662256a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:38 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service
router_gunicorn
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
20890
Cross-Origin-Resource-Policy
cross-origin
lazy.min.js
www.gstatic.com/feedback/js/help/prod/service/ 		79 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c0f1cce1d9f37c25fa9ee1e57c0f4308de2835d5083048c959b13b2cde60ef9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:55:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1280
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28818
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 17:14:26 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="product-feedback-gathering"
vary
Accept-Encoding, Origin
report-to
{"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:45:18 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 560C 		75 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
591161f686ad308c90a8cc534b0861fd96ef8cb088d2cea60e6d6f8ca73ae458
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKLx9evV5_QCFdWYewodHhkBsA&gqi=xtm6YfqsH8OD3gPqm4rgDg&layout=/sadbundle/%24csp%253Der3%24/14394067912878981120/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKLx9evV5_QCFdWYewodHhkBsA&gqi=xtm6YfqsH8OD3gPqm4rgDg&layout=/sadbundle/%24csp%253Der3%24/14394067912878981120/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:38 GMT
server
cafe
content-length
25054
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:38 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 42B5 		82 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1cd2c555372530d0e0be664ca29569c07dc012088bdfb16463611bb88301d1e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
29961
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2653164334924589&ev=PageView&dl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rl=&if=false&ts=1639635398549&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1639635398548.669525801&it=1639635398097&coo=false&exp=p1&rqm=GET
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Thu, 16 Dec 2021 06:16:38 GMT
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
KmqrnCFBSxoaYYvylf2MpWB7aqy4P5l1MlgwhSplgmqYltdZgCNiY0mivhpCT/90cd1iTzrZIoM+iIv85lnz6w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
9yQp8ZZtYAc68j/u5IZN3vC5+trg+lWEhGjpnyQo0FolSuvv2j/alakbJDSB01GT7OHQBtVaAp3I3pDWKditmA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
gIoGoUuLsnh01mR3sDMaz/9YEMffhrlfxHifCJuqFYNNydYkINuotJFHt3UcDkOsj8QLGP4SrYNTkZeTJsM9Zw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
38 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
CgWzEo5gIO3Z+I6uGMYv3ubNex5/SpOA7SoqPlNacxNmr8N+an2YqeXikQ8i1UIANjTLXM3p7dxg9d3y6aA2lA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
zQOFsLG8WhMmYCZb4uoBCTmA7ZcY2dCSLvQNfuRHDUZ2d632VtGL2V3ah0s7JRNiwLYfBPiq+saYmHE78krrtA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
T9Oh5JIzPmytPAWN37XXYU0Rbj+IliUQIUDXAfH7sZSzTixSng5wmiqe3zhYUvUew0kUdMbkNc4THnAPmqCUmQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ZOL6z8smh8noh/bB/ZW+In/lB4hrIst6J3k3dhQYHZhsRDuSyKz61kInWZGH1I20+ERwbG3DjYAOabFYj3/7lg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
zFjpYebwD5V1BUBtbelP/W9a3rgUIyPS6Db9UmpQ+3p5oi4uT1t0hSvCyTvA9T7gq2Zf8reNpq7uMsiZW44yVw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ItnuVwbfLhNp/ROOzAFSmlnl16L2Iag9KwctrjhlOT8/Whb47xz43oDCt+xDS3mSB2IW4EZR5OVVNNT+af91LA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
9fpl5ASiMl5xMUl/4e0PT3Jzb21A8eKctBbc2Ck1pjvjQP5hZNOojQbuaopddzU4ZVU9ul5tSFUJ925zixTurA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
oTIxOxkGpbSX6+CO9+fQxqg63EMWeCLc/dqORGT0MGfK/lDDs81UOnbmmfUMJFFbqztoCyeBwLEN7x85DrV5Lg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
D5jeOu3esUs/tcgUbhPS0KgjI48nr478mm+JEj2ujWBKLs5n2Du4i7cWP94wqvkno55LY3GXneLiX89CYNnWKg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
cP+BvIZSWxuCLLeCv65gK5TAE1w+voezX98x7LFTtcHLpqPKyRKWyw2vyqlkamfz+vZDNraqastDyNbA1M3V7Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
/+iA8+DtaQQlOThIWvIbrL/XbIQvQ+t9W1v/5qPvP/msN+fFiqejCpyb54NKEQLTuYsmL5PiCulJfK7a8EUgOQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
uF1GQQgBmzG13eD4EoC2+9DBFgDDyCLGBaiKL6ajVjU+M6cSc/HSY58artLJoaMssNMHYV8mN3sRi2Qm22qwWA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
2noP/NyZ5zNTA8OOY01i/opK9CgsP5KxVtBVhVaQpfsL+43Lc1IkTkPH0aI81YJh677eINNu7qbeavVYrPp6pQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
dcVgjnOLTiM5JWlZhQw8nQ/Nj3t3plQVHQcHcSaFhIoxL00LsDJd29swzTnp7HQYaBSq92vW2HKuB2397WtI6w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Bm5FCJB0obdArP19dp2e5H09upiL5WzcDWffgjVrHO/BRyvtUa6GS1xfR0FfMvYrRi0WBUUFJ6e2xaKE3aqzxg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
D02mKFa2AoNwHxePdFDebaYBGDx6tnXZi/YkurpjfnxwY5SMryOkNY2VJDbxuGm3G40KhPnh5IMoGeumQq+YFg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
PMnGH6XAHD/gY84eV4zTd9Y+MyVLCK/HXMFUm40dr7IKuvA4qJG91V+IxE9JKJa4SyIkcLV8TSLABR4ey55Zxw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 018C 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
bUTDhQlDBoIFBM8VXhjQrseHWevuiT/DQRi1QkcOMEEkq1HVckHCPnYxxp1K6xT2fO/ti3a7VH5vd2XVbVOcIw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 16 Dec 2021 06:16:38 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
postmessageRelay
accounts.google.com/o/oauth2/ Frame A41E 		566 B
860 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
207988d6ceb0915644622340d434fcf1c5830d0ebe44cb40a97af4b56205ac38
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Uuw18q6Sp/hB1M+h9+Q+DQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 16 Dec 2021 06:16:38 GMT
content-security-policy
script-src 'report-sample' 'nonce-Uuw18q6Sp/hB1M+h9+Q+DQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
googleads.g.doubleclick.net/pagead/ Frame F99B 		88 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3f8cc7f538737fe8ccad69519bba518c156bf2e49cb7de925385cc359ca6c69c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
31173
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
/
disqus.com/embed/comments/ Frame 66D4 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4bd97569f19339108d50e204a239bf8a3659823bc4a4c6011cc6a686ad5e4922
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Connection
keep-alive
Content-Length
2801
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Wed, 15 Dec 2021 12:18:33 GMT
ETag
W/"lounge:view:8927097210.bbad8d8423660e7c629bbb0b0793d7d0.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy
no-referrer-when-downgrade
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Thu, 16 Dec 2021 06:16:38 GMT
Age
0
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
doq.htm
rt3009.infolinks.com/action/ 		912 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3009.infolinks.com/action/doq.htm?pcode=utf-8&r=16396353986231
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fb7e9599446e2f4785fb37ad8b123b6275a5f88993db9681a1862ad95d5fc86

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
x-application-context
application:prod
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-language
en-GB
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
cf-ray
6be5c8b9ffd335d7-MAN
expires
Thu, 01 Jan 1970 00:00:00 GMT
vglnk.js
cdn.viglink.com/api/ 		81 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a10d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
cf-cache-status
HIT
age
443660
cf-ray
6be5c8ba7c730f52-MXP
content-length
28567
x-amz-id-2
6Mugg1RsvsE32Du+hF1xqZvAP8/neBAYnOOBeGkKMJudju/Nx3y5XzsvjSQ5o6ZAeudleV5MiRY=
last-modified
Wed, 02 Dec 2020 18:57:12 GMT
server
cloudflare
etag
"072eaf64a771815874455704fca9301b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-request-id
1WPRPJ2QDVF2SK0X
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
text/javascript
expires
Thu, 23 Dec 2021 06:16:38 GMT
asid
recs.shareaholic.com/ 		99 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://recs.shareaholic.com/asid?location=https%3A%2F%2Faiupnow.com&api_key=e68e51f46304cc485d7732b4cf6276c7
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.31.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-31-218.compute-1.amazonaws.com
Software
/
Resource Hash
b8bb346898f5a5a3b128454695814dbdc26273a8f07f860fef151408e7344657

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
https://www.aiupnow.com
date
Thu, 16 Dec 2021 06:16:38 GMT
access-control-allow-credentials
true
content-type
application/json
content-length
99
vary
Origin, Accept-Encoding, User-Agent
access-control-expose-headers
X-Client-Auth
share-button-shadow.png
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/share-buttons/ 		405 B
640 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/share-buttons/share-button-shadow.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
22a6b5ca081c7e993a6de605757cb5da85573221300021627663e89fb6950b18

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
XKBKB1A1MDJ255YA
etag
"eb8d7f99f86c638ac8e68c8e4014cbd3"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds074.lo4.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
428
x-amz-id-2
MYcd7n+myKbK2WUua0SBx2hoDquGyFnieY4X92SpJjYozv0MwZB9BoKfANJCHPcIZsig8E8/YoU=
shareaholic-icons.woff
m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c

Request headers

Referer
https://www.aiupnow.com/
Origin
https://www.aiupnow.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-amz-request-id
G0NXFXTFZT4186JC
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
content-length
20572
x-amz-id-2
bh9n9Nzzckm4+J6p4sZyrGFd/PXllj9vwezB0W3ZMqoq/wgQeRyIK2mHIucfrFdM5DaiF6vaCxk=
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
etag
"0e26e8e2b7a79ff2a9e9fe9ef5382e6d"
access-control-max-age
2000
x-hw
1639635398.cds006.lo4.hn,1639635398.cds030.lo4.c
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
ETag, Access-Control-Allow-Origin
cache-control
max-age=31536000, public
accept-ranges
bytes
truncated
/ 		492 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
logo.svg
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/ 		743 B
576 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/logo.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
SPDJ024VJGG2SW33
etag
"83eda2388bc041d5d753201754724793"
x-hw
1639635398.cds085.lo4.hn,1639635398.cds041.lo4.c
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
360
x-amz-id-2
u1pmQYGYx+BEROWSOiGI89Vvg0WG5J2ycZg3tRuOno12H0ML/yIqiqurnrat9x1Q1GO+2di04ik=
ads
googleads.g.doubleclick.net/pagead/ Frame C1C9 		75 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db6ac8aa8b0eec0264d904f0f99a2c1b6ea00a3bf79b4bfd77002c47fa29db92
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWciOzV5_QCFT_LEQgdqZgB6Q&gqi=xtm6Yb_RMYuK3wOWuqfQDQ&layout=/sadbundle/%24csp%253Der3%24/215047436056395776/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWciOzV5_QCFT_LEQgdqZgB6Q&gqi=xtm6Yb_RMYuK3wOWuqfQDQ&layout=/sadbundle/%24csp%253Der3%24/215047436056395776/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
25044
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
/
de.tynt.com/deb/ Frame AC99 		75 B
289 B 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/

Response headers

cache-control
max-age=86400
expires
Fri, 17 Dec 2021 06:16:39 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
75
date
Thu, 16 Dec 2021 06:16:38 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
usermatch
ssum-sec.casalemedia.com/ Frame A458
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
752412e549c655c81176207d6a70c7d5c1395034d9c80a49f968beed189bf625

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|230|39|45|65|73|47|51
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1677
Expires
Thu, 16 Dec 2021 06:16:39 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Thu, 16 Dec 2021 06:16:38 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:38 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame FBCD 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
usersync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUExMTJBNkItNzFEMi00ODgwLTk1NDAtNTFFMEJDMUM2M0FG&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D0840FBD7-3FE4-406E-8991-93E6855C9219
  • https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
0
157 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
6be5c8c128e83607-MAN
content-length
0

Redirect headers

location
https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
date
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
apn-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
  • https://router.infolinks.com/dyn/apn-usync?user_id=2474772255915933107
35 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/apn-usync?user_id=2474772255915933107
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8bbddc23607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:38 GMT
X-Proxy-Origin
89.238.142.212; 89.238.142.212; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
ccc88622-6113-4e02-aa0a-cfe3889c0d15
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://router.infolinks.com/dyn/apn-usync?user_id=2474772255915933107
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cm
u.openx.net/w/1.0/ Frame 41C9 		43 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
VR-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58422/occ
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
  • https://router.infolinks.com/dyn/VR-usync?uid=y-ZpUSiAxE2uGn4b0jUWPjcPkeXZcrfY1hAJH3GMo-~A
35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/VR-usync?uid=y-ZpUSiAxE2uGn4b0jUWPjcPkeXZcrfY1hAJH3GMo-~A
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8bc1de53607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT

Redirect headers

location
https://router.infolinks.com/dyn/VR-usync?uid=y-ZpUSiAxE2uGn4b0jUWPjcPkeXZcrfY1hAJH3GMo-~A
date
Thu, 16 Dec 2021 06:16:39 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
r1-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://sync.1rx.io/usersync2/infolinks
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4531523659
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4531523659
  • https://sync.1rx.io/usersync/tradedesk/76eaaba9-a022-46ce-a4b9-adce9b50399f
  • https://sync.targeting.unrulymedia.com/csync/RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003
35 B
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/r1-usync?uid=RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8c0083a3607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT

Redirect headers

location
https://router.infolinks.com/dyn/r1-usync?uid=RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003
date
Thu, 16 Dec 2021 06:16:39 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX2436b0f3c83d4c8baec3cf4ec1f8e04d003
content-type
text/html
zmn-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
  • https://router.infolinks.com/dyn/zmn-usync?uid=
35 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store
cf-ray
6be5c8be3f463607-MAN
content-length
35

Redirect headers

Location
https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
70
Content-Type
text/html; charset=utf-8
us
sync.go.sonobi.com/ Frame 41C9 		0
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:38 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
ca.png
s.cpx.to/ Frame 41C9
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.aiupnow.com%252F2021%252F12%252Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.aiupnow.com%25252F2021%25252F12%25252Fhackers-using-malicious-iis-server.html%26pid%3D1...
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2474772255915933107
95 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2474772255915933107
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Server
52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-63-112.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache, no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Thu, 16 Dec 2021 06:16:39 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Thu, 16 Dec 2021 06:16:39 UTC

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:38 GMT
X-Proxy-Origin
89.238.142.212; 89.238.142.212; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
7b7aef8c-565b-4844-ac37-4c5a979fe4a1
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2474772255915933107
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
dsp.adkernel.com/ Frame 41C9 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
outh-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UPbaa48959-5e37-11ec-a355-06323c827ac4
  • https://router.infolinks.com/dyn/outh-usync?uid=y-ssIrZh5E2uEaqQ1L2Xor1xsFeIt19O7O~A~UPbaa48959-5e37-11ec-a355-06323c827ac4
35 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/outh-usync?uid=y-ssIrZh5E2uEaqQ1L2Xor1xsFeIt19O7O~A~UPbaa48959-5e37-11ec-a355-06323c827ac4
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8bc9e2f3607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT

Redirect headers

location
https://router.infolinks.com/dyn/outh-usync?uid=y-ssIrZh5E2uEaqQ1L2Xor1xsFeIt19O7O~A~UPbaa48959-5e37-11ec-a355-06323c827ac4
date
Thu, 16 Dec 2021 06:16:39 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usersync
match.bnmla.com/ Frame 41C9 		0
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
sovrn-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
  • https://router.infolinks.com/dyn/sovrn-usync?uid=43bb7d2911283285c3fdde80
35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/sovrn-usync?uid=43bb7d2911283285c3fdde80
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8be6f673607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT

Redirect headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://router.infolinks.com/dyn/sovrn-usync?uid=43bb7d2911283285c3fdde80
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
usersync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDg0MEZCRDctM0ZFNC00MDZFLTg5OTEtOTNFNjg1NUM5MjE5&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D0840FBD7-3FE4-406E-8991-93E6855C9219
  • https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
0
184 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
6be5c8c128e73607-MAN
content-length
0

Redirect headers

location
https://router.infolinks.com/dyn/usersync?pmuservalue=0840FBD7-3FE4-406E-8991-93E6855C9219
date
Thu, 16 Dec 2021 06:16:38 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
zeta-usync
router.infolinks.com/dyn/ Frame 41C9
Redirect Chain
  • https://p.rfihub.com/cm?pub=43153&in=1
  • https://router.infolinks.com/dyn/zeta-usync?uid=5124322320639551250
35 B
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zeta-usync?uid=5124322320639551250
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8be8f723607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/zeta-usync?uid=5124322320639551250
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
ssc-cms.33across.com/ps/ Frame 41C9 		0
72 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP005 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status
2000208
date
Thu, 16 Dec 2021 06:16:38 GMT
server
33XP005
iq-usync
router.infolinks.com/dyn/ Frame 41C9 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/iq-usync
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6be5c8bcde4f3607-MAN
content-length
0
1
mc.yandex.ru/watch/53791720/
Redirect Chain
  • https://mc.yandex.ru/watch/53791720?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkq...
  • https://mc.yandex.ru/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyj...
385 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfpgygy63o3j%3Afp%3A996%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A13840100265%3Ahid%3A396170086%3Az%3A0%3Ai%3A20211216061638%3Aet%3A1639635399%3Ac%3A1%3Arn%3A966339549%3Arqn%3A1%3Au%3A16396353991036985383%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639635397039%3Ads%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C595%2C38%2C%2C%2C%2C1279%3Adsn%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C244%2C39%2C%2C%2C%2C1278%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1639635399%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
755026a08524e613a9b91a5d75c46317a6317743dc0eb1aef4680e1396fa9bdf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
last-modified
Thu, 16-Dec-2021 06:16:38 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
385
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:38 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
last-modified
Thu, 16-Dec-2021 06:16:38 GMT
location
/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfpgygy63o3j%3Afp%3A996%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A13840100265%3Ahid%3A396170086%3Az%3A0%3Ai%3A20211216061638%3Aet%3A1639635399%3Ac%3A1%3Arn%3A966339549%3Arqn%3A1%3Au%3A16396353991036985383%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639635397039%3Ads%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C595%2C38%2C%2C%2C%2C1279%3Adsn%3A0%2C96%2C580%2C354%2C0%2C0%2C%2C244%2C39%2C%2C%2C%2C1278%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1639635399%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:38 GMT
JQb9M84BqIm.css
www.facebook.com/rsrc.php/v3/yN/l/0,cross/ Frame 018C 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yN/l/0,cross/JQb9M84BqIm.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5257f6397ef05fa34f2658be967345dac7937800cdf382bd8635e31384296191
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:42:52 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
R4Tr9HQCAgXf/SarMAA6/w==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
4856
x-fb-rlafr
0
x-fb-debug
GtovCKaCRWW3pSEkU3OyPpDK7AlIBGgbJmVKijLHLB2eEhzlkGldBbnmcEsBFUxxTyhKwc1Czi5nUd+qWI07Fg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 15 Dec 2022 15:42:52 GMT
follow.0a706f0e.css
open.scdn.co/cdn/build/follow/ Frame 9ABA 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d53fc34a8a2122326a547282899df3aa84a3def278217628e218ba771c4305cb

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:38 GMT
Content-Encoding
gzip
Last-Modified
Tue, 14 Sep 2021 18:46:56 GMT
Age
6072742
ETag
"a9ad2dfe3e9e46234acb05f652cf0260"
X-Served-By
cache-ord1724-ORD, cache-hhn11540-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1310
X-Cache-Hits
1, 7494
vendor~follow.ef331d43.js
open.scdn.co/cdn/build/follow/ Frame 9ABA 		116 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/vendor~follow.ef331d43.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8520c4df0969be1603059e7639e03decb805f23feb63736ba40f00365156caa

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:38 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Dec 2021 16:26:02 GMT
Age
1259260
ETag
"395be2330d0d79dc39a74e34ede9cde0"
X-Served-By
cache-ord1727-ORD, cache-hhn11522-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
36736
X-Cache-Hits
1, 7862
follow.06002ccf.js
open.scdn.co/cdn/build/follow/ Frame 9ABA 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/follow.06002ccf.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
49de1b93c5df859944a241ed5328040a31aaf63a22caf2f64975f3d9bb362617

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:38 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:02:02 GMT
Age
25843
ETag
"06939bf4fced17bfcda51ce399ae8d4d"
X-Served-By
cache-ord1725-ORD, cache-hhn11569-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
5023
X-Cache-Hits
1, 87
ads
googleads.g.doubleclick.net/pagead/ Frame 836F 		82 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d69ce89c3ea8c123578d546fd149843e3ec1c83cac45023ec1f80f788c7615ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
29521
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
www-subscribe-embed_split_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 6DC0 		38 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504923
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6066
x-xss-protection
0
last-modified
Wed, 18 Nov 2020 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:15 GMT
AKedOLQvEGQZieCyCYqn0YCdtdRHEg6M0BUtm3bgWYwWIQ=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 6DC0 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/ytc/AKedOLQvEGQZieCyCYqn0YCdtdRHEg6M0BUtm3bgWYwWIQ=s48-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e7a4de80dbec3e143eea735672c7a5aff8303e551c431f479f7e9f8b6c20b78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1675
x-xss-protection
0
server
fife
etag
"v9f"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 17 Nov 2021 13:50:29 GMT
www-subscribe-embed_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 6DC0 		252 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504922
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
73785
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:16 GMT
shares.json
api.bufferapp.com/1/links/ 		66 B
410 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bufferapp.com/1/links/shares.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&callback=JSONP_9494
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.138.31 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f3a2b319fd9e6fbfa8b9caefe9cf9a03489e4b03e14dd8215400caf7f33f170c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=43200
cf-ray
6be5c8bb780654d5-MAN
etag
W/"42-nYX8Y3H/RFYi/BIBJefa5XuesDk"
expires
Thu, 16 Dec 2021 18:16:39 GMT
dk
connect.ok.ru/ 		11 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://connect.ok.ru/dk?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tp=json&ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&st.cmd=extLike
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.20.147.3 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
ip3.147.odnoklassniki.ru
Software
apache /
Resource Hash
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
Security Headers
Name Value
Content-Security-Policy default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
Strict-Transport-Security max-age=63072000;includeSubdomains;preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
br
vary
Accept-Encoding
rendered-blocks
WidgetExtLike
content-security-policy-report-only
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
x-xss-protection
1; mode=block
pragma
no-cache
server
apache
strict-transport-security
max-age=63072000;includeSubdomains;preload
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-security-policy
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
x-content-type-options
nosniff
expires
Mon, 26 Jul 1997 05:00:00 GMT
count.json
api.pinterest.com/v1/urls/ 		103 B
350 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&callback=JSONP_3733
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
57ba6876ec4261bdfff3dab8d5dd806264e6d53721cb917647963dfa07e8dd34
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
x-cdn
fastly
age
0
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
x-pinterest-rid
1732383327321109
content-length
103
expires
Thu, 16 Dec 2021 06:31:38 GMT
button_info.json
www.reddit.com/ 		120 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ratelimit-used
1
via
1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
120
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
x-clacks-overhead
GNU Terry Pratchett
server
snooserv
x-frame-options
SAMEORIGIN
date
Thu, 16 Dec 2021 06:16:39 GMT
x-ratelimit-remaining
299
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset
201
accept-ranges
bytes
expires
-1
stats
api.tumblr.com/v2/share/ 		142 B
392 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.tumblr.com/v2/share/stats?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
assets.tumblr.com
Software
nginx /
Resource Hash
92a52c85d6e732cc7b34a65f9317ef052b15c2f2b58c9fc7f0ef939c7e3ba248
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Accept-Encoding
p3p
CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
access-control-allow-origin
https://www.aiupnow.com
x-rid
c433a02b6318a6868fe5d81ab82a935e
strict-transport-security
max-age=31536000; preload
accept-ranges
bytes
content-type
application/json; charset=utf-8
content-length
136
share.php
vk.com/ 		24 B
482 B 		Script
General
Check archive.org
Download Go to
Full URL
https://vk.com/share.php?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&act=count&index=9237&callback=JSONP_5547
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.240.190.67 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS
srv67-190-240-87.vk.com
Software
kittenx / KPHP/7.4.109646
Resource Hash
9bf3586f658525a33339636e3673dcd20db704f7dc4a8399ebaba807e1a6425a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-frontend
front220005
server
kittenx
x-powered-by
KPHP/7.4.109646
strict-transport-security
max-age=15768000
content-type
text/html; charset=windows-1251
access-control-expose-headers
X-Frontend
cache-control
no-store
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
44
yum-count
www.yummly.com/services/ 		11 B
724 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.yummly.com/services/yum-count?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1b47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
vary
Accept-Encoding
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11
last-modified
Thu, 16 Dec 2021 06:16:39 GMT
server
cloudflare
x-yummly-req-id
a6d1be81-9399-40fd-b7eb-912d3e40842d
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
86400
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.aiupnow.com
cache-control
private
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
6be5c8bc087c0f76-MXP
access-control-allow-headers
DNT,User-Agent,Cache-Control,Content-Type,X-Yummly-Auth-Token,Accept,Authorization,If-Match,If-None-Match,If-Modified-Since,If-Unmodified-Since,X-Yummly-App-Id,X-Yummly-App-Key,X-Visitor,X-Yummly-Type,X-Forwarded-For,X-Yummly-Locale,X-Yummly-Domain,X-Yummly-Timeout-Millis
advert.gif
mc.yandex.ru/metrika/ 		43 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
last-modified
Wed, 15 Dec 2021 16:08:50 GMT
etag
"61b9e8e2-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Thu, 16 Dec 2021 07:16:38 GMT
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5043193
x-cache
Hit from cloudfront
content-length
2978
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-ba2"
content-type
text/css; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
7HNo5d56teDzhZeMrpPn8t8HxB3CQ0q6X6dJ_47qqS97RlZzqGwr1g==
x-cache-hits
0
common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
c.disquscdn.com/next/recommendations/ 		0
87 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5043193
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
ly5Zh7npDYG7vdnwMmTKtevjmto7iaCbb4E1Bu6Xl8zSnv8Rx94ymA==
x-cache-hits
0
recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5651455
x-cache
Hit from cloudfront
content-length
20244
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 11 Oct 2021 20:15:56 GMT
server
nginx
etag
"61649b7c-4f14"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 11 Oct 2022 20:25:43 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
lIN-_UI1pXQegp_KwBGTohAI2SxOIGuSiuuzu1YARfgKQbTRCGxw9w==
x-cache-hits
0
integrator.js
adservice.google.co.uk/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame C8E1 		77 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ce1ea3b23523090abc2d5b16bf6cf2d940039ca4f754dc7719af34b4185cb7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
29321
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
dmp.jq_flight.3033f0d7176196134921.js
static1.dmcdn.net/playerv5/ Frame 19C5 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.jq_flight.3033f0d7176196134921.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156619
server-timing
total;dur=0, dc;desc="dc3"
content-length
14940
last-modified
Mon, 13 Dec 2021 14:03:33 GMT
server
DMS/1.0.42
etag
"61b752b5-a5dc"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
ca74c38b4d6a21e99ab69504b9a482da
expires
Thu, 13 Jan 2022 10:46:20 GMT
dmp.manifest.a8563fface00cf3c9b95.js
static1.dmcdn.net/playerv5/ Frame 19C5 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
a2c0acdd5bc625dde811cbe3d364688921eef737a6663a070cef6995a4fdb84b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
57755
server-timing
total;dur=0, dc;desc="dc3"
content-length
2043
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-1085"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
207fdd3dce057984ecbf2a9823d3e4f6
expires
Fri, 14 Jan 2022 14:14:04 GMT
dmp.vendor.dc19b5e1e17ebe5b97db.js
static1.dmcdn.net/playerv5/ Frame 19C5 		332 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
50f875818c12b4bac50d2ac2bb80e0edab07d6172d77641c305daf077f2c34ad

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156619
server-timing
total;dur=0, dc;desc="dc3"
content-length
102538
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-531cd"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
9ec717891fbbd1458f7c7eb745d55849
expires
Thu, 13 Jan 2022 10:46:20 GMT
dmp.main.6d671f5d9b1fba0ca616.js
static1.dmcdn.net/playerv5/ Frame 19C5 		210 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.main.6d671f5d9b1fba0ca616.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
db01487388f15a4c0cb6c6e28ca365fc9a9e0855a90894665baa6f582c9e50b6

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156619
server-timing
total;dur=1, dc;desc="dc3"
content-length
49333
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-347b9"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
6ec33c462d9fa2b358dc4169ae3a0c90
expires
Thu, 13 Jan 2022 10:46:20 GMT
dmp.svg_critical.2202bba64ea46ecc7424.js
static1.dmcdn.net/playerv5/ Frame 19C5 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.svg_critical.2202bba64ea46ecc7424.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156619
server-timing
total;dur=0, dc;desc="dc3"
content-length
2586
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-2da4"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
6a5189d156448752eed8a9102e06fc56
expires
Thu, 13 Jan 2022 10:46:20 GMT
3087399934-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame A41E 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/3087399934-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 00:59:10 GMT
x-content-type-options
nosniff
age
19049
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10009
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:09:11 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 16 Dec 2022 00:59:10 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame A41E 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b2534d2e7e46f99247fb8da7142946eeb60dc696d63681d66fd6f215a3fc8756
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-2Iij5EBAcBoUY7n3CHLySg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
etag
"c9401058e5ac5643c1135184387bf659"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-2Iij5EBAcBoUY7n3CHLySg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 16 Dec 2021 06:16:38 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame EAA1 		86 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
159a5e40aad7f035e0dc92dfcc0cc958932ee7682cf3423503929fe43830d227
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
30371
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:39 GMT
Content-Length
0
dmp.locale-en-US.89c08fbc7e17a76680a7.json
static1.dmcdn.net/playerv5/ Frame 19C5 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.locale-en-US.89c08fbc7e17a76680a7.json
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
d71d986a726a9a3b37c6a5e049fee9692442911b24fcbc115a55608634a3ebf9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
701899
server-timing
total;dur=0, dc;desc="dc3"
content-length
1077
last-modified
Tue, 07 Dec 2021 16:18:42 GMT
server
DMS/1.0.42
etag
"61af8962-fbd"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
918547e861a50d774854901877bd0531
expires
Fri, 07 Jan 2022 03:18:20 GMT
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
x7zgqmr
www.dailymotion.com/player/metadata/video/ Frame 19C5 		14 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/player/metadata/video/x7zgqmr?embedder=https%3A%2F%2Fwww.aiupnow.com%2F&referer=&dmV1st=DE46E839691BEACDA897E6678768451B&dmTs=564338
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
c2ca691fb99db5d425f30e3a6ef5a2f9c6d44045902ab8092d0f2ddac2d8e1ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Thu, 16 Dec 2021 06:16:38 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
application/json; charset=utf-8
Cache-Control
no-cache
Server-Timing
total;dur=474, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
Content-Length
8866
dmp.theme_neon.1783142d9b9ad037170c.js
static1.dmcdn.net/playerv5/ Frame 19C5 		576 KB
158 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
bf459edbca835630ab04fe10ab0ea320af9c2a02a28354fac1dd2dacb5b48155

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
57755
server-timing
total;dur=2, dc;desc="dc3"
content-length
161081
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-90070"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
392daf239ead7f867fb611d2ea1b38db
expires
Fri, 14 Jan 2022 14:14:04 GMT
dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
static1.dmcdn.net/playerv5/ Frame 19C5 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
b4700758182849390e83510cfa4d6ac01e49183ad810851b099d55fb0b93eec1

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156619
server-timing
total;dur=0, dc;desc="dc3"
content-length
16342
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-f198"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
08ec5ad866fce44fec9762f5fdeb57b8
expires
Thu, 13 Jan 2022 10:46:20 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 19C5 		375 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126523
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
lounge.load.9068118211410bc5f67f5bb8d6806cba.js
c.disquscdn.com/next/embed/ Frame 66D4 		958 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Origin
https://disqus.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
715772
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
494
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1ee"
content-type
application/javascript; charset=utf-8
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
_PsrF_ABlsrlf1W4CUzIMWYYVTIrxY0w_lSKI5Lc_P5_cW1Pwp3N0Q==
x-cache-hits
0
ab6761610000e5eb98dc0774392df9f6b5fc1b46
i.scdn.co/image/ Frame 9ABA 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.scdn.co/image/ab6761610000e5eb98dc0774392df9f6b5fc1b46
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b71079af3ec36279d0386b3b1498fa09d315d859221fa026027c4175ca3c7f0f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Last-Modified
Fri, 02 Jul 2021 00:15:12 GMT
Age
687073
ETag
"1f5a157460acdc751052c30ff0e26f3d"
X-Served-By
cache-ord1737-ORD, cache-hhn11546-HHN
X-Cache
HIT, HIT
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
43112
X-Cache-Hits
1, 1
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tn=DIV&cls=shareaholic-cookie-consent%20shareaholic-bottom-align%20shr-no-print&ign=false&pw=1600&ph=1200&x=1575&y=1175
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tn=DIV&id=cookieChoiceInfo&cls=cookie-choices-info%20singleton-element&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame EE13 		152 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&adk=1812271804&adf=3025194257&lmt=1639609134&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398348&bpp=1&bdt=629&idt=596&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600%2C250x250&nras=1&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=9&uci=a!9&fsb=1&dtd=611
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
91c71e452935a05cae764c9e9ce251a5d4088d23a4f764988f0aed6f19b6908c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 06:16:39 GMT
server
cafe
content-length
35748
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private
bubble.js
resources.infolinks.com/js/1769.027-3.025/ 		156 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/bubble.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be5c8bb9dad3607-MAN
date
Thu, 16 Dec 2021 06:16:38 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
11940
etag
W/"27044-5d2d8ec551e5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Sat, 15 Jan 2022 02:57:38 GMT
ping
api.viglink.com/api/ 		232 B
680 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/ping
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.64.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-64-153.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
f5faeb48c8c68fd8cfa486fff4f37b181eae3a57ffa783670fee9a3473c29b09

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:38 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.aiupnow.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
232
Expires
Thu, 01 Jan 1970 00:00:00 GMT
subscribe_button_branded_lozenge.png
www.youtube.com/s/subscriptions/subscribe_embed/img/ Frame 6DC0 		156 B
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/img/subscribe_button_branded_lozenge.png
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 09:51:49 GMT
x-content-type-options
nosniff
last-modified
Fri, 18 Sep 2020 20:15:00 GMT
server
sffe
age
73490
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
156
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 09:51:49 GMT
/
disqus.com/recommendations/ Frame 0342 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
efed9c0be7c7adf375be6a20b399eeb790011c96ec3c3921fa91cc3d0fb7e095
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Connection
keep-alive
Content-Length
2326
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Thu, 09 Sep 2021 15:45:27 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Thu, 16 Dec 2021 06:16:39 GMT
Age
0
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ Frame 6DC0 		126 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
01cc0d5bdf0efbb377c7223a65d5d5cabcd1f12afffc3f243b8d77f10861d74c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 22:46:09 GMT
x-content-type-options
nosniff
age
113430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128681
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 Dec 2022 22:46:09 GMT
sprite@1.0435c9db.png
open.scdn.co/cdn/images/follow/ Frame 9ABA 		576 B
1018 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://open.scdn.co/cdn/images/follow/sprite@1.0435c9db.png
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8306b110649100e1a82a22573136f9208f5ceb738bb508a7d2fbad3b66bed7aa

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Last-Modified
Mon, 22 Nov 2021 10:37:26 GMT
Age
2054023
ETag
"be80ee12621c68563801dfc8ad5381d6"
X-Served-By
cache-ord1746-ORD, cache-hhn11569-HHN
X-Cache
HIT, HIT
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
576
X-Cache-Hits
37, 1284
/
o22381.ingest.sentry.io/api/1282937/envelope/ Frame 9ABA 		2 B
245 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o22381.ingest.sentry.io/api/1282937/envelope/?sentry_key=f70d4f661ef54b5fb9de10b5bb21e376&sentry_version=7
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/follow/vendor~follow.ef331d43.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://open.spotify.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://open.spotify.com
access-control-expose-headers
retry-after, x-sentry-rate-limits, x-sentry-error
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
intag_incontent.js
resources.infolinks.com/js/1769.027-3.025/ 		173 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/intag_incontent.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be5c8bc4e043607-MAN
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
11007
etag
W/"2b399-5d2d8ec55168c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Sat, 15 Jan 2022 03:13:12 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ Frame A41E 		51 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8810175440dc6192ce2f7f404a2c8442fc1f1b0c5e6d5f03579ad1c7eea48da6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 23:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
110341
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18300
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 Dec 2022 23:37:38 GMT
/
www.facebook.com/tr/ Frame 951A 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.aiupnow.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.aiupnow.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Thu, 16 Dec 2021 06:16:39 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 560C 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
684
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 560C 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 560C 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
dcm
s.amazon-adsystem.com/ Frame A458
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DCHBF43041XJ410AKPJR
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
P8KXMNCBP4Y993077SRF
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame A458
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB&gdpr_consent=&us_privacy=&gdpr=1
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESECrEvS2lzjmYiclvqb5Qoy4&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESECrEvS2lzjmYiclvqb5Qoy4&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Thu, 16 Dec 2021 06:16:39 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESECrEvS2lzjmYiclvqb5Qoy4&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame A458 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame A458
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbrZxqPeBnkhKBrHhDzkgQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO-cTEPEzSCoiW_4Q0hnstU&google_cver=1&gdpr=1
43 B
997 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO-cTEPEzSCoiW_4Q0hnstU&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 16 Dec 2021 06:16:39 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO-cTEPEzSCoiW_4Q0hnstU&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum.casalemedia.com/ Frame A458
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1639721799&gdpr=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1639721799&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Thu, 16 Dec 2021 06:16:39 GMT

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1639721799&gdpr=1
pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame A458 		43 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YbrZxqPeBnkhKBrHhDzkgQAAApIAAAIB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:76e9:6e08:1a45:971c Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
crum
dsum-sec.casalemedia.com/ Frame A458
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=dlE3Hli01MXK4f5&gdpr=1
43 B
1012 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=dlE3Hli01MXK4f5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 16 Dec 2021 06:16:39 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
PingMatch/v2.0.30-693-g87a8e09#rel-ec2-master i-0e9f0e24f4a2a06c9@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=dlE3Hli01MXK4f5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
x.bidswitch.net/ Frame A458 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.200.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-200-54.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
ix-usync
router.infolinks.com/dyn/ Frame A458 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/ix-usync?uid=YbrZxqPeBnkhKBrHhDzkgQAA%26658
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be5c8bd4eb83607-MAN
content-length
35
expires
Wed, 16 Dec 2020 06:16:39 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		153 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0dbe03e13c5631178bcea784e0cd37fa982549be1183567da94dc618adf212c0
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Wed, 15 Dec 2021 06:14:43 GMT
expires
Thu, 15 Dec 2022 06:14:43 GMT
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
25699
age
86516
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 560C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C54Wixtm6YaL2H9Wx7gOesoSAC56Uvu9l_N6xxowP5LzZqdcqEAEgvfTmcGC7hoCA0AqgAYGQjs4DyAEJqQKAtW1z2Dy2PqgDAcgDAqoEhQJP0JKZA8V7ni0fI5JPaRWsm9pkRYMwEeOk9msaLobqEATInXWIRGd9IGAE0kPtiX2kkYBJsPE8W8XlgJp7GTZgnL4JSP2AOQul7fJcdILf_HGM8QD4aFAiu4QSq2V1QpedVCGvAhL_-7Q75MxhevstFX89wjKwFARhlB0lfqjgS8Fanbw4lofXl4pe0NtWboHtazIqa9U45Muyk_gOF9SqNk-LOXJ-DvfikWT2vR-sFoFfIb5GnBOQ330waJ8aSphIx0pCznJfkcteAKFfIoNunjS9rDdRQz2Gsug8PZc_Ap-oafxktUhRN32UmSyCBukFU7Fr94LH6u20gUMrigafd7znQcvABP3z-MzeA5IFBAgEGAGSBQQIBRgEoAZdgAfn7_ExqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQk-dG0ggJCIDhgHAQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=BR0yaIXHWF8&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame B608 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
859
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ Frame 66D4 		282 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 14:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4462269
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94779
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Fri, 22 Oct 2021 00:26:02 GMT
server
nginx
etag
"6172051a-1723b"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 25 Oct 2022 14:45:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
rT83I5RwH3AY2PkTPpinetT3241WFKRjwW1GDeeq72aO30VZL0pBdA==
x-cache-hits
0
domains
api.viglink.com/api/ 		76 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.64.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-64-153.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e6829d5b4a0802d493bfa6fe6efb9e9db4763299c47d1a29000145c64984c966

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.aiupnow.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
76
Expires
Thu, 01 Jan 1970 00:00:00 GMT
getads.htm
rt3009.infolinks.com/action/ 		2 KB
783 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3009.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22IL_IN_ARTICLE0%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22a%22%2C%22miw%22%3A1%2C%22maw%22%3A342%2C%22mih%22%3A12%2C%22mah%22%3A2400%2C%22sdata%22%3A%22social%20networking%20site%22%2C%22scs%22%3A%22902ab5SPJo%22%7D%5D&rid=f1c82701-0f74-41bf-86c4-4f2ff5de51a4&jsv=1769.027-3.025&sr=1600X1200&rts=1639635399285&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tzo=-0000&c=c&strg=true&rsd=k7OlgGWcO0Ri5xUmJEiTmG11l6KaormGPtxiYnapdhwMbsAR_fMB-Qkr0wAV0Y4C9D_oTzn--HcbDiKATallJqKzhJrPI-Ad9kBeQPOFEylb_7v9LxhbipURIMTO661Qhl8lLGi7Q6S2SavFgIMz7hgBnakQM0JgZ7LKqRD6w28&rsk=26&rcs=fu_NESAJFGdaX3UpjeYXYw&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c64d5de3007f6cf4df15b2b4ff8d0e566c48d69c34ae9a5d4105b85ef83c564e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="NON DSP NID OUR COR"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language
en-GB
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be5c8bd9ee83607-MAN
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
dcl.htm
rt3009.infolinks.com/action/ 		0
80 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3009.infolinks.com/action/dcl.htm?rid=f1c82701-0f74-41bf-86c4-4f2ff5de51a4&jsv=1769.027-3.025&capara=%7B%22mode%22%3A%22default%22%2C%22markers%22%3A1%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be5c8bd9ee93607-MAN
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 712D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
684
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 712D 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 712D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
css
fonts.googleapis.com/ Frame 42B5 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:18:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:39 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 42B5 		1 KB
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:57:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1148
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 05:57:31 GMT
recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
c.disquscdn.com/next/recommendations/ Frame 0342 		923 B
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
Requested by
Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2bfdbf7d2df8d37016a17d53674d2799bb77996a763bf2bee8b1f604dd31a9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/
Origin
https://disqus.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5043193
x-cache
Hit from cloudfront
content-length
446
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-1be"
content-type
application/javascript; charset=utf-8
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
XWx9MkL_Gq3CkIn2LzppaXZSvZGa3-eFyJVLMyViX6GmFS_NRblfng==
x-cache-hits
0
10511278376191962957
tpc.googlesyndication.com/simgad/ Frame F99B 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/10511278376191962957?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4ql-a32t3VE-N0c-1iQAylQRwejNbg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6baee973ea81a9215152cdfba5cd63f80ff4913fe33c916f6e6fb42a6b12e9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 20:00:51 GMT
x-content-type-options
nosniff
age
382548
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128344
x-xss-protection
0
last-modified
Fri, 10 Dec 2021 13:30:11 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 11 Dec 2022 20:00:51 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame F99B 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:07:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
536
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:07:43 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame F99B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
684
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		153 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b32688c6a904698b92220c7a34832402acdd326ff715643c9dc7022249f7c256
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Wed, 15 Dec 2021 06:53:27 GMT
expires
Thu, 15 Dec 2022 06:53:27 GMT
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
25702
age
84192
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 712D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CIc4Fxtm6Yb7uHrii7_UP2ZWzkAyelL7vZZzgscaMD-S82anXKhABIL305nBgu4aAgNAKoAGBkI7OA8gBCakC-jSP8J5Atj6oAwHIAwKqBIICT9BoXcXLd-nw0ga3OM7jOJ1MS7pbwiEhVrL98l4tIvxlyhQNbHIFgoEOcvuJL2XzNrkJzacY6DyABhyrqQZD3wxhTWk7ni629zX8_AIxmOIgo4RS0oJGFwOhLWeyHJQcSr5Wns8YuNruO-TWFNc23sR6sSTNkysVI-fyRFra-tbPpXi-YsLLR8r_yusjWtPrk4CNvYhjs1qmqhp64-CjY-aQyp2s5z1EdwPF-Pjuphp89dP8N_jSRxYuAhxBldXfX_aS6u-K2Zh3EkL9-DWME2BLuotCjt79FQhfKEA0ByHj60hzfSDsfe3vaOt4XYJoEMt8nDiUQOgveZel9vWcDlvswAT98_jM3gOSBQQIBBgBkgUECAUYBKAGXYAH5-_xMagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEMbMC9IICQiA4YBwEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi0xMzQyMzQ3ODQzMzUxMzM4GAA&sigh=fFyB6jHcioY&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame E0DE 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
859
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame 836F 		4 KB
619 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 06:13:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:39 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 836F 		1 KB
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:57:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1148
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 05:57:31 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 42B5 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:07:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
536
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:07:43 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 42B5 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
684
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 42B5 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 42B5 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 42B5 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126598
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
Less-Stress-Infographic_FINAL.png
blogs.windows.com/wp-content/uploads/prod/sites/2/2021/11/ 		512 KB
513 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.windows.com/wp-content/uploads/prod/sites/2/2021/11/Less-Stress-Infographic_FINAL.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
078a1d8d47b0189af4d40f3b7732b9e622a971c94cd6d0d111eeecf215d4c269

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
content-md5
MYsHuM3b2QRo+mPbo2ZeDA==
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
523905
x-ms-lease-state
available
x-ms-lease-status
unlocked
last-modified
Wed, 17 Nov 2021 13:34:27 GMT
server
cloudflare
etag
"0x8D9A9CEF9F377A3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
x-ms-request-id
c73386cd-701e-004e-3144-f2bd8d000000
cache-control
max-age=315360000
x-ms-version
2014-02-14
accept-ranges
bytes
cf-ray
6be5c8bf6e1935fb-MAN
expires
Thu, 31 Dec 2037 23:55:55 GMT
steelseries-arctis-pro-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/steelseries-arctis-pro-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
538644c8d03a34a5f5842ab02d4f32e975b50607bbf7bb3528da122eb0d912b8

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:22:20 GMT
server
cloudflare
etag
"5f0dcdac-6c56"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8ca5a31-MXP
content-length
27734
expires
Sun, 16 Jan 2022 06:16:40 GMT
steelseries-arctis-pro-dac-cropped.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/steelseries-arctis-pro-dac-cropped.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afec0c8624bf56edfff72e4f496a1a8d9339be03ccd85eb2397994da127df88e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 02 Jun 2020 15:50:58 GMT
server
cloudflare
etag
"5ed67562-a22b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8cd5a31-MXP
content-length
41515
expires
Sun, 16 Jan 2022 06:16:40 GMT
hyper-x-cloud-alpha-blackout-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/hyper-x-cloud-alpha-blackout-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
690e2c2fc087cba6dcf864ee61e6c566049979c4f5da31b6ec63b8e7ce3ad05a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:15:58 GMT
server
cloudflare
etag
"5f0dcc2e-511b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8cf5a31-MXP
content-length
20763
expires
Sun, 16 Jan 2022 06:16:40 GMT
hyper-x-cloud-alpha-se-hero.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/hyper-x-cloud-alpha-se-hero.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02f1a982fff273502b329ba242f856f115b2e51273ffc4476bee77f5172680d4

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:08:12 GMT
server
cloudflare
etag
"5f0dca5c-d6c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8d25a31-MXP
content-length
54976
expires
Sun, 16 Jan 2022 06:16:40 GMT
blackshark-v2-t1bg.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/blackshark-v2-t1bg.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86bd843e845b3814a6cb1438975575e4b8dcd68f9c2ca1a420c649b2d8db6f3b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Fri, 31 Jul 2020 13:22:24 GMT
server
cloudflare
etag
"5f241b10-347a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8d35a31-MXP
content-length
13434
expires
Sun, 16 Jan 2022 06:16:40 GMT
51jmb3ciuhl._ac_sl1500_.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/51jmb3ciuhl._ac_sl1500_.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd27265365870814b531d27242813f9df904229b004d7e6f6e1512a68d29f8f4

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Fri, 31 Jul 2020 13:22:25 GMT
server
cloudflare
etag
"5f241b11-d616"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8d55a31-MXP
content-length
54806
expires
Sun, 16 Jan 2022 06:16:40 GMT
razer-nari-ultimate-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/razer-nari-ultimate-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08a0a69cc7b20ebc145be0de33415376df6b98011bde781c6bef07ce39564b33

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:54:30 GMT
server
cloudflare
etag
"5f0dd536-6e19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8d95a31-MXP
content-length
28185
expires
Sun, 16 Jan 2022 06:16:40 GMT
razer-nari-ultimate-se_0.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/razer-nari-ultimate-se_0.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4a0ee6d728ead9cf6f762458a1de9463cfea40e4edce958d445ee006fc27f16

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 16 Jun 2020 21:10:15 GMT
server
cloudflare
etag
"5ee93537-15118"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bfd8da5a31-MXP
content-length
86296
expires
Sun, 16 Jan 2022 06:16:40 GMT
plugable-onyx-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/plugable-onyx-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bec9c490503ced6d8e92080693b1cea51de26bc67b758394b4638f2f1a03cd8

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Jul 2020 10:43:34 GMT
server
cloudflare
etag
"5f0eddd6-4bdd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff8ff5a31-MXP
content-length
19421
expires
Sun, 16 Jan 2022 06:16:40 GMT
plugable-onyx-headset.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/plugable-onyx-headset.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
311d0ae54122e562c9d7209237279a234746e4bc9bc08c8fa698fd7a84d79a1c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 02 Jun 2020 13:24:43 GMT
server
cloudflare
etag
"5ed6531b-e4e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9005a31-MXP
content-length
58597
expires
Sun, 16 Jan 2022 06:16:40 GMT
turtle-beach-elite-aero-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/turtle-beach-elite-aero-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f0ddfab71df0dd2b6b3dbd61f8cc7abcf266187d86e135df0a545a8071af409

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Jul 2020 10:58:05 GMT
server
cloudflare
etag
"5f0ee13d-5fb9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9015a31-MXP
content-length
24505
expires
Sun, 16 Jan 2022 06:16:40 GMT
turtle-beach-elite-atlas-aero-se.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/01/ 		199 KB
199 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/01/turtle-beach-elite-atlas-aero-se.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd134b4001ca6ab0b25d9df618162ca0c867a3b40cc0d16e53b5fbb142c8cb8c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 21 Jan 2020 14:02:10 GMT
server
cloudflare
etag
"5e270462-31ac6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9025a31-MXP
content-length
203462
expires
Sun, 16 Jan 2022 06:16:40 GMT
steelseries-arctis-1-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/steelseries-arctis-1-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c54745b0cbf62e61ae51457f61995fdb04a4ac6c9ea5a371a3ba28148b74a917

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Jul 2020 11:12:03 GMT
server
cloudflare
etag
"5f0ee483-4ea6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9035a31-MXP
content-length
20134
expires
Sun, 16 Jan 2022 06:16:40 GMT
steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/05/ 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/05/steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1801957e205fedeb5ad3143a9a15114323490bf7babf1444e4695dff08d16be

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 05 May 2020 12:23:38 GMT
server
cloudflare
etag
"5eb15aca-191ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9055a31-MXP
content-length
102893
expires
Sun, 16 Jan 2022 06:16:40 GMT
richard-avatar.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/ 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/richard-avatar.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10a64ebb8661643d154d9ff6466282a8b80d1faac7b93ed08a609e1d182bbe68

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Wed, 25 Mar 2020 19:33:27 GMT
server
cloudflare
etag
"5e7bb207-15681"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9075a31-MXP
content-length
87681
expires
Sun, 16 Jan 2022 06:16:40 GMT
1025269.jpg
passport.mobilenations.com/avatars/000/001/025/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passport.mobilenations.com/avatars/000/001/025/1025269.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4c34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f615e7ba92273145a27dfc0773e0a936233f96a40cee0eb90cedf8cdcf2e6e0a
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
1087743
cf-polished
origSize=52888, status=webp_bigger
content-length
50603
last-modified
Fri, 15 Mar 2019 16:47:51 GMT
server
cloudflare
etag
"5c8bd737-ce98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=86400; includeSubDomains
content-type
image/jpeg
expires
Sat, 15 Jan 2022 06:16:39 GMT
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8bfde370f6a-MXP
cf-bgj
imgq:100,h2pri
XMvfuvRqk3g
feeds.feedburner.com/~r/wmexperts/~4/ 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~r/wmexperts/~4/XMvfuvRqk3g
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
server
GSE
content-type
image/gif
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16 Dec 2021 07:16:39 +0000
halo-reach-hero.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/ 		82 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/halo-reach-hero.jpg?itok=wmHDT0Is
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a924247a34d2261adba0ab013836e8f7bc8df1f5414459c906d5c2a0448232a4

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Tue, 03 Mar 2020 19:14:58 GMT
server
cloudflare
etag
"5e5eacb2-14991"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9085a31-MXP
content-length
84369
expires
Sun, 16 Jan 2022 06:16:40 GMT
halo-reach-se.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/11/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/11/halo-reach-se.jpg?itok=QwN53No7
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7f79d58b05187430d13e54745588aaffd6abcfe45d744d355137110365a22f3

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
MISS
last-modified
Wed, 13 May 2020 01:05:12 GMT
server
cloudflare
etag
"5ebb47c8-49de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be5c8bff9095a31-MXP
content-length
18910
expires
Sun, 16 Jan 2022 06:16:40 GMT
tkpYeuiT0cA
feeds.feedburner.com/~r/wmexperts/~4/ 		43 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~r/wmexperts/~4/tkpYeuiT0cA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
server
GSE
content-type
image/gif
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16 Dec 2021 07:16:39 +0000
dims
o.aolcdn.com/images/ 		169 KB
170 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://o.aolcdn.com/images/dims?resize=2000%2C2000%2Cshrink&image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2019-03%2F8abb4e90-50b3-11e9-aaff-ba09ebd015cd&client=a1acac3e1b3290917d92&signature=59a74288ccbf5ce945fab394555e468caaeb6c36
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:af6:eab:2108:1892:6d8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C94) /
Resource Hash
f5fb80c6ab695aec793967d59c135b29618aad2f987174711a218fc44da08d77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
age
1112013
cld_latency
180
edge-cache-tag
205668273106704222303092677181222189726,485239066690905873616624527207302478547,ae7a14591aaf8d474cdb3f92111c923e
cld_cache
MISS
cld_hits
0
x-cache
HIT
strict-transport-security
max-age=31536000
content-length
172683
x-xss-protection
1; mode=block
cld_by
cache-wdc5538-WDC
x-served-by
cache-wdc5559-WDC
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 01 Jun 2021 10:19:59 GMT
server
ECAcc (mil/6C94)
x-timer
S1633336474.742285,VS0,VE1
etag
"d2668a73c5528255b775cdd08b0e7b3c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
SAMEORIGIN
report-to
{"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 04:39:22 GMT
x-content-type-options
nosniff
age
5837
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 06 Oct 2021 17:58:43 GMT
mqdefault.jpg
img.youtube.com/vi/J36MCxgP2_4/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/J36MCxgP2_4/mqdefault.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd1d46e090dd11a9123e403410ad1b3354ed4c0906c92a13ae0a0daf85a91421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6457
x-xss-protection
0
server
sffe
etag
"0"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 16 Dec 2021 08:16:39 GMT
truncated
/ Frame 560C 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab05b367f46df440a8aa3405388726debd4b483abde9f9d0dda311a12ce41bb2

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
a5c35f20-fc4c-11ea-bf7d-637e870d3191
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		175 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/a5c35f20-fc4c-11ea-bf7d-637e870d3191
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e33de29236bd945ad5963c32fd373b982e0970b3a1f784b8e7ae07d7be8c254d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:13:34 GMT
x-content-type-options
nosniff
age
504186
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
179043
x-amz-id-2
/cqDgtAWaTTrA3wwpR0YLLKkRKuIpDqm59Fow3b7JifTobMi45kONCFnm0QTTdjRLDMPQ6dAGPc=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 21 Sep 2020 20:54:33 GMT
server
ATS
etag
"f2674983881b2078fcc17208ca7fa426"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
4DDGN6VJ94MY3753
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/jpeg
fdad0470-fc4c-11ea-a947-18dc38fbf5d1
media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/ 		242 KB
242 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/fdad0470-fc4c-11ea-a947-18dc38fbf5d1
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.169.81 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cbf52478eea923d6c8559defe2bd5ce6f23107952a3ab8056d0d2d97df20a79e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Thu, 16 Dec 2021 06:16:41 GMT
Last-Modified
Mon, 21 Sep 2020 20:57:00 GMT
Server
AmazonS3
x-amz-request-id
ZY4ZEG7KSMZW12XW
ETag
"7407eb6de1fb6ccfb8ffde0f64f2a7de"
x-amz-version-id
null
x-amz-storage-class
STANDARD_IA
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
247619
x-amz-id-2
NBeDMAZ8stdbODJLRrxadvjkr/FfrFq9mA6QnwdJ2lHiDiVtjyo/b9SL++NoSWRf5duQBLPsLd0=
9c9d6c80-fc4f-11ea-afdb-ecca84ac1198
media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/ 		198 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/9c9d6c80-fc4f-11ea-afdb-ecca84ac1198
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.169.81 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
17710b0cbda106bd59c9bb320d152a06bba83cfed9e8a171b4e63f48adfc0a09

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Thu, 16 Dec 2021 06:16:41 GMT
Last-Modified
Mon, 21 Sep 2020 21:15:46 GMT
Server
AmazonS3
x-amz-request-id
ZY4P8S2E139G1C7X
ETag
"2806512b949617bd4ea79a2998ae6f56"
x-amz-version-id
null
x-amz-storage-class
STANDARD_IA
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
202394
x-amz-id-2
ePhJU8FfzaVb506fsPAnAr7w61PMFKuCAwfCEDACSUmtf0sLpecefMmTS2M2fywrEOnwns5fAcg=
cec5d390-f9cb-11ea-bbff-fdb7f71204bb
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		602 KB
603 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/cec5d390-f9cb-11ea-bbff-fdb7f71204bb
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
4512240dca2a59d6f18502229269f36846e194a33015ca8ca1a93a3535fb333b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
x-content-type-options
nosniff
age
37655
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
616800
x-amz-id-2
MvMa/PZztU0+yO84zuJDELx9EerJPI2WHnXHml/H2ZzUWWzx3iKFN1La/9AGRb87JgV/xWcW90o=
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Sep 2020 16:27:14 GMT
server
ATS
etag
"b714aca3e727c20fe1de572d1efec1c9"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
6GCG5CVAEQYZ2FY1
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/jpeg
61de0c60-f783-11ea-bd7d-46dcedba277c
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		267 KB
267 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/61de0c60-f783-11ea-bd7d-46dcedba277c
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
33fb4f945a35b6ccaf4d19c0e6d1d8ad39736c430884b7090fc0f965d3f748ad
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 19:00:33 GMT
x-content-type-options
nosniff
age
558968
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
273173
x-amz-id-2
lPlskTBSH/xjE1BqWD1sf2xPYwW4mfB/Oxe+joePRXoJ9BXufvmQgpJcc9r3UKiYpohm/ity32M=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 15 Sep 2020 18:43:46 GMT
server
ATS
etag
"72c72917d284ea57345a106ed1cf71c5"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
VBGW68JWSP3KYWS5
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/png
dims
o.aolcdn.com/images/ 		108 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://o.aolcdn.com/images/dims?crop=3503%2C2332%2C0%2C187&quality=85&format=jpg&resize=1600%2C1065&image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-images%2F2020-01%2Fe948a190-2da0-11ea-9dff-b2fb563a84d3&client=a1acac3e1b3290917d92&signature=b857e71b6d8217dc50eb08e57400ef8cbd7b2188
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:af6:eab:2108:1892:6d8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CA7) /
Resource Hash
d5adf666701b746821cc08cfa7064589419b3e1aa81e6324ddd6843e5bebf082
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
age
372239
cld_latency
133
edge-cache-tag
214263861983770865837665303362291958282,311762242164315631316587765202362003164,ae7a14591aaf8d474cdb3f92111c923e
cld_cache
MISS
cld_hits
0
x-cache
HIT
strict-transport-security
max-age=31536000
content-length
110825
x-xss-protection
1; mode=block
cld_by
cache-dca17767-DCA
x-served-by
cache-wdc5554-WDC
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 11 Nov 2021 06:43:50 GMT
server
ECAcc (mil/6CA7)
x-timer
S1636670915.453639,VS0,VE70
etag
"f94f1ff240047b54329dc3b043ced59c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
SAMEORIGIN
report-to
{"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0
adview
googleads.g.doubleclick.net/pagead/ Frame F99B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C11ggxtm6YfCdJ5u0-gae_56YDKT3iZVntdebvvoOwI23ARABIL305nBgu4aAgNAKoAGN6qXQAsgBAqkCK9HVC_Qhsj6oAwHIA8kEqgT5AU_Qj-ZJ6LcWaKQnrdQrQGdPuQI7_cuelVwM-Yzb3h5MQgT1X8tQxX-wcd9PbaiLgXXLpVmPGpGpjYhKreuYreHKhbLFzVtqu6NU6zs7V258yhBjZGD2lSfJ_L_SqatsnkslHpnMaDns4Ladg0JcTaeQF2QH5Wa3IRZz23ABcDkcPYTlkMjQ4AxEdpnkj2WwHgMC6ypOOm5jUZD7OQ4IOZQLj2zZte7Q5NyL9C2mLZHiiBdOsDU2tJUrgq7eMmotl8gJnJL0sESuwxrrlbQIeSilwBbMs8CacBxCO-13RXYH1CIWYRpztfhNGZ6H1Y0JXrRm2Fc3KQ4Hg8AE_fv66eUDkgUECAQYAZIFBAgFGASgBgKAB5D2uoIDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQr5Y30ggJCIDhgHAQARgfgAoByAsB2BMK0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=ginPfAtpQMs&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F99B 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame F99B 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame F99B 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:46:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52181
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 15:46:58 GMT
nth.png
1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 02:32:06 GMT
x-content-type-options
nosniff
age
13473
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1439
x-xss-protection
0
server
fife
etag
"v74b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 17 Nov 2021 11:04:58 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		997 B
1015 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6991b0dfb02f46e2bb00808bd3eaaf97cfb4caa209a24ceb5a5c3482b091d6ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
x-content-type-options
nosniff
server
GSE
etag
Kg31R1CGIqw4HTZpTQkVWDFniR0
content-type
image/gif
cache-control
max-age=333804
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
997
x-xss-protection
1; mode=block
expires
Mon, 20 Dec 2021 03:00:04 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d76f32f8bd2f4896065ce24a53a651b8b31f8518eeffef24d8ff3b7942a2437b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
x-content-type-options
nosniff
server
GSE
etag
8QBjG7c8/sQuhDR26KDUQ+59BcM
content-type
image/gif
cache-control
max-age=597219
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1051
x-xss-protection
1; mode=block
expires
Thu, 23 Dec 2021 04:10:19 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a2b9c28205959e1323e482a8ebab65490ba2200da1665b75004947fbc4e18672
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
x-content-type-options
nosniff
server
GSE
etag
IDawmln7mA9Ww+FiBXA+Xtz928I
content-type
image/gif
cache-control
max-age=423523
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
1; mode=block
expires
Tue, 21 Dec 2021 03:55:23 GMT
codeguru-secrets-manager-1024x795.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/ 		772 KB
773 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/codeguru-secrets-manager-1024x795.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a97e731cbb8c8f2fd76edc5ff46950f4548da821813db1770d62cbd710cd168a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
cgC7Wagwmpb4ARt83TrV5Qnu8XXsfh38
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 12:48:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"abea87b3b8c115fcd69f4228f96cbb6d-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
790114
x-amz-cf-id
Xvu4CJUo1JF2dp-HCteCe1OMUA2EgF_WoJXUCpCOvd2vdA8KvZEXDw==
codeguru-associate-repository-1024x807.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		266 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-associate-repository-1024x807.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b16ee208e163e440832f7c31333c523ec8d0635bb1b2d332d733c1feb73dbf97

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
tQYPc0YprnBq_R3FSUM.EMUyAanD0GVs
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:12:54 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"928b6c5f1f3973465fdb28a96460b4af-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
271919
x-amz-cf-id
CpL2sVJ1gsxEf3HrMg4iDFUp_-nz5TZ1C-EVArobRy5qjmE2XyQbDg==
codeguru-secrets-analysis-list-1024x323.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/codeguru-secrets-analysis-list-1024x323.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9cc42edd3434423ba5ed7bab4141062c32ca45432ee495b4db48399fcf625a56

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
YWiPV7Yh3VYQkSrtBp7Kyxrkh_nAIQkM
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 09:33:15 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"b5ebef68c0c71305f72256c4487ede6f-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
96582
x-amz-cf-id
VxBAayzmVQpijpD7kZI3HmTCLSPRd4oWFUVFPZUI6b8aP1J1VP8-1w==
codeguru-secrets-recommendations-1024x421.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		166 KB
166 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/codeguru-secrets-recommendations-1024x421.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96a96229c6397e7b5b44811bee268f7f6dfcfdd2703efdba8e348f311d0fa6db

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
ECTE0akn3piQLdu9Q7lR5ZJJxl0iKzgq
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 17:42:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"a4730d087542ed55feb95b73b7cb0f64-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
169593
x-amz-cf-id
AhsIMVL6Hww6BWMfrT_LTCi0GU4G789SiVzvIqUHVSbk49K_DANCPg==
codeguru-github-1024x407.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		247 KB
247 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-github-1024x407.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a484ab3ab55740d1b51dab8f319f0778053dc10f6cff128f5f76e76625cc5e5

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:12:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"70a8c0e58fcd9fc6701856acacf14137-1"
x-cache
Miss from cloudfront
x-amz-version-id
LQmUNdZa2Z3VuOlxdcA.D2_4tFmB9y2x
content-type
image/png
content-length
252470
x-amz-cf-id
1IxVHMOkF-bYMPJ0nkrUxfti5wJkH49BL2uSo-oPaOb1yuXApGPr1A==
codeguru-secrets-manager-popup-1024x419.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		197 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-secrets-manager-popup-1024x419.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
edddcb46193aacdf88726f8250fd0248b2dd411d392b3288ea04ab9e9e6bd526

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:13:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"079fff016d60236ea339e17d4786be4e-1"
x-cache
Miss from cloudfront
x-amz-version-id
0myyRpUxG.o.OGUTkF7DP7aH6sKV4eMA
content-type
image/png
content-length
202117
x-amz-cf-id
O0TL8ewpLO8uQHMuR8gsb3to-CpE1uILPG9-UxSmGMR2oivtPL0ATQ==
secrets-manager-store-new-secret-1-1024x703.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		139 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/secrets-manager-store-new-secret-1-1024x703.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09dec90213d3b1f9af1a0133e35843f22241aafe04b0d2a1983b69116abfddc1

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
QNWc1r9zEhfZbNG81DShOMjdgwVrT6xv
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 09:39:45 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"114cb9341d3eabcac573108a38ebc73f-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
142238
x-amz-cf-id
eELZVT7SLR4Qvu1lhNey702Wjyn2Ywr4d7wwRV7Z_grszcChFVbNLQ==
secrets-manager-sample-code-1024x662.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/ 		309 KB
310 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/secrets-manager-sample-code-1024x662.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6fcd9dea2794290acd1f2e793fcfef9232545fff93270744e79e30d9de0e0e61

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 13:05:32 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"6d79dd654708c4f68b793149572eb9fc-1"
x-cache
Miss from cloudfront
x-amz-version-id
1uKtzXVl9B2T0DARloPafecHhsJV8.Jc
content-type
image/png
content-length
316809
x-amz-cf-id
-h8Y-5YrwxnMLQcjCQYljF-XeTfjcUf3tuYjVvspkFrD7sSkBu9r5w==
2021-aws-iot-roborunner-1.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		990 KB
992 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-1.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d777536c363f541d3a0a29627c1294ed6c6c0889011ea21d8d4eb859c9aef31b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
4JHI_oNpw_8z2eSQ4TUVmDmuKiVaxZs7
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 22:57:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"16e8631a526d48c810baec9d90b66685-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
1013820
x-amz-cf-id
0imKB28vqtUrVMU49BmlfZLdBEyVwcov2OLhXKbKVMW3ft-reaRhXA==
2021-aws-iot-roborunner-2.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		674 KB
675 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-2.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a29d510cc6827794383ee2d8aaa0ff664aec760c9bfb99bf5c179c41c97aac48

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
rpOeZcWCoDNQee2qVb0DsibBDbbjiLyQ
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 22:57:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"2e175c77d0d5a2846cfd12c50e1e8937-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
689890
x-amz-cf-id
LohVYFkllJ6ahRpx16NK3L6JrKuz_E0d4qz-NRNbHwAoMFm4YPRJFA==
2021-aws-iot-roborunner-3.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.204 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-204.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7d4767763ce995c13decef23ba129277c5a6e2682ecb104c8e06d2ca0af00137

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
K3Qf0bxcI_txF_iMA.3FY7v1i3Y5MSMv
via
1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 23:00:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"2e489c9f408199d54a57e71836c4ef5f-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Thu, 16 Dec 2021 06:16:41 GMT
content-length
1206076
x-amz-cf-id
Xt6PHt3ylbt_R_Ska4DT2r5sJIQjSLKkY2T5BZkst2FlE1KMiYwFxg==
2076313506083323656
tpc.googlesyndication.com/simgad/17752824055688785003/ Frame 836F 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17752824055688785003/2076313506083323656
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4e8ef9b72300257edaf73d48208dd42f829088b83670522b90debcbc739fc819
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57953
x-xss-protection
0
last-modified
Thu, 20 Feb 2020 10:48:17 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 16 Dec 2022 06:16:39 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/15527916717340244064/ Frame 836F 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15527916717340244064/downsize_200k_v1?w=100&h=100
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1ccf769f3f6c5a9626ee6f2699b67018a6aa438cda8d628492575b1bf4d3641
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11508
x-xss-protection
0
last-modified
Mon, 24 Feb 2020 13:19:34 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 16 Dec 2022 06:16:39 GMT
truncated
/ Frame 836F 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad1105158e1427450c46a0102818ac33a94e9152c2a2e1a4f7876057da9ab048

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 836F 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:07:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
536
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:07:43 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 836F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
684
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 836F 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 836F 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 836F 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126598
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 42B5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CO7gwxtm6YeiJIrHGx_APi-y1gAvA6vWuZqDnjJDKDr_hHhABIL305nBgu4aAgNAKyAEBqQKAtW1z2Dy2PqgDAcgDywSqBI8CT9CllNm0HG9zJOKb8t5PDRauoIpugyAKCcrKAUhLsNl0whJ7wyMCiSq-WYDu1WvnpT6Nyg2uxPTb0fKjZ2Ewn7coE-dbSOqePZNfhlr3j6dWkR8MFDk74Unkajy_n8vZhQ8enz504hVe4ZXCGG7urHIReYpX0WGaXOon9Mljb1RbxfDKwcNPgLBcPrhFq4rYZmCegCfxlD5HfO512ehJl6LI9_E8LrlOeajlcv2cioiVeNggJIDF451oUw39F81wSttdtkjEN4K4PtVJAJUmAPbG7F3WVCd7tKkTZORmEtalz0bRASHe-soq5EoGuLn4h1gci8KJoq9nvXj3tYEzyAw0785WjUKAKapUyqfO48AEhIWwjOkDgAfOzeT2AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEJPRJtIICQiA4YBwEAEYH4AKAcgLAdgTA4gUAtAVAYAXAbIXHAoaCAASFHB1Yi0xMzQyMzQ3ODQzMzUxMzM4GAA&sigh=slBCw2N-zYs&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
css
fonts.googleapis.com/ Frame 5C73 		1 KB
407 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7ad3ff657f32032ef8efa653730c135bd6aab764db571b1de66d295ec10c81ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:39:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:39 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 836F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C6IMxxtm6YbvKNdnv7gP82rnIDM-XiI1c3fC79YQLv-EeEAEgvfTmcGC7hoCA0AqgAZG2gb4DyAEJqQKAtW1z2Dy2PqgDAcgDywSqBIQCT9BmfuAs8MjJczAZsdkV1Dm5e_XUHwwor-GB-NeQ_HO5Y4o8s5kxCXY-C3lJOUvhBnyih5kDRUA-6IgahE3k0TNbZC8MJYtFT6Rkmn42lauLuWlwcivByTMdbOj5ZBjBtDEPhDo7-Ge2tGzc1FMztGF51K_sADempPvpzyNMn6WQBexWJ6uOG-EIgdEVbkP8iuk-vWwCPEFFRTvnBpxSVD4B4AXvZMnsNf3rI0wYEebMYEV_6BParnQkO7k0nrZ9HAN3THvUavp7e5Ywnd1oBSvQTqy9tlnhWb0rqX8SPlP0sX6UJIHZsDPXJfe-_1TXksyL-_11cVkc6s4dBtUX_q0oVFfABOu8zOfTAZIFBAgEGAGSBQQIBRgEoAYugAfXyf5BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQi4QW0ggJCIDhgHAQARgfgAoByAsB2BMNiBQD0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=HxgL15o95Nw&uach_m=[UACH]&template_id=484
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
vendor-list.json
vendorlist.dmcdn.net/v2/ Frame 19C5 		297 KB
38 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.dmcdn.net/v2/vendor-list.json
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
AmazonS3 /
Resource Hash
72a24849a385cc8c2e75bcd6a6cd2530d7d867ee28ae27aa89cd5b48f7403e8f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
puSsJBdY6n1_ReUCeRc.OniLCjzZRUnW
via
1.1 3ef764497246fd6dbe77cf02e99dc95e.cloudfront.net (CloudFront)
age
569192
content-encoding
gzip
content-length
38193
last-modified
Thu, 09 Dec 2021 16:05:33 GMT
server
AmazonS3
date
Thu, 16 Dec 2021 06:16:39 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=604800
x-ip-address
178.79.244.93
x-amz-cf-pop
CDG50-P1
x-amz-cf-id
KdIMRWTKh716vhMI7GwoJ7nwI9jDEB61STCyuN9-GJI-BWfJyam9LA==
x-llid
e3185c47b1908175e0ca7088e651043b
expires
Thu, 16 Dec 2021 16:10:07 GMT
Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
static1.dmcdn.net/playerv5/fonts/ Frame 19C5 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/fonts/Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3

Request headers

Referer
https://www.dailymotion.com/
Origin
https://www.dailymotion.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
last-modified
Tue, 07 Dec 2021 16:18:33 GMT
server
DMS/1.0.42
age
701896
etag
"61af8959-9118"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
server-timing
total;dur=0, dc;desc="dc3"
accept-ranges
bytes
timing-allow-origin
*
content-length
37144
x-llid
e6aba3bb4e36e8fe9323d35bbcdc50e7
expires
Fri, 07 Jan 2022 03:18:23 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 19C5 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:39 GMT
latencies.js
speedtest.dailymotion.com/ Frame 19C5 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://speedtest.dailymotion.com/latencies.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.91 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
st.dc3.dailymotion.com
Software
/
Resource Hash
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Sep 2020 07:44:45 GMT
Content-Type
application/javascript
Cache-Control
max-age=21600, public
Accept-Ranges
bytes
Content-Length
2041
Expires
Thu, 16 Dec 2021 12:16:39 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 1228 		375 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126523
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:39 GMT
8xXkV1WypR-WWfVpl
s2.dmcdn.net/w/ Frame 19C5 		290 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2.dmcdn.net/w/8xXkV1WypR-WWfVpl
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.115 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-115.deploy.static.akamaitechnologies.com
Software
DMS/2 /
Resource Hash
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
last-modified
Wed, 15 Dec 2021 19:07:53 GMT
server
DMS/2
content-type
image/png
cache-control
max-age=86400
x-status
Miss from child, Miss from parent
server-timing
total;dur=1, dc;desc="ix7"
timing-allow-origin
*
content-length
297214
expires
Fri, 17 Dec 2021 06:16:39 GMT
dmp.controls_seek.f219bca68ed2356bbecc.js
static1.dmcdn.net/playerv5/ Frame 19C5 		71 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.controls_seek.f219bca68ed2356bbecc.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
cb060519450cc4982f29f8a767e47c4440e26614975f99ecbf3cec04e0cf9cef

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156615
server-timing
total;dur=0, dc;desc="dc3"
content-length
18611
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-11def"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
f993a1984ce56a4f1368d8521244e299
expires
Thu, 13 Jan 2022 10:46:24 GMT
dmp.interaction.40fa3cd6349ecc185144.js
static1.dmcdn.net/playerv5/ Frame 19C5 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.interaction.40fa3cd6349ecc185144.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
8ca0c44926e7904b379b0abae96e5def8ad7c140d7c68d0ede2f2148e1ad5745

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:39 GMT
content-encoding
gzip
age
156615
server-timing
total;dur=0, dc;desc="dc3"
content-length
4757
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-3d57"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
2a3a2478d456576a8b065ccb97c4845e
expires
Thu, 13 Jan 2022 10:46:24 GMT
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/nadir-hero-img.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
122389
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Tue, 14 Dec 2021 20:16:50 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:16:50 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5C73 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 23:28:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24492
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 23:28:27 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5C73 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50581
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 16:13:39 GMT
lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ Frame 66D4 		165 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
715772
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26065
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-65d1"
content-type
text/css; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
e34bYSkq5hrCH9_mbT0tJ68lvQDAjOfJ2zaAS37rEGhXQD2kszLbdg==
x-cache-hits
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 2EC5 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
859
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 712D 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6b152c4c3aecf0a0ae21adefee6a0130a36c6bc92ebddc0e3ee3a0387f24ff9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
s
googleads.g.doubleclick.net/pagead/drt/ Frame B002 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
859
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cb=gapi.loaded_3
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes_style_bubble/exm=auth,profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes_style_bubble/exm=auth,profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_3
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd6132f04a2eec5299eda587492ffe9177e8b004b667a81aa01d2467add786d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:20:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35793
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5103
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:20:06 GMT
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:39 GMT
Content-Length
0
common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
c.disquscdn.com/next/recommendations/ Frame 0342 		262 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5043194
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
XO3UBx9gFjfm1Yk5o-0Q2MgEKDZsJVlzO18oDU89Y-bPxSBCiK1Z6Q==
x-cache-hits
0
lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ Frame 66D4 		475 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
715772
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
122873
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1dff9"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
wfO4Ofa4ZYDNQjQw_74YpD59CRfwHgGlxh428qbo5_QHagGj9R4Njw==
x-cache-hits
0
config.js
disqus.com/next/ Frame 66D4 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:39 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
34
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
2003098585798909661
tpc.googlesyndication.com/simgad/ Frame C8E1 		105 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2003098585798909661?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk4wSL4UaWqqvhP_AYS7M5_2nAMcA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2e7f3c240acb42e9492f1136bd92e06cbc91da17800b9f91ef44bd6e25acbd3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 08:08:21 GMT
x-content-type-options
nosniff
age
338898
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
107772
x-xss-protection
0
last-modified
Thu, 09 Dec 2021 14:11:46 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 12 Dec 2022 08:08:21 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C8E1 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:07:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
536
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:07:43 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C8E1 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C8E1 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:40 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C8E1 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
72
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C8E1 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:46:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
52182
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 15:46:58 GMT
css
fonts.googleapis.com/ Frame 5ADC 		1 KB
407 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7ad3ff657f32032ef8efa653730c135bd6aab764db571b1de66d295ec10c81ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:30:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:39 GMT
truncated
/ Frame 42B5 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e6f5085d26154df7059db5629f5db6132d63fbfdb1520a98ef6115ebb08574b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
Screen-Shot-2021-11-02-at-8.11.33-PM-1-1024x391.png
www.saastr.com/wp-content/uploads/2021/12/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.saastr.com/wp-content/uploads/2021/12/Screen-Shot-2021-11-02-at-8.11.33-PM-1-1024x391.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.73.247.27 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
27.247.73.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
84077212eff3a118119952d95dfdd412f3a97e1c779d3881ce6c3402fbfc96b8

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
last-modified
Wed, 15 Dec 2021 05:37:52 GMT
server
nginx
etag
"61b97f30-10289"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
66185
1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH
doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/
Redirect Chain
  • https://drive.google.com/uc?id=1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH
  • https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xA...
  • https://docs.google.com/nonceSigner?nonce=4k9kkhgv280jm&continue=https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635...
  • https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xA...
22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=4k9kkhgv280jm&user=06222150506394430363Z&hash=asuei5uonr42v4t2pgt9cahohic2k0k9
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ac58756be8a08b00efa89ae967645beadb91d7a724c5217e4c847be2f06d4034

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
access-control-allow-methods
GET,OPTIONS
server
UploadServer
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
x-guploader-uploadid
ADPycdumnjnsHexdOv3q-y-Qr5qWpvSpU7ANh2Vhy0hNWZDSwCW6mcGQal_eU6MfbRQDz2sp73ps57OXm5Pw4jnEew
x-goog-hash
crc32c=sudjPA==
p3p
CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info."
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
inline;filename="4214db0a-02ac-4110-a901-bb96409e7ada.jpg";filename*=UTF-8''4214db0a-02ac-4110-a901-bb96409e7ada.jpg
content-type
image/jpeg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22775
expires
Thu, 16 Dec 2021 06:16:41 GMT

Redirect headers

date
Thu, 16 Dec 2021 06:16:41 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/binary
location
https://doc-14-1o-docs.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8/s0cgslfeh6qg36t2jkj1elrmqrb53n6f/1639635375000/04172779913741121811/06222150506394430363Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=4k9kkhgv280jm&user=06222150506394430363Z&hash=asuei5uonr42v4t2pgt9cahohic2k0k9
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-Ra18UpOUT8+3lRNwtNQLIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self', script-src 'nonce-Ra18UpOUT8+3lRNwtNQLIg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentSignerHttp/cspreport, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 42B5 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 18:21:26 GMT
x-content-type-options
nosniff
age
215714
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 13 Dec 2022 18:21:26 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 42B5 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:17:51 GMT
x-content-type-options
nosniff
age
493129
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:17:51 GMT
css
fonts.googleapis.com/ Frame EAA1 		6 KB
670 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:20:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:40 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame EAA1 		1 KB
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:57:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1148
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 05:57:31 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame C8E1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CM_K0xtm6YcOIOb2d9u8PooCfwAak94mVZ9bo6-P0DsCNtwEQASC99OZwYLuGgIDQCqABjeql0ALIAQKpAlPprsR3JbI-qAMByAPJBKoE_wFP0ELMDLFYKZ37xN20c7MHFF6XV5iwePnf47Cl6OP63nPk0wshUDdRNB-9QW630bA1LEAMoaMd0SBIfNn3qOT-aZ3ukc2xZCBI7siJ1XGcn9ES8msK0FNZWlcRaO8r2kD-xCY0FdTkvHM1nhUkhILkNWn_ikhVGJs6Zye1D7OiJXt-Vxd5X2morleFZcT4ySWudGC5zsiBngSKVIB5YrUUPEOt1xzhDyUB41DDEjc0IJbYp0uwI9FGd-fX9wsY3-j3GV3OUSXTUotcwBoM-zSjVC6Zoi94TJ137e1uxxi0k9zZt4AbVS8iLmMWWZawseh_4oxuyKO80787X8OCuEDABP37-unlA5IFBAgEGAGSBQQIBRgEoAYCgAeQ9rqCA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEJ_YD9IICQiI4YBwEAEYH4AKAcgLAdgTCtAVAYAXAbIXHAoaCAASFHB1Yi0xMzQyMzQ3ODQzMzUxMzM4GAA&sigh=6s-p4z6Sq3g&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/nadir-hero-img.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
110954
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 23:27:26 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:27:26 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5ADC 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 23:28:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24493
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 23:28:27 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5ADC 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50581
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 16:13:39 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame B608
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398120&bpp=1&bdt=400&idt=359&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=gCFgztuKb4&p=https%3A//www.aiupnow.com&dtd=367
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:40 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C1C9 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C1C9 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:40 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C1C9 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
72
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
truncated
/ Frame 836F 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7f4b2fd6898761ef0e73aaf27d4b1ef8d067d4e38bcecc4d3af51fedfa399ced

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame F99B 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a02e6d132289d6c2c5acd7ffc6857f810f34b143c66720cea44d9a90f4cd21c9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 836F 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:39:48 GMT
x-content-type-options
nosniff
age
491812
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:39:48 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 836F 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:56:19 GMT
x-content-type-options
nosniff
age
44421
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 17:56:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame EAA1 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:07:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
537
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:07:43 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame EAA1 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EAA1 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:40 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame EAA1 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
72
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
l
www.google.com/ads/measurement/ Frame EAA1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRwfrF7a54VWqZzcGU5yxutH1uOv649d1MDL8r0PzWFUsRa2CVGPm2rqP6N4MAM6U_-6FZP
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame EAA1 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126599
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		153 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b32688c6a904698b92220c7a34832402acdd326ff715643c9dc7022249f7c256
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Wed, 15 Dec 2021 06:53:27 GMT
expires
Thu, 15 Dec 2022 06:53:27 GMT
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
25702
age
84193
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame C1C9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CVEbPxtm6YfWhMr-Wx_APqbGGyA6elL7vZZzgscaMD-S82anXKhABIL305nBgu4aAgNAKoAGBkI7OA8gBCakCvgTHNlY7tj6oAwHIAwKqBIYCT9CKB876XQyR26uq0-itczihjppcLPO8YRoDvnvFo6oW5u9mnNOB9M1hCedta3eLli-LvLR18M1b8H9JdKnsT1uIwFoI5Fdjpq6_XaBiiENBhdjQkZg6MpA6WFznqazkUin57SRm3T3SNYoqY5nMEToY6X2Pk9Z5vwhMBuy4HJzSEsuvz_z1-hFzAfuMtOxNWKSVw6URLhJJiCXKRKQjJpUWg02OR2Mf1oZsYxuo3oSW7vBJ48IdNfAJYI-iK09cE11OFaS9EcFDyzz8b-8qWpxbd6Fya4HyiqorMdfu8p8uZ74NX0Plvm2p2Cw0dg2SSB_fVLT7nlggpb1gy1sYB_u1Zv6UrcAE_fP4zN4DkgUECAQYAZIFBAgFGASgBl2AB-fv8TGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCujCXSCAkIgOGAcBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItMTM0MjM0Nzg0MzM1MTMzOBgA&sigh=jkdA6HcQfcY&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame D6AA 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
860
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
2076313506083323656
tpc.googlesyndication.com/simgad/626950554397957170/ Frame EAA1 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/626950554397957170/2076313506083323656
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89b0e94617f528936f86951d28f96aac27b7a24c1166688a29129281fa7b7b91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 08:00:32 GMT
x-content-type-options
nosniff
age
80168
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11524
x-xss-protection
0
last-modified
Tue, 25 Jun 2019 07:00:26 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 08:00:32 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/14851800297162132355/ Frame EAA1 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/14851800297162132355/downsize_200k_v1?w=100&h=100
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1cdd65912fdefed8dfed152d5aa2e0909952ef6d0ce163a543f1e90ebdb18ceb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 03:42:51 GMT
x-content-type-options
nosniff
age
527629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1502
x-xss-protection
0
last-modified
Wed, 06 May 2020 09:32:18 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 10 Dec 2022 03:42:51 GMT
truncated
/ Frame EAA1 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
subscribe_embed
www.youtube.com/ Frame 1EB3 		601 B
284 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7d5be5af6446385ffce8ddc940fe35f941412d8c69696a175f2c97ccb2b7798e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 16 Dec 2021 06:16:40 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:17:59 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
493121
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 10 Dec 2022 13:17:59 GMT
bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		318 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 09:49:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
73602
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
318
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 09:49:58 GMT
bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		116 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 18:13:48 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
216172
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 13 Dec 2022 18:13:48 GMT
bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		117 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:22:56 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
42824
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
117
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 18:22:56 GMT
spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:17:17 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
205163
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 13 Dec 2022 21:17:17 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame E741 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
860
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame EAA1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C9xSYxtm6YePZOp-8x_APjs-EgAq96qLeX8uE39rBC7_hHhABIL305nBgu4aAgNAKoAHayI6kA8gBCakCvgTHNlY7tj6oAwHIA8sEqgSGAk_QA4tzgos7Tw3NBQj1tr24mS4lry6glikSMEKmaXM_LO6-ZZQbrctyfTf-om9hJ7VZrMAYnwHGmWnrJ9UupiSlCezN6X7y1MI41H0j4kR6BEtd2T3v6M7ae_gcjCc1hyfthd5gzDU31qJkBdfZxpQTK2ZQO-feZOK9GMkBUXXDhnBNeN2tEhs0tms9kIFi8vZ-rlFUki02psbMCccJXxHxeMcqJTNbMjw_tI0PUmOLBJSUmbI5N2w3KrARx5VuSe7jOd4codSBcjGXQHOIulimiJkuQJmNOlVrGkVhqQce_sFEYlR3bmqLmPfJnS9hM15QTu5Qfc-xdN6HqxSrMO1MhNYgO3LABMSyq-iQAZIFBAgEGAGSBQQIBRgEoAYugAeOt_FbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQrs0F0ggJCIjhgHAQARgfgAoByAsB2BMCiBQJ0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=e6uFjhk5zaM&uach_m=[UACH]&template_id=484
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
bridge3.493.0_en.html
imasdk.googleapis.com/js/core/ Frame 3FE0 		598 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198942
date
Wed, 15 Dec 2021 00:48:04 GMT
expires
Thu, 15 Dec 2022 00:48:04 GMT
last-modified
Wed, 15 Dec 2021 00:41:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
106116
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 1228 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Dec 2021 06:16:40 GMT
dmp.dynamic_quality_switcher.810da786f426fdf0a69c.js
static1.dmcdn.net/playerv5/ Frame 19C5 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.dynamic_quality_switcher.810da786f426fdf0a69c.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
03de68cb1fdd007abd024234102ebef9781fbea17813281d3a5717d25870762c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
age
156576
server-timing
total;dur=0, dc;desc="dc3"
content-length
7196
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-57b0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
4c36e3c2d69cfbe4ac4498c426a03e7c
expires
Thu, 13 Jan 2022 10:47:04 GMT
dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
static1.dmcdn.net/playerv5/ Frame 19C5 		189 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
age
156614
server-timing
total;dur=0, dc;desc="dc3"
content-length
54717
last-modified
Mon, 13 Dec 2021 14:03:21 GMT
server
DMS/1.0.42
etag
"61b752a9-2f204"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
070f5c9360b957ecf9c64b139fd0b198
expires
Thu, 13 Jan 2022 10:46:26 GMT
x7zgqmr.m3u8
dmxleo.dailymotion.com/cdn/manifest/video/ Frame 19C5 		0
297 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dmxleo.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?auth=1639808199-2688-6zx1qs4b-6725a88b1e2e9b7ac3173227b4f86ce8TzvXzYvhj0D5Uy_ynAYU-Xs7U4CA4riAtHM3255W2jXk_1qvdI1Z4SW9OX1vzzzRrdnxBo3vD0kNu5kOdjTnjlk-ThRu-A5rLuY7lzBR2RRbneiMn7Gr-U6jR1qvJThO2_RhydAUcBxaFno9CNnvLHyHwoOv-h5vxM1xnCEqF5kCZ1aG2XfFVs98TFKePa23dRhvSpH5qiyhRHEco3fgeoh59mKBBWoTm3IQ3Cg-j1QvvmzKVFkH7uED6AnDS5N-N10dJIXBpK1LB21bqKM7FTNEzcMRXy7ntz-lRvuG2gj3wg_qTB1hPxPC5q4zsquDbQA1LJfHe8tQ-DzXYXvo3KnH5jRuuS0IoxZaIhVuSoUC3LoynqXWYEYU1i7GzIDsUIoufkAqo2cIRfRvwRCV3sI3VZnnhK1VB5ktXhAd7GnRljvIEV2IxiuT3erRwzgERJdfcqrbzT4gR5DkthKhz9e7D_WMo8_29CYa7ALDi3GJwm9_OdC_lhJAL0-oJ-pz59I2M1B6JCf7gaXjqj828AbGW1XVNLNKYpvR_mitYEbMNG8pFM9k-q8_jW6TMYfYwfKJUZ0LMEu4wPnmwpet0W11WucI053WTTTGjWHZrDQO6w7VtukzrcYZf01-Mj2sfHKW56bGrueawsDdMai8he2CdtqxzwWUDFPIM1EVriW6SaEUYNl8TzA_PoERtCmfRbc3uKpL0W-ZsILecJvzCgU3kKBwCGPNzxMVog0w71Irqsd4ACWjJtmxfygen-2yegKM9oy4eb22aYyJ14shwhFrAd56U4Vn-tmO_5wt_zc4M0Xm-tvm5K53p0vll6PUrA6U2eggqGzSRjDi5ZSa7Ky1UYTYj9gvAns7I7R7FGBbYxMMDLnNrL4-4Bm1O_HqmFIIveZdhRfKpHuI62IObzBBfkPhEpLS8VkGy61R-rEuA8slBHyAXsa4BkwZP7lfCPU4WKj4woZW5d_3dEej1SyrbftiXMPf8Y4oUDDQFqlnzEvyHjM0XEIKjNc65r237p9u-Mso1DrU22-XcOgt6ZyQQD-BNkwMmC9Hn89drm99rASFTueOZ-iUMoXmDjN-3e0gDQO8sngqqhdXwPsvSaemvlaeRNH2H_AkdHxglLeYxln5V5ZtRsVhkn_MGA4tp7cGeA3WrvpOTOM5xiPqWU_tZ3fFc1T0ZxxmcS0JZDmhn-BZDQCtpHA9UOdN5zQd796_4imqrPxltoomVxtTEwEXOvBODNDVotPVDD5n73B8MUXjfHxDJh0UPabOF96Opr0hrWMHyD0fdGiilRG6DVDPpNVXUEUREl2UYvXZkhVNx7Yp_AYTsT7y-jp0kRLP9szJkMr5bYhcA7G3kub27g9xbqiuNHc_oJUgmqwe-nlYS-Paqna7aTAjinSrznNugwRJTSnc-PDcZcGIq0Ud6VSC737iw3QsB8DI6TWCcPD786q2XlTV1ldS52dtpfC0OwYwXe0BXn2bsvhaGj9va2Ms5Lhli98VJVynSSSQJq6e7u2AH06lZMgTR8fpZ6m4tUC3UayH7WMSiG4oJX9FeuXDK4v4xFVMycjuHObG33R5Gd_nm1CDY9jJcvfpw-A1bWqbDPAmELd_ZtjtPREST7kckabxuRMyQQMdTXfLT-Ljnr4krPZe_b4Fg5JThN6g7GOSJ6mMEZhoiKafs2Uv9cErKq2cwwxlYA92IKhv_L9RxzLFdqSHhlN8AmdoxTB_A7rGlBSdmc6dKuwQJkd1UUQL_GEHh3aa4WTI338nI2BO-cU2LgGELtrnmroWEiVqnbiNLQLXIsAFLXK6w6aylxNJ1Psebo3Pv0Zw31HTxaIEVYPGv2b-TdZwOVX0C5WbtUvm8Gw2g7zapz5wA6fHm0U08wMKDyuIQHfsi9Sec6DU_-ouGeZnSShPKz7GtkAipuxzafdCeCyiBRTH56s0URdkFyo7tn1M_3fam1R6ozqYC0mqFZaTlWKGTM5Q2zQQZR3nQD5wDz8_aXyFhpxJkFc0i5KzREXUIORrArU_0YJM9sFGTUGF_U3_M5CtmK8YI_yEf-AA9Vdt854Qyj96pqPrOkMX4mMLF7eFfA68_t4x_DxZWXWA8m3MfujlO-bS3AGjDVzAXwKU6wTRUq8kMDDnp9no5aDsL4ZENvxZ4eApd6fDdxmSsIJxRhPOeYwEH5I1ifVIPcf6W60DXA3zSqeDVrlkUyOYBVF3LCnUzdQcpw3eHGIBnXRB0s-zLj6vLOlLf16HAXq3YUIfuOI_WNEoWzd7S3mZNk2m6uzIfSx_QWisB2cV8fVJd1xwRK7PB9k4Dao4S5pBGrmxnxSz9sM3RZM1pz1eWv8X8TvmyUTaY_cC00CVqRwWxr7DXgZJCPt4CiW1Q9CdMjJ6qaolrCdF-mF17LCFyW3Uy7qxXaqGX_IQhEq5pnW0uCa2uyGMtfKSH-IIMYcJjf8ZZtG4OlVNYYFBrWtSfvOBcThOixw4jyr4VLu_0L4-DNPL9_2t_vmFVKVx41XCOzQzNwPFEg3XMYysnVSA19R0IibXWb7KS7CBkzyZZPwIdvsVWA_FfgBDzuloOGNOd-7A96w79D4ZtSEw38GtIvRBC_XGM5RXMgQ_Pv-b74oTSuWfMXcCekOmKAzwAWUjT346BwyT-XhkfnztxOFNybMMw7Tt1HQrNpBo911wiiykLVuTRPXF_7y98exbpuuRP3vTMmwivS82AMySOmK2uJ-V2Md2-O7vffJaIE7S396jeSJMqU-zmI1OmQFHcPy3yKrMQNAKnQUrM3jMTs4pjL9EE0GFsN2k&bs=1&cookie_sync_ab_gk=1&reader_gdpr_flag=1&reader_gdpr_consent=&gdpr_binary_consent=opt-out&gdpr_comes_from_infopack=0&reader_us_privacy=1---
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET
access-control-allow-origin
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
truncated
/ Frame C8E1 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
277d726476e7c16cad5cd08c58124b98ddc63c8d8b0a1d7dba42cd03c767e7b0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
cast_sender.js
www.gstatic.com/eureka/clank/96/ Frame 19C5 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/96/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:02:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51278
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15236
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 15:10:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="cloudview-release"
expires
Thu, 16 Dec 2021 16:02:02 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame E0DE
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398106&bpp=14&bdt=386&idt=292&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=405629699255&frm=20&pv=2&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=yFc2Kih2Ly&p=https%3A//www.aiupnow.com&dtd=305
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:40 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 		149 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dbea79f2df0b90afb4a54efb447d86eeb387be30ca8387fb69b069a46ae4896a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54388
x-xss-protection
0
server
cafe
etag
7489837695308457557
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 16 Dec 2021 06:16:40 GMT
b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
pagead2.googlesyndication.com/bg/ Frame 598C 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398178&bpp=1&bdt=458&idt=663&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1378&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=nqAYXdEPyc&p=https%3A//www.aiupnow.com&dtd=666
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:07:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
50979
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 16:07:01 GMT
/
node228.impressionssl.adshop.infolinks.com/impression/ 		37 B
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1397385015&agy=414981&aid=640059&cid=640065&gid=640066&id=640067&st=1639635398&kwid=0&skw=social%20networking%20site&sid=3169767_13&sip=1508806144&pid=14&tid=2&mime=image/jpeg&dev=0&mtyp=503&agtyp=0&rid=f1c82701-0f74-41bf-86c4-4f2ff5de51a4&idfa=&gaid=&pixel=1
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.212.255.245 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 03:59:45 GMT
x-replied-from
199.212.255.221:26080
server
nginx/1.16.1
content-type
image/gif
cache-control
no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length
37
expires
0
adview.htm
rt3009.infolinks.com/action/ 		0
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rt3009.infolinks.com/action/adview.htm?rid=f1c82701-0f74-41bf-86c4-4f2ff5de51a4&bdc=1&midx=0&emd=NDI0fjY0MDA2NV82NDAwNjc&rts=1639635400494&prod_t=a&jsv=1769.027-3.025&sdata=social%20networking%20site&scs=902ab5SPJo&rsd=k7OlgGWcO0Ri5xUmJEiTmG11l6KaormGPtxiYnapdhwMbsAR_fMB-Qkr0wAV0Y4C9D_oTzn--HcbDiKATallJqKzhJrPI-Ad9kBeQPOFEylb_7v9LxhbipURIMTO661Qhl8lLGi7Q6S2SavFgIMz7hgBnakQM0JgZ7LKqRD6w28&rsk=26&rcs=fu_NESAJFGdaX3UpjeYXYw
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:40 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be5c8c53b3e3607-MAN
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ Frame 0342 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5043195
x-cache
Hit from cloudfront
content-length
2978
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-ba2"
content-type
text/css; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
A7o0M_3dW1rq0O-vXO2OQ47IvdaZJ_XLwkS7ebbyZst2UIroT64HLw==
x-cache-hits
0
details
disqus.com/api/3.0/forums/ Frame 66D4 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=sigma2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:40 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
43
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3067
X-XSS-Protection
1; mode=block
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C4AA 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:37:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2330
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:37:50 GMT
truncated
/ Frame C1C9 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
15deff9370413d6149ee7589473572070e0888af508b013e5eb6450a1734cc55

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
/
node228.impressionssl.adshop.infolinks.com/impression/ Frame 5A67 		109 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1397385015&agy=414981&aid=640059&cid=640065&gid=640066&id=640067&st=1639635398&kwid=0&skw=social%20networking%20site&sid=3169767_13&sip=1508806144&pid=14&tid=2&mime=image/jpeg&dev=0&mtyp=503&agtyp=0&rid=f1c82701-0f74-41bf-86c4-4f2ff5de51a4&idfa=&gaid=
Requested by
Host: blank
URL: about:blank
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.212.255.245 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
f2c227400d4343e5fd00ecf710c55c5d14d9a0efd1c884199f79ba8d89d704d7

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 03:59:45 GMT
x-replied-from
199.212.255.224:26080
server
nginx/1.16.1
content-type
image/jpeg
cache-control
no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length
111287
expires
0
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame 5C73 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:26:28 GMT
x-content-type-options
nosniff
age
204612
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 13 Dec 2022 21:26:28 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame 5C73 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 04:27:49 GMT
x-content-type-options
nosniff
age
524931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 04:27:49 GMT
53791720
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=1&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=980584644&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639635401%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061640%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635401&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
last-modified
Thu, 16-Dec-2021 06:16:41 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:41 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 560C 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssW5TVFzjbu_NA3WotO4rrkc4Q4oVytl6wGWrU55GP_bdqvb1-AQFyMnU0aIg8nuvSKocfb-399N-tOucGvdAJydbnmLzNG45B2pVkOibDhoa3pWgVlug&sai=AMfl-YRizqil6VEn4tQ0gCsZHxnl9IbatuvKN8TjH4Sx0Wh7dsc4om9gT8z4wYkB6ko0T1RL3X0MY5cnXQ60&sig=Cg0ArKJSzHBhIZ2SABJiEAE&id=lidar2&mcvt=1113&p=0,0,90,728&mtos=1113,1113,1113,1113,1113&tos=1113,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2269704460&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639635398488&rpt=1008&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ Frame 0342 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5651457
x-cache
Hit from cloudfront
content-length
20244
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 11 Oct 2021 20:15:56 GMT
server
nginx
etag
"61649b7c-4f14"
content-type
application/javascript; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Tue, 11 Oct 2022 20:25:43 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
EdmTqI_JYM7uhbJyJHV526atLZrSycLma3YLTwQj19VG5uCT2LJoRg==
x-cache-hits
0
config.js
disqus.com/next/ Frame 0342 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:40 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
34
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ Frame 51F3 		1 KB
407 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7ad3ff657f32032ef8efa653730c135bd6aab764db571b1de66d295ec10c81ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:22:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:40 GMT
truncated
/ Frame EAA1 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a4b9bfd2a0be81f6772b5f835dd9a395216ef6c9526414a75e46d7933f280f3

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame 5ADC 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:26:28 GMT
x-content-type-options
nosniff
age
204612
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 13 Dec 2022 21:26:28 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame 5ADC 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 04:27:49 GMT
x-content-type-options
nosniff
age
524931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 04:27:49 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame EAA1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:39:48 GMT
x-content-type-options
nosniff
age
491812
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:39:48 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame EAA1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:56:19 GMT
x-content-type-options
nosniff
age
44421
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 17:56:19 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame EAA1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:58:32 GMT
x-content-type-options
nosniff
age
44288
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 17:58:32 GMT
www-subscribe-embed-card_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 1EB3 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed-card_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504922
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2447
x-xss-protection
0
last-modified
Wed, 25 Nov 2020 01:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:18 GMT
www-subscribe-embed-card_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 1EB3 		149 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.qv6viowpwpE.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504922
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44975
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:18 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 2EC5
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:40 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame B002
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:40 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:40 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
pagead2.googlesyndication.com/bg/ Frame 1FE6 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639609134&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398145&bpp=2&bdt=425&idt=455&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=ko38SG52Z8&p=https%3A//www.aiupnow.com&dtd=459
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:07:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
50979
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 16:07:01 GMT
b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
pagead2.googlesyndication.com/bg/ Frame 6FE6 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:07:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
50979
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 16:07:01 GMT
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/nadir-hero-img.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
110954
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 23:27:26 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:27:26 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 51F3 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 23:28:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24493
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 23:28:27 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 51F3 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50582
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 16:13:39 GMT
integrator.js
adservice.google.co.uk/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 312E 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 19:07:16 GMT
expires
Wed, 29 Dec 2021 19:07:16 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
40164
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
RetinaMedium.2811330fd8cd981352918b4059564b10.woff2
static1.dmcdn.net/playerv5/fonts/ Frame 19C5 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/fonts/RetinaMedium.2811330fd8cd981352918b4059564b10.woff2
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
0365e3f4d308d0beec787524d9a2f686351e1011555515526ddfaf34176d0514

Request headers

Referer
https://www.dailymotion.com/
Origin
https://www.dailymotion.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
last-modified
Tue, 07 Dec 2021 16:18:33 GMT
server
DMS/1.0.42
age
701894
etag
"61af8959-8fcc"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
server-timing
total;dur=0, dc;desc="dc3"
accept-ranges
bytes
timing-allow-origin
*
content-length
36812
x-llid
ce0cadd69a168a2c969752a5ff38eec5
expires
Fri, 07 Jan 2022 03:18:26 GMT
noavatar92.png
a.disquscdn.com/1638827995/images/ Frame 66D4 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.disquscdn.com/1638827995/images/noavatar92.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
718953
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
LHR61-C2
content-length
1644
x-amz-cf-id
OLNGCZI20tjEeWzvPvirYtcDM6KVTByPdsorr9n008QqfWzBJHYl-A==
expires
Thu, 06 Jan 2022 22:34:07 GMT
truncated
/ Frame 66D4 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
x7zgqmr.m3u8
www.dailymotion.com/cdn/manifest/video/ Frame 19C5 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?sec=HhRoXb5vURZvHJ_AeJyVXMsJ4cMyhUFHqbGoDQc3NOVOA0iMpVMSf2mysQV-tZ-P6dXR2on_8EIYgrC78qPnsQ&dmTs=564338&dmV1st=DE46E839691BEACDA897E6678768451B
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
6bea5291b22c014830cc4840c679f5d70518c716e34feba3edef9f5792e37db8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Thu, 16 Dec 2021 06:16:40 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
application/vnd.apple.mpegurl
Cache-Control
private, max-age=600
Server-Timing
total;dur=16, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
Content-Length
2081
Expires
Thu, 16 Dec 2021 06:26:40 +0000
x240
s2.dmcdn.net/v/SnsdJ1WypR--M_6QB/ Frame 19C5 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2.dmcdn.net/v/SnsdJ1WypR--M_6QB/x240
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.115 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-115.deploy.static.akamaitechnologies.com
Software
DMS/2 /
Resource Hash
c9dbf391eb49cc7fb60b02931b2d3595eaf3c065b716778f0be58306dd7cbde1

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:40 GMT
last-modified
Wed, 15 Dec 2021 08:31:30 GMT
server
DMS/2
content-type
image/jpeg
cache-control
max-age=86400
x-status
Miss from child, Miss from parent
server-timing
total;dur=1, dc;desc="dc3"
timing-allow-origin
*
content-length
20508
expires
Fri, 17 Dec 2021 06:16:12 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 712D 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOIYtu8RkS-Rs9rpcO8Jjm4Id508qhHV3tTRrbfVKBLw4lmqwa6eWJ0mhmvh3ewxcAkxj5UrkoBHJD8wHM6SkUGFnSuU5U0JMMUfvTDgdXcQjgwkEwhA&sai=AMfl-YT9eiozBbI8dyO8XAqAT8Zd4qjU7XGZyOzjR4qLOhlzi6x2WZTpP7h9zcX6cwiyTicmNjrdhMUtVl2U&sig=Cg0ArKJSzD83QVLvDde7EAE&id=lidar2&mcvt=1105&p=0,0,90,728&mtos=1105,1105,1105,1105,1105&tos=1105,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=743980787&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639635398412&rpt=1418&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ Frame 1EB3 		126 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
01cc0d5bdf0efbb377c7223a65d5d5cabcd1f12afffc3f243b8d77f10861d74c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 22:46:09 GMT
x-content-type-options
nosniff
age
113432
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128681
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 Dec 2022 22:46:09 GMT
event.gif
referrer.disqus.com/juggler/ Frame 66D4 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=1&embed_hidden=1&load_time=1068&event=init_embed&thread=8927097210&forum=sigma2&forum_id=526051&imp=8tp34kk2e3apd0&thread_slug=hackers_using_malicious_iis_server_module_to_steal_microsoft_exchange_credentials_cybersecurity&user_type=anon&referrer=https%3A%2F%2Fwww.aiupnow.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
pagead2.googlesyndication.com/bg/ Frame 704A 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398189&bpp=1&bdt=470&idt=730&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=ve6x8z1PkZ&p=https%3A//www.aiupnow.com&dtd=736
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:07:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
50980
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 16:07:01 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame D6AA
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639609134&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398172&bpp=1&bdt=453&idt=595&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=ZwUOpYoZ0D&p=https%3A//www.aiupnow.com&dtd=615
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:41 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
482830803_mp4_h264_aac_l2.m3u8
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/ Frame 19C5 		16 KB
923 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/482830803_mp4_h264_aac_l2.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
ad671f60b455b1a6641cd531081ae4708cdfbde540efc21fd251deb617c40cd2

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 Feb 2021 11:04:33 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
536
Expires
Fri, 17 Dec 2021 06:16:41 GMT
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 4144 		337 B
840 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3755492
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
hT8sDE9daOBP4RConVEUx_pR4rRMLXPsAC9stEZ7KpYMbrcbkm4Wug==
x-cache-hits
0
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 3416 		337 B
841 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:0:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3755492
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
IVQVQrlyuT9A_PbEMzQl_OriH7XHHGZy2NQJEGnDKNtukJ1rhfKqmw==
x-cache-hits
0
details
disqus.com/api/3.0/forums/ Frame 0342 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=sigma2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
44
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3067
X-XSS-Protection
1; mode=block
si
googleads.g.doubleclick.net/pagead/drt/ Frame E741
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:41 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
pagead2.googlesyndication.com/bg/ Frame B6DB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639609134&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398180&bpp=1&bdt=461&idt=709&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D228acd49a76a6a56-22df70ee07cd0000%3AT%3D1639635398%3ART%3D1639635398%3AS%3DALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2461&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PDIiwl4hG7&p=https%3A//www.aiupnow.com&dtd=719
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:07:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
50980
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 16:07:01 GMT
53791720
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=1&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=1030890283&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1639635401%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061641%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635401&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
last-modified
Thu, 16-Dec-2021 06:16:41 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:41 GMT
53791720
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=1&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=291786836&wv-type=5&browser-info=gdpr%3A14%3Aet%3A1639635401%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061641%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635401&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
last-modified
Thu, 16-Dec-2021 06:16:41 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:41 GMT
482830803_mp4_h264_aac_l2.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/frag(1)/video/308/038/ Frame 19C5 		48 KB
49 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/frag(1)/video/308/038/482830803_mp4_h264_aac_l2.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
a9ea70e468a1ea49c3e1fe1d7181aeeb1f66d6d9af315a8fb19525e1a989b2fb

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:33 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
49632
Expires
Fri, 17 Dec 2021 06:16:41 GMT
css2
fonts.googleapis.com/ Frame 312E 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:32:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:41 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 312E 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 15:27:48 GMT
x-content-type-options
nosniff
age
139733
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 15:27:48 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 312E 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:49:32 GMT
x-content-type-options
nosniff
age
48429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 16:49:32 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 312E 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:46:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1827
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8346
x-xss-protection
0
server
cafe
etag
3177319193432224586
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 05:46:14 GMT
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/nadir-hero-img.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
122391
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Tue, 14 Dec 2021 20:16:50 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:16:50 GMT
HRZ_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/HRZ_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
87040
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3663
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Wed, 15 Dec 2021 06:06:01 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 06:06:01 GMT
VRT_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/VRT_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
112184
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3831
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Tue, 14 Dec 2021 23:06:57 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:06:57 GMT
d016ac5c-8ae5-45b1-92f8-54efeb74ea02
https://www.dailymotion.com/ Frame 19C5 		65 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.dailymotion.com/d016ac5c-8ae5-45b1-92f8-54efeb74ea02
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b17de2bb097917f12756ebb689a9cdcdf47a46ca5df26ea2b27b6620452ea6a7

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
66540
Content-Type
text/javascript
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/nadir-hero-img.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
110955
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 23:27:26 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:27:26 GMT
HRZ_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/HRZ_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
34862
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3663
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Wed, 15 Dec 2021 20:35:39 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 20:35:39 GMT
VRT_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/VRT_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
123372
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3831
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 20:00:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:00:29 GMT
default
www.aiupnow.com/feeds/posts/ 		67 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&start-index=12&max-results=1&callback=jQuery111009923631939546902_1639635398074&_=1639635398078
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
8a45304faa7819fc819fde8dc964341eed7b246b78ace3586b151e2be2c2a9ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 22:58:54 GMT
server
blogger-renderd
etag
W/"8e49ce5090a978d9db09af91f430541ebba08dc21cfba5926978dbf8812bcc28"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
21920
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:42 GMT
listRecommendations.json
disqus.com/api/3.0/discovery/ Frame 0342 		8 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=sigma2&thread=url%3Ahttps%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
146903f49c6386085c27bbae3a5c48b2cfa6b3c721d28f3cde78adc2076d1d74
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
X-Requested-With
XMLHttpRequest
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control
stale-while-revalidate=450, public, max-age=1800
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin
Content-Length
7695
X-XSS-Protection
1; mode=block
482830803_mp4_h264_aac_ld.m3u8
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/video/308/038/ Frame 19C5 		17 KB
927 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/video/308/038/482830803_mp4_h264_aac_ld.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
70d75a0c59e0e1d2bc3a34351eff20d5826e419847a0c1f9312bfc09a02e9a1d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
540
Expires
Fri, 17 Dec 2021 06:16:41 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame 51F3 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:26:28 GMT
x-content-type-options
nosniff
age
204613
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 13 Dec 2022 21:26:28 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame 51F3 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 04:27:49 GMT
x-content-type-options
nosniff
age
524932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 04:27:49 GMT
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:41 GMT
Content-Length
0
53791720
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=2&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=576546978&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639635401%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061641%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635401&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
last-modified
Thu, 16-Dec-2021 06:16:41 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:41 GMT
truncated
/ Frame 5C73 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 5ADC 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(1)/video/308/038/ Frame 19C5 		142 KB
142 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(1)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
67042b35a4c83e7d770bc7273e2a1d4f867911f1571807e65c5a2f94e3773f9e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
145512
Expires
Fri, 17 Dec 2021 06:16:41 GMT
HRZ_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/HRZ_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
34862
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3663
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Wed, 15 Dec 2021 20:35:39 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 20:35:39 GMT
VRT_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/VRT_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
123372
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3831
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 20:00:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:00:29 GMT
HRZ_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/HRZ_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
87040
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3663
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Wed, 15 Dec 2021 06:06:01 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 06:06:01 GMT
VRT_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/VRT_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
112184
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3831
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Tue, 14 Dec 2021 23:06:57 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:06:57 GMT
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/ Frame 5C73 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14394067912878981120/nadir-hero-img.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
122391
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:36:22 GMT
server
sffe
date
Tue, 14 Dec 2021 20:16:50 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:16:50 GMT
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 5ADC 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/nadir-hero-img.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
110955
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 23:27:26 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:27:26 GMT
css
fonts.googleapis.com/ Frame 7992 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 04:18:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:41 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7992 		1 KB
894 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:57:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1150
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 05:57:31 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 7992 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:07:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
538
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:07:43 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7992 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
686
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7992 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 06:16:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7992 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 06:15:28 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 7992 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126600
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C1C9 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss270MIX_RWEXx85-Nt8iHGOq8scdMKD4u8BWOmlBWD7gbj36Re3OURiqgX072CjDD5D918kZAtHhr6oHVSN56ZCDCWiNur3EoNUtdFbBapuEYkodGW8g&sai=AMfl-YS1S1Y-ICcoIqLaoWbGh5M728ooai6Ood6nfQ-i-L_rA1YtfcUQoADlJ7g2-Wm8AvYd6k3EsgR-Tanr&sig=Cg0ArKJSzIQXR24gxgK7EAE&id=lidar2&mcvt=1031&p=0,0,250,250&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=906162475&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639635398788&rpt=1813&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
stat.gif
referrer.disqus.com/juggler/ 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/stat.gif?event=failed_recommendations.server.undefined
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:41 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/nadir-hero-img.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
110955
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 23:27:26 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:27:26 GMT
HRZ_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/HRZ_RY_TK_rgb.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
34862
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3663
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Wed, 15 Dec 2021 20:35:39 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 20:35:39 GMT
VRT_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/VRT_RY_TK_rgb.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
123372
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3831
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 20:00:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:00:29 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 4DE0 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 06:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
861
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 42B5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C-Jacxtm6YeiJIrHGx_APi-y1gAvA6vWuZqDnjJDKDr_hHhABIL305nBgu4aAgNAKyAEBqQKAtW1z2Dy2PqgDAaoEjwJP0KWU2bQcb3Mk4pvy3k8NFq6gim6DIAoJysoBSEuw2XTCEnvDIwKJKr5ZgO7Va-elPo3KDa7E9NvR8qNnYTCftygT51tI6p49k1-GWvePp1aRHwwUOTvhSeRqPL-fy9mFDx6fPnTiFV7hlcIYbu6schF5ilfRYZpc6if0yWNvVFvF8MrBw0-AsFw-uEWrithmYJ6AJ_GUPkd87nXZ6EmXosj38TwuuU55qOVy_ZyKiJV42CAkgMXjnWhTDf0XzXBK2122SMQ3grg-1UkAlSYA9sbsXdZUJ3u0qRNk5GYS1qXPRtEBId76yirkSga4ufiHWByLwomir2e9ePe1gTPIDDTvzlaNQoApqlTKp87jwASEhbCM6QOAB87N5PYCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQk9Em0ggJCIDhgHAQARgfgAoByAsB2BMDiBQC0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=hXjXNulP5No&vt=1&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639609134&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639635398121&bpp=1&bdt=402&idt=397&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=405629699255&frm=20&pv=1&ga_vid=1143674651.1639635398&ga_sid=1639635398&ga_hid=848707030&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063859&oid=2&pvsid=3863823671234984&pem=974&tmod=594&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ewTZxk2WpQ&p=https%3A//www.aiupnow.com&dtd=401
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 06:16:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 42B5 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDvga51TFdUrNiH8eJCtxHeXnZi7PMIuwTH62s4Xmijw7pGWFaZ6tjTOb7YAvVS_YT17HtoP0ipP1beZfMLsemXw0DZ68gRs6S201E&sai=AMfl-YTZFGX--qXaClMR0AOWrB6ezrD2hYHNgzMUvlX9p1R8kso0iFFiWUxPRo2ck8VL9pM6U-Rvs_wy9e_t&sig=Cg0ArKJSzAXxKVaB8XkWEAE&id=lidar2&mcvt=1026&p=0,0,90,728&mtos=1026,1026,1026,1026,1026&tos=1026,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3822660987&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&pay=1&rst=1639635398523&rpt=2132&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 51F3 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
HRZ_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/HRZ_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
34862
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3663
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Wed, 15 Dec 2021 20:35:39 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 20:35:39 GMT
VRT_RY_TK_rgb.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/VRT_RY_TK_rgb.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
123372
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3831
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 20:00:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 20:00:29 GMT
nadir-hero-img.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/ Frame 51F3 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/215047436056395776/nadir-hero-img.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
110955
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115279
x-xss-protection
0
last-modified
Fri, 18 Jun 2021 10:34:48 GMT
server
sffe
date
Tue, 14 Dec 2021 23:27:26 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:27:26 GMT
k0mtnwaPiJWk8CavAZCSyiiuy4U.js
snd.click/cdn-cgi/apps/head/ Frame 787A 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/cdn-cgi/apps/head/k0mtnwaPiJWk8CavAZCSyiiuy4U.js
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9f21406615f1546dd9ced7d75db04dffb75609a92a35f835405784c78119447

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
31KYZ1HH3TZ556FR
x-amz-id-2
0R6Wca3ll0GVsNFJ0J7Om7wcEeCZqxNOPFejMjLMyKc6gDSWO/3mWKAuvWpVFjxRs4vOJS65huc=
last-modified
Mon, 21 Oct 2019 15:01:53 GMT
server
cloudflare
etag
W/"7031c38f280b4d0118a771a4d493828b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcbtqF%2BHnWixLuVJfBYPAyQEZd2QMj22Sm4UqfJZyA%2BVLbDVE3OSoC9JhD2q3nkbFQ4RK5Zzm3lMTYOvPnLpTZqBCVE1bruAvrU9MBLNq%2BIKUarUZ81qmLYxRs6OYbCEKPso9xH%2BQe4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
6YU3RAlWGj1iJUnxcHmzNeblwGRVBezJ
cf-ray
6be5c8cdba4a374f-MXP
css
fonts.googleapis.com/ Frame 787A 		7 KB
748 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans:400,600
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d5cf55fc7fb9816c5b7543e469706d77fdfa681df626c471e44b08fbf0cb9fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 06:16:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 06:16:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 06:16:41 GMT
bootstrap.min.css
snd.click/frameworks/bootstrap/css/ Frame 787A 		152 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snd.click/frameworks/bootstrap/css/bootstrap.min.css
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 May 2021 13:25:00 GMT
server
cloudflare
age
149213
etag
W/"609d28ac-2606e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unwt7zxelVFwAg7t4eySDUDNdF%2B0DBN5mu0WXIeMiRk6lzOHNOv7J3D8MVCbQLIrtzOxEgEPRKjXrXlJCIvOsBrr159ikQUQvTDmWfMZhuSQLLrbqB7Nnf2%2B15DFCMFTg%2FPmRSpVwpc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8cdba47374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.min.css
snd.click/landing/css/ Frame 787A 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/css/style.min.css?id=cecc8f3ce54a139a39cf
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cf34d605f353037a0ab53e0d1abfe48d1c54263e5e763c23366e77d45960bfa

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 25 Oct 2021 13:56:45 GMT
server
cloudflare
etag
W/"6176b79d-2326"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBwTy4Ws5krl6Ma%2FrMdiwy8cC%2Fc6FvCgxM2s%2FjOgiE9i49ujB0XpiEZxelA7TBaOCx3SYsdtW07jKGmFLdnmItsVBfeG3qRbpWFKbs0MQfSDgoS%2Bwxq7b0GGEzr9blT8%2B%2BRbAj8Dp2o%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8cdba48374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
play.png
snd.click/landing/img/ Frame 787A 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/play.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07820f0ee3e5c253462bade268025f7712fdf14c0821fdaeb25040791fca9e4d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
142744
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
52519
last-modified
Tue, 11 Jun 2019 11:54:48 GMT
server
cloudflare
etag
"5cff9688-cd27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPNpQUPEOpe48dVxgqFYaSnjxgd%2Bod9y7ESZqldc9tOPQrAejpchIT216sCbi50qcU6leJSbezGTG4GImqMMqrJWfbA2m6goqy%2BOyCWGzBj%2BLdMLnBBS5CHrA8DnEnFqG2MG7ANr6Tk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3ae6374f-MXP
1000x1000bb.jpeg
is5-ssl.mzstatic.com/image/thumb/Music124/v4/f3/53/13/f3531334-66a6-a46c-9a24-d109879e0400/8445490162586.jpg/ Frame 787A 		212 KB
214 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://is5-ssl.mzstatic.com/image/thumb/Music124/v4/f3/53/13/f3531334-66a6-a46c-9a24-d109879e0400/8445490162586.jpg/1000x1000bb.jpeg
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2ad::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
ATS/9.0.3 /
Resource Hash
e89c1da385be36ce801884d3609d7339ed0a608898520cc43a31334a8ab5535d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-apple-jingle-correlation-key
RSJGQXJXPHH5CRL5G7RF6K4THA
strict-transport-security
max-age=31536000; includeSubDomains
etag
"MSwxLjE3LjMtMjFMLDIwRTI0MSwxNjM2MjI0MTEzNDk4LGlzQnVpbGRWZXJzaW9uTm90U2V0LDUxMDE0LG5vRWZmZWN0"
x-b3-traceid
8c92685d3779cfd1457d37e25f2b9338
x-daiquiri-instance
daiquiri:13624002:mr85p00it-hyhk03094901:7987:21RELEASE176:daiquiri-amp-processing-shared-int-001-mr
x-apple-request-uuid
8c92685d-3779-cfd1-457d-37e25f2b9338
b3
8c92685d3779cfd1457d37e25f2b9338-2cd69c16fe368b9d
content-length
217382
x-cache
TCP_HIT from a2-16-186-167.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
apple-tk
false
last-modified
Sat, 06 Nov 2021 18:41:53 GMT
server
ATS/9.0.3
apple-seq
0.0
date
Thu, 16 Dec 2021 06:16:42 GMT
apple-originating-system
UnknownOriginatingSystem
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control
no-transform, max-age=12530384
x-b3-spanid
2cd69c16fe368b9d
cdnuuid
e4083fa9-39a4-4a8c-a32c-03606a4b278a-641434754
9_1560249795_youtube.png
snd.click/storage/platforms/ Frame 787A 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/9_1560249795_youtube.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8256
last-modified
Tue, 11 Jun 2019 10:43:15 GMT
server
cloudflare
etag
"5cff85c3-2040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jp4NIMTgOX364z%2FiFtKDFq%2Bv4GjpNG85ZvVlSPYoghmIbCcZ%2Fr5eZU6r1OJn6VX6X0W2rA6VFkR6Aj7s4xA8xGnpf7yiTGd4CeR0QpdCAYHNtcZbbNePa5hcNkFOFDxvQmcrizjX4j8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3aec374f-MXP
6_1629198382_spotify.png
snd.click/storage/platforms/ Frame 787A 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/6_1629198382_spotify.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5041
last-modified
Tue, 17 Aug 2021 11:06:22 GMT
server
cloudflare
etag
"611b982e-13b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BxNOPSarvWvyZo6J1CcXAVFF8baVikPQu6j7PwV3kwpjNVz78z%2Bm5o2qRMkpdFwP2SyqKaEemysb4jU6brUPcH%2BmuRn9fxswLoNpTVsdOjKyxVOspfhVwg9l%2FeDewdSiXqS%2FWwKBr3U%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3aee374f-MXP
11_1619597220_apple_music_logo.png
snd.click/storage/platforms/ Frame 787A 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/11_1619597220_apple_music_logo.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
38180
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6100
last-modified
Wed, 28 Apr 2021 08:07:00 GMT
server
cloudflare
etag
"608917a4-17d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7Yw4OO6arHAucDihHePB17z%2FfiXstF2CvsDv93D2C5ugtBJWbdZPwfy1%2BAOjdP4lF%2FKdVWXBnpr0dddDN4y%2FM6deiqbeDYh%2BIylh1yj0mH9%2FWui4UKQHL71rmchf7Me2KDuefRNWyA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3af1374f-MXP
19_1629199063_pandora.png
snd.click/storage/platforms/ Frame 787A 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/19_1629199063_pandora.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c90b7e832a212a6390a5ec8c2c1161bda9375fb414ad87bfea2e282d2284be79

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:17:43 GMT
server
cloudflare
etag
"611b9ad7-bf6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVE0Wt%2BYhkMVLsPunEr6444Y04gERvutPsIrqk0NZ3IpIW7WMc96NS%2Be45xnrMoht1EZ8MB4BeJmR2THqtS%2B%2BR9eAdT527BdKuuOe9veXshuRBZ9lfU2QGFjy%2BCN%2BBpOsfSoPPH9k6A%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3af3374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3062
47_1629202649_qobuz.png
snd.click/storage/platforms/ Frame 787A 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/47_1629202649_qobuz.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9222037993e442ba70d3b56378f359c8c37b8e2cadfb301735de27bd0ea24635

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 12:17:29 GMT
server
cloudflare
etag
"611ba8d9-1a44"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l1e5lIrjhNmhTsxS2BxEZw4%2BkZycxm5SmfpJ0ncAYpFI13OSRZ0lwolA3wav5k%2FkSUz9EpsXL9MyWOGy%2ByJIHTkII0vL%2BQvXb1t6lCBg4sm0CiE8AhXx8PZViDFHp8nB2BYu%2BItBrfU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3af4374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6724
12_1629198849_deezer.png
snd.click/storage/platforms/ Frame 787A 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/12_1629198849_deezer.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa0d1383cd6184c9654b458ceb23a3ad8c700d98cab32478b805e385efd97af0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7419
last-modified
Tue, 17 Aug 2021 11:14:09 GMT
server
cloudflare
etag
"611b9a01-1cfb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0tKzfB0wiIfJ2N17tjZGIijOV1fgpzkZfCUlu41rtuPO%2FMcVCK9NbekfSGR0yptLCDj9dDFhmCnnM3VvTpIRayjtfn9enU9P6RvOvRBJE%2FnKqnf%2BYDqNguSEW1yr3wzl%2BqMgF6CzN8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3af5374f-MXP
8_1560250345_soundcloud.png
snd.click/storage/platforms/ Frame 787A 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/8_1560250345_soundcloud.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8559b7e5e86976ac2b43d84dca46f5710852e2e1c50d5fdce5fd532efcb2154e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 11 Jun 2019 10:52:25 GMT
server
cloudflare
etag
"5cff87e9-1586"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEAD9PKKtFOgq50zagD5zhkaQp%2FEN3TwFRIL5MlHrkzesMTaC%2BQMvE1IUx6gpNNOu7nlOcWT5vTZ9RzbCduI%2BDbiXyS3uAEiyjku3EQ9AS7gYCtTDbihqcWXq8yUZLEHwwTJlcysa7E%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3af6374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5510
16_1560252521_tidal.png
snd.click/storage/platforms/ Frame 787A 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/16_1560252521_tidal.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4476c31489084f057d971484ea8337d294bdce33db840a204e800da4e37ebe1d

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4664
last-modified
Tue, 11 Jun 2019 11:28:41 GMT
server
cloudflare
etag
"5cff9069-1238"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdRycjEnyccIiX7GKUqt0mIdf9Eed0PBtrMd6qdT0PILO8NpH%2Fm6sZuEeuK2gkDyMDB6FVa1r4YeAwH%2BG%2BbcAZH73zbl%2FQgXwXCPQmBBouvEkFnhLY5OGmTSgzhin91zM9NrMjZKmp8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3af7374f-MXP
17_1560253092_napster.png
snd.click/storage/platforms/ Frame 787A 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/17_1560253092_napster.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ec2fc40578b5d3c7c8ac12187d460fbde0d2775e48091c1363e4fac43f99a0b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6186
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8456
last-modified
Tue, 11 Jun 2019 11:38:12 GMT
server
cloudflare
etag
"5cff92a4-2108"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oa260Nrse77RlmUa1HtmDLqh3WjqABzHNc2lfGwt6B0pgMCvHyWKNCWLX4LO%2FDF%2BTuk2jGx5wTNCaTz56BwxK7iIgZuidd%2B0ewxZs6g8R68p9tSLCsGfnaxfzlk6gpZ129ipT85IG2M%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3af8374f-MXP
31_1629200927_iheart.png
snd.click/storage/platforms/ Frame 787A 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/31_1629200927_iheart.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32c8ec967ccde3b64e5317b356d5ca6ac6a0b39ba32f6de2f8c3b1a4e38c2574

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:48:47 GMT
server
cloudflare
etag
"611ba21f-1354"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5nvQQ9j8DSw1lqFROfr2BOFNDXyTQ1HuwBf6oWPU%2FGQg6nw3bSqEME9sd7Yy2pzvKrRaD9%2FYNgMebEpF%2B1UK6nx0oB96g%2F886rLqkTuEKlfTs9BIaSajR4U8n7lDyh0%2F08aGfGLWTcg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3af9374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4948
118_1617886201_amazon_music_alt_black.png
snd.click/storage/platforms/ Frame 787A 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/118_1617886201_amazon_music_alt_black.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
884bab512acc3235af224271f85a9030fd7461211c697519808bcb7702c1a091

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
38180
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
41889
last-modified
Thu, 08 Apr 2021 12:50:01 GMT
server
cloudflare
etag
"606efbf9-a3a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6MUOHGaG1XbdEBdT5sSaZL1tIqbqenlLFM1Ylo%2BINfe%2FrlPNl%2FrGBQWJiVEa%2BjEJA7aPditRE8Ao46feQQ9zvYJlGk4PuwvmqU8h%2F7h%2Bdfkpk62FZsb4cWdMZK1gYlzZMojqFXGLiA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3afa374f-MXP
54_1597838664_yt_music.png
snd.click/storage/platforms/ Frame 787A 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/54_1597838664_yt_music.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
871f64d89795838c773a27fb668e45b3e494fb3c24758cfcca6934f305f0db72

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
38180
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6852
last-modified
Wed, 19 Aug 2020 12:04:24 GMT
server
cloudflare
etag
"5f3d1548-1ac4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bCCovnbO9oUzED0J%2FJgBrFp1ysK%2BsAu6NiHM2NwV5vqqBIrmFjyDCujpXQCyy2Cwni6WrGOJuAV7U%2F9SBLW9jIGBtoCpAdvH9tPASaeU4Wntv6mzzkT20tYilm4KLuFkKLKW39XL6DE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3afb374f-MXP
24_1560252942_audiomack.png
snd.click/storage/platforms/ Frame 787A 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/24_1560252942_audiomack.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
654fbcbda47c2aa67f212492935f5f7ac35cb0a0ce269ac8ba0ee283c4afb691

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 11 Jun 2019 11:35:42 GMT
server
cloudflare
etag
"5cff920e-12ef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UsOIEV6vAEzqAxlII6cFfcOEq2SoJ8nZqrmoT%2BFdFa%2FkLq5mrNpeyEOke2vvy3il%2BgsEEtgeKdM8BUvQtpah18WMWszcJ5tZ1%2BEQa8RzpgNTNKjWWJC%2BeB%2FbxmC2QbcyDgyFO9V4cfM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3afd374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4847
42_1551453680_awa.png
snd.click/storage/platforms/ Frame 787A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/42_1551453680_awa.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9379a60c9161c83f5075dec933369e78b3be0d8c3b7827ceda7d7a038ee62ce9

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Fri, 01 Mar 2019 15:21:20 GMT
server
cloudflare
etag
"5c794df0-b2a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iayz1Q26XFA80oDXLxVOhCwNhH1VIZG8w1FSdvVEtR8ZSKDREUCrHR2m3YJtX9YET3uED6AfElu4fHLKABKNUuHxC3OYpBMo6Oi0ex1zt66A%2FSiVPNGRn9PuYVcaCN5xmSTuzvOvUN0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3afe374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2858
33_1629201073_anghami.png
snd.click/storage/platforms/ Frame 787A 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/33_1629201073_anghami.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:51:13 GMT
server
cloudflare
etag
"611ba2b1-1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQvQbSVz8%2BwVWz%2FIOO%2Bx55nzwdVpCoR26zZk7Iay3D7y54bSHxgK9%2BCvgRYcu21iR3yJCHAfMZckt380CqcS4NgCHDu556gn%2F%2FKGwBVgJO6zmK7TKNDlWccyGZsuqfz62DpXBtGs1z4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3aff374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6246
35_1629201159_jiosaavn.png
snd.click/storage/platforms/ Frame 787A 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/35_1629201159_jiosaavn.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:52:39 GMT
server
cloudflare
etag
"611ba307-1c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dArVDVZBs1Nbk8BduaadkY3vgXnGM2BdBJXiylFogJVuDiGckyvnxslx5cHikcchgrnC3yShfY9dIpIoa9r%2FKcRzDBybHEEsHCKXbUQWXn6zR174O7PyVWt1t10JnM%2FiI11FPwfXhUc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3b01374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7192
94_1583854462_wynk.png
snd.click/storage/platforms/ Frame 787A 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/94_1583854462_wynk.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Mar 2020 15:34:22 GMT
server
cloudflare
etag
"5e67b37e-10c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iyx39cM5qVlKubaHno7E8rkUP76NbAwWmg23TKHOcjU07HdPeWhMypos1WHHQO01axuRlE3wkcJMxWE7O8Z8zZEL1E1tlVLlVj8bU4JA2Wc8KlPaf2ysmJ2w7ww63rYTtJj%2BIp18fr8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be5c8ce3b02374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4294
logo_itunes.svg
snd.click/landing/img/ Frame 787A 		14 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/logo_itunes.svg
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
age
148539
etag
W/"5ea04bb9-37e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1pDF2N07ezKmSuccwgx0vWZtKs1Wq8XJKi8nzjzsQd4PZrFOL7wPlhVeF%2Bd%2B1d4UsfCEeGCdyw30N6C4c0bVBpPRX7toWH0ItKWdvyDC0et994%2FuMs9GEdkTlJcHveMGwSgr5z7VLU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8ce3b04374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
25_1560246937_google_play.png
snd.click/storage/platforms/ Frame 787A 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/25_1560246937_google_play.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42909
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11612
last-modified
Tue, 11 Jun 2019 09:55:37 GMT
server
cloudflare
etag
"5cff7a99-2d5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6rR8whadxuF4mtwm4q%2BMTpq4Fhu3nXwrTKFNsbEUUaoAFJsA1E%2FRUElSz%2F%2FUiBTWR%2BHKKu2HBXAYaVpjZx%2FSkuq6X3GOAk5v%2FUcdeglxHTjOIY99YCGrDnMLqshPMTvpuqXtnU5F6Ek%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3b05374f-MXP
20_1629199143_bandcamp.png
snd.click/storage/platforms/ Frame 787A 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/20_1629199143_bandcamp.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6658
last-modified
Tue, 17 Aug 2021 11:19:03 GMT
server
cloudflare
etag
"611b9b27-1a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sLRvD%2FAmJ7aBWRiGy9y9j4fMEnfQF0jUBK8HhYh15qaVhqf5vAT6eugekjmiWl5n8Rut0qFJdKEYN4pi8dTv6ihRIJ%2BQAUmZNFTxkcaULHYHxtQC%2FCOyyAtfa%2FxY4EjaBOaEukjWzSo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3b07374f-MXP
icn_spotify_64.png
snd.click/landing/img/icons/ Frame 787A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_spotify_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fee9bee5192b952739299570f6f1d5880895edb6e518c14850651083c242fef

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2797
last-modified
Tue, 11 Jun 2019 09:47:21 GMT
server
cloudflare
etag
"5cff78a9-aed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xP8uGD5eDijkqX9rQ1fg4OI3fx2f9jlpaybPxI4qiHYX5GL94HHGIZG0g7CwWQFykLcMcCk%2BVqaH1o6VeFa1dHGi8d0jaByrAKOHFb%2Bg5nj4qu1u4jf0SvgHoEAG9EyAlwHnzCINDuk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3b08374f-MXP
icn_deezer_64.png
snd.click/landing/img/icons/ Frame 787A 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_deezer_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1a32bc2f145aea8c098f09896ed081513a6f6fcb8adc1aecfdc2b43618393a7

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3586
last-modified
Wed, 19 Aug 2020 06:47:48 GMT
server
cloudflare
etag
"5f3ccb14-e02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t5bO9Kj04WexUP6fp%2FDlq2HtYwhIEjsUblXJFh0qPn8MPmy5%2F4OaQ23LeZyIETeMJoE4jQcOBnNAp1OksgWKlSOPmJd9wEkW17WsmMNh2CiwHJWGejKkIGVKp8CC1PsamlQQDSJqSm8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3b09374f-MXP
icn_apple_64.png
snd.click/landing/img/icons/ Frame 787A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_apple_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d387f8955e673b6b83572bdd758e2b0be9da640de3fc2d83c2cb96dbf4c4037

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149213
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2981
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
etag
"5ea04bb9-ba5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JBRLmovhs%2BH1MEI3TR5L2lGm42a8A5NIVJY34CTEgd9g3rt8TZsl3xc4NcpfQQy81yxTInpdcKHye0mZj%2FJwfKROPLU6Vvn7n7b%2ByhBkdCZ3%2BaMHG1WUlwwl%2FUy2f03l1LIJwG8pBN4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8ce3b0a374f-MXP
rocket-loader.min.js
snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 787A 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Dec 2021 14:30:56 GMT
server
cloudflare
etag
W/"61b75920-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tVTYS6BWI3T%2BlxoKR3TASrFrE54Jbqk4EzT29vxtNR1xH%2F6JV5ESIUCnGfw5GJCZkIwuBJutgQmY%2F5p5qS%2F%2Bou0t8BEuBWmj0MNR9RDycJR5Fvkd8b48aSUn8nD0zrZtiQtrLK4PJ1Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8ce3b0c374f-MXP
vary
Accept-Encoding
expires
Sat, 18 Dec 2021 06:16:41 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 4DE0
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 06:16:41 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 06:16:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
js
www.googletagmanager.com/gtag/ Frame 787A 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-75423470-2
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/apps/head/k0mtnwaPiJWk8CavAZCSyiiuy4U.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
17aef8a456df6793c7f80c3241dacb0e31b5e194045a6e9262c6480c000242a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36223
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 Dec 2021 06:16:42 GMT
RyunFgoTt9A
www.youtube.com/embed/ Frame 69FC
Redirect Chain
  • https://youtube.com/embed//RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
  • https://youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
  • https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
60 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b307cbb70ca418ad5378ec8eedf2e876c1659d179890a8d40372a761578bb5ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 16 Dec 2021 06:16:42 GMT
strict-transport-security
max-age=31536000
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type
application/binary
x-content-type-options
nosniff
expires
Thu, 16 Dec 2021 06:16:42 GMT
date
Thu, 16 Dec 2021 06:16:42 GMT
cache-control
private, max-age=31536000
location
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
server
ESF
content-length
0
x-xss-protection
0
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 787A 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://snd.click
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 03:02:29 GMT
x-content-type-options
nosniff
age
98053
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34260
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:02:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 03:02:29 GMT
analytics.js
www.google-analytics.com/ Frame 787A 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-75423470-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2508
date
Thu, 16 Dec 2021 05:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 16 Dec 2021 07:34:54 GMT
landing.js
snd.click/landing/js/ Frame 787A 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/landing.js?id=a4d4ab09a2052e8cd0bc
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c811b52b159c35e96af4b1f0b999753162f21933e5e520e288de72dbd5a2018a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 24 Jun 2021 11:55:19 GMT
server
cloudflare
etag
W/"60d472a7-10aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifhFzmCcEQgAJQQtVw7OHQwfR9fVPXPcw6vQkcILcK9hOwoAtxxHVdYNJ6r6YSd55nLnM0D7jqBsabkSROe72QVEc2O1u1yoRGyhPIKmEQiVmJayHsGWMBg0TwMmQCR3Qqkm1%2BfIpqg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d0fdaf374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.jcarousellite.js
snd.click/landing/js/jcarousel/ Frame 787A 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery.jcarousellite.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a5aa8749b707f73090c7fc4938f6452803ccfe09c30ff8ff5adbd6735b799e6

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
38181
etag
W/"5c0d5dac-326e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0HPGTt%2FEMSUATUmwPWufLusp9lRxSAmyvl4ugNDLRnvrvxQk1Z1No7EhPPAzhIwpaXbChF8%2FFjcngZFytvSr7EKzE1H2Rqt6NzPczHcJbGIB%2BUeHv3QxY%2F1wTLB9mN%2BgkYlh7CMc5E%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d0fdb1374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.mousewheel-3.1.12.js
snd.click/landing/js/jcarousel/ Frame 787A 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery.mousewheel-3.1.12.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac45e4c266a4fb5e7d49b00f4b3b9c53b70ccb5754d3a6d5cfc338ca3b98bd84

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
38181
etag
W/"5c0d5dac-204e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBi64i7I3GxU9cE%2Be0JkKuWPfwwFJ0BVr6Tvc4wMXqcd4WOT1f7EneDiUI8WyYaxb0plra7ohv4lUUoY7mFPiNckAnjUY2fuWdtDWghosULzv%2BPCiG9uErPxlkkmUMEKktclvQMpQF0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d0fdb2374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.easing-1.3.js
snd.click/landing/js%7D/jcarousel/ Frame 787A 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1Vs8EdBay1S0n9Mv0EKlc7StrSrflZAXgcRXRJUXgU4T3yXGBalQwlq7P1IwlpoCWrXIxzHdMoJqD0xNBcElDt3SjM%2BOnIU8D56%2BBw%2B2QCqAeyOjQjJahWEyW2i7XSgj8mEYS4MnMo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, private
cf-ray
6be5c8d0fdb3374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
-1
clipboard.min.js
snd.click/landing/js/ Frame 787A 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/clipboard.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
149213
etag
W/"5c0d5dac-29a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4CDRtOpUE4b1oc8V0SKvVHYaAf52EKCVeqBhgLh2ZgQc8yW3vADdUW9705AF3z0E71tqLf5v062EpxOpuxYtljs2aMCyeQK6HGi%2BtbcLl3WvLXSZMUKLSXn0OQDddzyeLD4Qniw609Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d0fdb4374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
bootstrap.min.js
snd.click/frameworks/bootstrap/js/ Frame 787A 		57 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/frameworks/bootstrap/js/bootstrap.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 May 2021 13:25:00 GMT
server
cloudflare
age
149213
etag
W/"609d28ac-e2d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PpvdtYei4cCXa%2B3GMtN%2BwXFQXUhMlXxHf%2B%2Bml3AEXLMJL3ivx6L61%2FWIZDtYHUmQfa76U%2FSbNWpASjeBWyN3WKCiwRedNmC7rVy33QNJyeSGJPox41%2Bjy5qD0oF6M%2Fe7q1Q8O6sPw9I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d10db5374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ Frame 787A 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2459016
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6157
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zs3JLjIktUWQV%2Byl87M1%2B6utsGwMx6%2B%2BiAftmKBC5byJ1UBgtX4b%2F8cvot53Fn6WSBd7A7GL043aJUnR39VScxKuYo4UMkqiE2N99Rw3aJH8w%2BUv3OPwNaQAn%2FsT69Fv0OjRaogPfNhBHGACJUPpwY5%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6be5c8d24f020f86-MXP
expires
Tue, 06 Dec 2022 06:16:42 GMT
musickit.js
js-cdn.music.apple.com/musickit/v1/ Frame 787A 		230 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-cdn.music.apple.com/musickit/v1/musickit.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::1fcf Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
daiquiri/3.0.0 /
Resource Hash
638b07dda0f438a7f4c609bd114bedcc9c15b100133b8b8ebffc7fb85197bcb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-apple-jingle-correlation-key
C4LO2VII5O2DEU7UVQMM4M3NDY
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-responding-instance
silverbullet-external:3002:mr28p00it-ztdg08092301:8301:21REL8
x-daiquiri-instance
daiquiri:15887002:mr85p00it-hyhk04103901:7987:21RELEASE198:daiquiri-amp-all-shared-int-001-mr, daiquiri:18493001:mr85p00it-hyhk03154801:7987:21RELEASE198:daiquiri-amp-all-shared-ext-001-mr, daiquiri:18215001:mr85p00it-hyhk03094701:7987:21RELEASE198:daiquiri-amp-store-shared-ext-001-mr
x-apple-request-uuid
1716ed55-08eb-b432-53f4-ac18ce336d1e
content-length
54285
etag
"40b3884272568618861bbec2af9ac315"
apple-tk
false
last-modified
Thu, 9 Dec 2021 18:22:23 GMT
server
daiquiri/3.0.0
apple-seq
0.0
date
Thu, 16 Dec 2021 06:16:42 GMT
apple-originating-system
UnknownOriginatingSystem
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-transform, max-age=378
x-apple-version-number
2150.7.0
jquery-1.11.1.js
snd.click/landing/js/jcarousel/ Frame 787A 		276 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
etag
W/"5c0d5dac-4508e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFoUMUppES6PUH6Phxt8%2By1%2FAheqqYo1tMQtZ4J9sCVArd8qn3gHdeVvnE8qefO1KYcaMG1Tdek8GHOH9WVaxxyY2lbz5KNHXBdiUnUbzbdZ9mA5qTs1Cb577gB8Ys7eDvr5kF1T10s%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d10db8374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
www-player-webp.css
www.youtube.com/s/player/f3c4e04d/ Frame 69FC 		338 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f3c4e04d/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
93a8cc54b517a35c22648e5a2b1694dac62247ad174386f1791d1c4d0c6edd8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:44:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
52337
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47369
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 03:39:53 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 15:44:25 GMT
www-embed-player.js
www.youtube.com/s/player/f3c4e04d/www-embed-player.vflset/ Frame 69FC 		226 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f3c4e04d/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d4257a3952d7042f95c20a409c2ac8675f4d9b199db3a296de2b6759b77d33e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:44:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
52324
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74766
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 03:39:53 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 15:44:38 GMT
base.js
www.youtube.com/s/player/f3c4e04d/player_ias.vflset/en_GB/ Frame 69FC 		2 MB
527 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f3c4e04d/player_ias.vflset/en_GB/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b4caba83d4c4cdd6bdf515ca1d9763e5ba87884ca3df12c379b04dd1d3f1f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:53:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
51787
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
539641
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 03:39:53 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 15:53:35 GMT
fetch-polyfill.js
www.youtube.com/s/player/f3c4e04d/fetch-polyfill.vflset/ Frame 69FC 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f3c4e04d/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:44:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
52324
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2830
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 03:39:53 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 15:44:38 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 69FC 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 17:06:41 GMT
x-content-type-options
nosniff
age
133801
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 17:06:41 GMT
id
googleads.g.doubleclick.net/pagead/ Frame 69FC 		113 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f3c4e04d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f9019344d935a479e1acede01e904875eec4e1decdbf0254343eccb1c0511175
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 69FC 		29 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f3c4e04d/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:12:15 GMT
x-content-type-options
nosniff
age
267
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Dec 2021 06:27:15 GMT
_5cMNwgFbhqFzysIXU1z-fdfZ3ZelUNkfvkSZuNNDpg.js
www.google.com/js/th/ Frame 69FC 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/_5cMNwgFbhqFzysIXU1z-fdfZ3ZelUNkfvkSZuNNDpg.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f3c4e04d/player_ias.vflset/en_GB/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff970c3708056e1a85cf2b085d4d73f9f75f67765e9543647ef91266e34d0e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:24:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
42729
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13294
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 17:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 18:24:33 GMT
embed.js
www.youtube.com/s/player/f3c4e04d/player_ias.vflset/en_GB/ Frame 69FC 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/f3c4e04d/player_ias.vflset/en_GB/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f3c4e04d/player_ias.vflset/en_GB/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
964e46ffb1cb7b086176196d02b695bacd525fe9ccb27d7f59d378139c72c6d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:53:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
51785
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7311
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 03:39:53 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 15:53:37 GMT
generate_204
www.youtube.com/ Frame 69FC 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?Qa9SVQ
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8b61fb2893b73c586d2845e65490400034813f611dce6503606c9408b8404fe0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 06:16:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8628
x-xss-protection
0
comments.php
www.facebook.com/v2.0/plugins/ Frame DF8B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df14db6e556497f8%26domain%3Dwww.aiupnow.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.aiupnow.com%252Fff3347fffae398%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&locale=en_US&numposts=5&sdk=joey&version=v2.0&width=
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=d230c964e91378700a4b54f6450bc8ac
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html;charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
x-content-type-options
nosniff
x-xss-protection
0
x-fb-debug
THFTzwmbpMiZsO5ABLug6GOls+x1CU68hppTvCmHYgfg6L+Vz8NFGv/yDemI51zqAZWWMcYTNTP9Vw9nUCHs/A==
content-length
0
date
Thu, 16 Dec 2021 06:16:43 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
analytics.js
www.google-analytics.com/ Frame 787A 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2509
date
Thu, 16 Dec 2021 05:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 16 Dec 2021 07:34:54 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:43 GMT
jquery.easing-1.3.js
snd.click/landing/js%7D/jcarousel/ Frame 787A 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:43 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ICNcVKwHwuZq07Kuv08Z84%2F%2FiTLuZOIFjC13xS8MeRGu3cA5YzHPQLX7I%2FgFLw3SZ4Npjg8Rqguv98w%2FSrkBOdFqiZF%2FFXtbyJH9ML9but9CrFM3324fByUcHVPtfn97JvO2V3SFOmI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, private
cf-ray
6be5c8d5ba1e374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
-1
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 83F1 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
date
Wed, 15 Dec 2021 22:19:03 GMT
expires
Thu, 15 Dec 2022 22:19:03 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
28660
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame CED6 		783 B
537 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
aa3e45b119196aef98db5cc4180fbadbe4127094d0acb14fe825711bff64ec6b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-J+4JXH0J2P335kx2Ez+ebA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Thu, 16 Dec 2021 06:16:43 GMT
date
Thu, 16 Dec 2021 06:16:43 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-J+4JXH0J2P335kx2Ez+ebA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
515
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
53791720
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=3&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=872801742&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639635403%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061643%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635403&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:43 GMT
last-modified
Thu, 16-Dec-2021 06:16:43 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:43 GMT
53791720
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=2&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=291786836&wv-type=5&browser-info=gdpr%3A14%3Aet%3A1639635403%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061643%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635403&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:43 GMT
last-modified
Thu, 16-Dec-2021 06:16:43 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:43 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame CED6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=3863823671234984&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
pagead2.googlesyndication.com/bg/ Frame 83F1 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:07:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
50982
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13622
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 16:07:01 GMT
all.js
use.fontawesome.com/releases/v5.0.9/js/ Frame 787A 		682 KB
247 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.9/js/all.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0

Request headers

Referer
https://snd.click/
Origin
https://snd.click
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6692110
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
NENE3TBZ7TNHTTMC
x-amz-id-2
sd0uGj5TFcK9tHmDoqAVXtlzWctS8GRIRhTn4jhCDDdwfj13NNioyIAyqURj40CTxmhIWW2UI40=
last-modified
Wed, 30 Jun 2021 15:28:17 GMT
server
cloudflare
etag
W/"bffc6023835e717c0348c41583e56eba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qC9fc0yEorVanO%2FLqbKJsBPgMvA82B6n6QPF5CYyNKuJr5VsJsU41D80thgB6MFuzb2XOo611fjljHxfwteWTwDq98Z8wGcDoXnzSg7%2BggA8k5bI11VvFCuMa56MJV0UtZ3s0XC%2BW5XNkGgWMy7i%2Blzu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6be5c8d82a8659e3-MXP
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=3863823671234984&bg=!lZalltLNAAZKWFskSlg7ACkAdvg8WoV4Wfq4bB0fbWf8_Q4PxZzwT1WV2o9RuV9Qq-rzidFBxFg4nQIAAACIUgAAAAtoAQcKAGbQFWjiCqiLtp3zBGKBPDGPgQLqBXtucHCXjwoBLhJnOpi5MjAOTKB-ORstE5xfnIH5ThYX_GcuJjDPESbzdgzMA-K3vQ-nJgXSKqwo6MsMn2Zo89wvyUmYN-0U3S5Skk5TkEpFTOSZArOnNoW7oTPAhEY2IA-9PElWskl4tXi2nk0fA5E7e_5SRtigwOFNEWEJ8XQx2c3VtQUpT7hrXnDg3n65Cx5tG8grDEFBdAcSRF3z7mT3ykrxEvFSvR_qn1YGjCBLDk-SRBpAQiYzn4RHqugx809e70d9CBbAhHLk2A1z4ZSQZpcdzNewCnfhF-Zv2CljuxZm_srZusbWaJWN_5OY4biyYz-L-ianUAlHy29VyTqhbH_benzfMP_G64aDvvOfn6KmZKD8YgrHzWFZsToJT3OTUI2ItY299PIa_iQB8Oc3z4g9UFmYeigT0ywoRYF8hAXxLJPzXDgBIS8WAuP8KvswteAy9huDPjDgukawUUr5fgfSbjG-S8i8mU7xyp7OCGf6ASL6QMdolRIq3t9FDht2vk1qZ6y_KbuQDKGe1tIyZVz23QAqOFIU8GJCWH_GS6HQmAy7fKn5l-fNP4hpGw-l0-nlm9YEdl9WBVxhFazOpKXD7aWGDUFiF3a06rAykOmRGxq7uQm-TVksWwi6kS1Y0NJXjDNjdiyNKkUKsLUZ_P8ZQahvNDZde-TILxNaLSAVgs6SeU8oUCW062UWpoye_x39OIH6jcxaQctBB-c90p3W2vK0lG2-gTCJqdthW2ILDYkt9kWafLTYf8gMNP0PKtm1JPmIejvu5l8uFcp5WOASpD-Ud3ma_JkXQsxkzy7m6KC8MoZIFPYtVUrHLng4p3WIJQALSlYz314tbqDztqLrq6Kb8LDneU66ai3sKaD62ZnSeer6D1QYJnp2yqiPjn5tD38DYbkxxjvbbhJ6WI3Lk-9-4rzlli2a0jzMNEjxSkKsX1FgeIpNIm7mLUjYhHtaFWz6FvQrsMXjdefE9inQieXRT3T5xDxRFFxis--ZtuY_camEGy-KQ--dX278xiAMC1Ki
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
33_1629201073_anghami.png
snd.click/storage/platforms/ Frame 787A 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/33_1629201073_anghami.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6246
last-modified
Tue, 17 Aug 2021 11:51:13 GMT
server
cloudflare
etag
"611ba2b1-1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ToPi%2BaiItIdrsJQJWChEYWQCrRXxXQp4DBvVHRugmeea18sg1MB%2BhQctLI1BLi5A6fv%2FJZ5el%2BfbP%2FR6sE%2BztH78qwqk2lwqIcQVLOGZAN0wr1zR2hI9sWzeEP%2F1fAMfzuh9tus1MI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d98d6b374f-MXP
35_1629201159_jiosaavn.png
snd.click/storage/platforms/ Frame 787A 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/35_1629201159_jiosaavn.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7192
last-modified
Tue, 17 Aug 2021 11:52:39 GMT
server
cloudflare
etag
"611ba307-1c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OLI5Njgj%2BNacWyq%2FtJUA21m1wp%2Fd39bM9e7PlWYrSrrOYsJTMEumegjkX%2Fm1UqoAjskE8AJBYlhmQBfXCq2gmA3m96ByWwJn7uayPJTdOpjqXaEqhoQctuIK4N6xGvpc5vkDrZy6k0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d98d6e374f-MXP
94_1583854462_wynk.png
snd.click/storage/platforms/ Frame 787A 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/94_1583854462_wynk.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4294
last-modified
Tue, 10 Mar 2020 15:34:22 GMT
server
cloudflare
etag
"5e67b37e-10c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LCDMtzpwK9vx5SkpRUwpLhsXZcZtK8dCfxp10ojf%2BmHN5lVk2gyPXe%2BdUyX7GiI2t7gu9JR%2Bqmxdh091VKt9j7Cl4HL3A%2F3eJArU2K14tq3tzzcmcXx5M%2FT2HqdCav%2Bb%2BivmgyKjXac%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d98d6f374f-MXP
9_1560249795_youtube.png
snd.click/storage/platforms/ Frame 787A 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/9_1560249795_youtube.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149215
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8256
last-modified
Tue, 11 Jun 2019 10:43:15 GMT
server
cloudflare
etag
"5cff85c3-2040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ld06YAJ%2FrKCt22iZhS8tzeb6QinB5wl9gSr7ml6fhqMV7U4SmfK1ifQYo%2FRrIO2fSflu0pWalnl4NwQOxmlbFDGtYdbr2C4vxg4rV8M9oku1O%2FXqMOJDQ2FC7YyVuduAXt4j%2B%2FpbTns%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d98d71374f-MXP
6_1629198382_spotify.png
snd.click/storage/platforms/ Frame 787A 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/6_1629198382_spotify.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149215
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5041
last-modified
Tue, 17 Aug 2021 11:06:22 GMT
server
cloudflare
etag
"611b982e-13b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UUbiSn%2F06O6mesgo3swtOCJr3JGUTGDzXgm%2Fz0Sy0mTRuLncr1a3Qdw5oT1PccEpYKSnXXOzRrybRUvW1XBqxV0xcVgMLtfTqJ7APcTT6D0KuOQs%2FJRy8Gorj%2B%2FZxm2d65BHthPryI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d98d72374f-MXP
11_1619597220_apple_music_logo.png
snd.click/storage/platforms/ Frame 787A 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/11_1619597220_apple_music_logo.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
38182
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6100
last-modified
Wed, 28 Apr 2021 08:07:00 GMT
server
cloudflare
etag
"608917a4-17d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=37yR43wD%2BrHwkDC%2FEZja393f0BCb79ELocLmJ6GY%2BYFhG5LyOg3buS7pDSHV53a4G2l3ezvyh100AaAH99JTL%2F9DprX84ufYhLrp2HB6c1kAErDMoJbsMCr6ZLV5t%2FtEtq1%2FwIi0Alg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d98d73374f-MXP
logo_itunes.svg
snd.click/landing/img/ Frame 787A 		14 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/logo_itunes.svg
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
age
148541
etag
W/"5ea04bb9-37e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yr%2FRgVycJS5h9YUEJNB8W5nCbZD%2FcmoB7RrSZQAgrE6FsDmgRTRszuPzyafeB9duI14HJrqmG3V3lU6IVGRGbt4RoQoa9KvKUdO4gQ4Tm83DqPzb%2Fv0ZFQ0aroVdvbPjHWDEbcZpW6E%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be5c8d99d7c374f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
25_1560246937_google_play.png
snd.click/storage/platforms/ Frame 787A 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/25_1560246937_google_play.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
42911
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11612
last-modified
Tue, 11 Jun 2019 09:55:37 GMT
server
cloudflare
etag
"5cff7a99-2d5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hL3pKY%2FOYRWUw%2FoM9WXEvXJBXtxSAd6R6uS74fx%2FRxiE5i75tcsRVBhmxQLoHh4XUq6g2ZUAG6xmJYEPzZKwBpY3W8uJb3Hgf2xZINVbGQFk9XHkebUsfBrIJWiAbOpH39rlmHN19lw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d99d7e374f-MXP
20_1629199143_bandcamp.png
snd.click/storage/platforms/ Frame 787A 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/20_1629199143_bandcamp.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
149215
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6658
last-modified
Tue, 17 Aug 2021 11:19:03 GMT
server
cloudflare
etag
"611b9b27-1a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D6a1h6tAQAn8%2F%2BNHpOrC38gCMZmxnJm5omSa3yyhShHQXYe1igK%2FDv%2FiihPbRXdnC2nHdFdBsqjd131eklVDXia2hECYrTk%2BXewVSQLqiZKnIAQYYA5k4WAXyLZ34S8U55xvMht%2Fxbg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be5c8d99d80374f-MXP
nr-1212.min.js
js-agent.newrelic.com/ Frame 787A 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1212.min.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding
gzip
etag
"9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id
CK1S7TGFRKRGF76T
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12828
x-amz-id-2
OGqjKrSebYkUVENKnBZOO4YDw5DwZcRT4aGdJn2KMjFv/e5QUu7w42g0eld1GCwLABtAziS0ZlQ=
x-served-by
cache-lcy19228-LCY
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1639635404.839770,VS0,VE0
date
Thu, 16 Dec 2021 06:16:43 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
1706
iubenda.js
cdn.iubenda.com/ Frame 787A 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iubenda.com/iubenda.js
Requested by
Host: snd.click
URL: https://snd.click/landing/js/landing.js?id=a4d4ab09a2052e8cd0bc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.214.240 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-214-240.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
39ffb5a9e67544a56b3ec4b1b8060a8c9a7cd29b750e624394a37f414cdf630b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:43 GMT
content-encoding
br
last-modified
Wed, 15 Dec 2021 10:23:26 GMT
etag
"61b9c21e-145b"
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin
*
cache-control
public, must-revalidate, proxy-revalidate, max-age=86400
content-type
application/javascript
content-length
5211
expires
Fri, 17 Dec 2021 06:16:43 GMT
db9141e72b
bam-cell.nr-data.net/1/ Frame 787A 		49 B
724 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/db9141e72b?a=184865423&v=1212.e95d35c&to=ZAMANRNYWxZYAUxeXF1JIwIVUFoLFiNIR297EhYRPXpaC00QV1tfVhQRPTJcUyZWDExFXF8KBxMhSUcKWgdLRA%3D%3D&rst=5540&ck=1&ref=https://snd.click/mjI0tjt&ap=3230&be=4730&fe=5421&dc=5410&perf=%7B%22timing%22:%7B%22of%22:1639635398330,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:1,%22rq%22:3,%22rp%22:3428,%22rpe%22:3436,%22dl%22:3438,%22di%22:3598,%22ds%22:4043,%22de%22:4043,%22dc%22:4729,%22l%22:4729,%22le%22:4731%7D,%22navigation%22:%7B%7D%7D&at=SEQDQ1tCSBg%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:44 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6be5c8da98e61893-MAN
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:44 GMT
Content-Length
0
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:44 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
log_event
www.youtube.com/youtubei/v1/ Frame 69FC 		28 B
56 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/f3c4e04d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
X-YouTube-Client-Version
1.20211214.00.00
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgswaG84aXBvZVB0USjKs-uNBg%3D%3D
X-YouTube-Ad-Signals
dt=1639635402621&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image&bid=ANyPxKoJIlGw8z4YAIOfCwjp8kygJxYz_Ft5eou_LD5K-bPA86j1kMKbKeF0ZNyTDwD-Z19aH4PL0hKu7k_QNkFuKCIjahuyYg

Response headers

date
Thu, 16 Dec 2021 06:16:45 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
expires
Thu, 16 Dec 2021 06:16:45 GMT
53791720
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/53791720?wmode=0&wv-part=4&wv-hit=396170086&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=1030410987&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639635405%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211216061645%3Au%3A16396353991036985383%3Avf%3Aykcyjkqfpgygy63o3j%3Awe%3A1%3Ast%3A1639635405&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:45 GMT
last-modified
Thu, 16-Dec-2021 06:16:45 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:45 GMT
x7zgqmr.m3u8
dmxleo.dailymotion.com/cdn/manifest/video/ Frame 19C5 		18 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmxleo.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?auth=1639808199-2562-pygsin3t-c54248d020a085be9eb4616f58ebe01fA7sfEDDd6vId6tWTAZJdtWoAsW6jtLmJtWgnmesZ7ZA3x3qaD4qZLYGnBaYG4xaoA_70eUQhRWXexb4lckmEcal3gqz81PZUtXct_sE5aSGEzBewfshxZy2bZuSL3mahRDxqhgZSCDyVE34BcTITfRVQ3RgrY-N5JaYQ4UgfYYdLPGMlrxeHt7dzByl4xzONlVTekTEAumpJja9XVEzkkMx_kzmmqTLXrR4pYZ1nEJm30NcnuuP0AAbbqYiHcNFHelH0UuD7CzMUTJ5mYVSZQFTX-W0CeLv0gtXiE6GTaB-pJvwOPbIR2oJRSDtR69WnFSPKlN8C0PuTe6yKihqVn7s-DQOCI_aro3rOCJq5cVhgOpIFwIfoX1Dms-Z2NGs1tbJujCzJHrh-Tnc3MyBQU1dw63vLbJvVYLMlzjIQg6sal6Sl0rMoguw9pe_p2XGJPpNiOzyYnVAxgQCDhCt9wwmpWEBfEMyGHzd-MYz0hx5NIzzj-TT8K5FsbZM2P6N3Il0m_317JLpU2YYOydb-H-6Zs-sfAvu-J_7joD1JTK3LBFbMXCsdM4uaTs3seXDp6oCFJ9HqIGzH57aS4qi-aLbbQASFLAcDEIha2xgWWVVZxp4iRwwiQ5vwr8Q7ePv8rieW7AQTIe6VrhJmakMV0eikGYaax5S09eRYZ0ecb_myLynnBD_YLn3UgyfSM6V_uajmnJ1LjRUU0K6yJTacOfKdgl0GhF7BqObahtUnXdJrC-_a0mOXFgLX_xs0-8TiJtybqK62qSizZeRIo3QZAf9vYwkV5b5Sgq3Ka1oeoSd37IkWXWdMWNC7dSbrG2fBbKWQUc49aFqiBE4VD38wNpm87nHj7e8uVK7fJmpd3fN6m0ihw2od2cc2kvCKFBD0Fu2cQsZGD6gXQqFyVA13-xT5gAnxLvultYW2fSyYjsxsaQhbir7DKmK84ddqA8wGt2eVWfAqXFYRBzCaKqFjyF3ZwpIzGyVWtW5FTxTeuwoiZZpyGhU6oorltZamG1r_hMMZDe4XVkz50lFZ7lLR1tbdQm0NhDLLlAT7LE1lQm3E43KzicT821BuZns5oiIIq-Tt46NBYe42L6T6me6BWyaOcCNXruAUEXSarHLWw5-xfShcKqdzzQWxBcL6vkiMIxophfke9oF8r46NFKCeLAI92CxaYknSybs14gaM8IAi6jZywg2PYVYjSyEkGq84b51aYWEVQSOpAi1Vrk0RrW86DyMT8PzZ0ah0ZB5kJX3GRG-Y_WcgPHCjeJO_QKcqgFsbSoHgDyf7mE-LPr3M5Bx6_tz_6OcmhSK5znFKKhyhOEXeIVKsQ48TndBkzcN4N8MJ7YyqT11kz9fWm3SwdZ6J2nbf-ppM0pockChM-PMg9dKf8lPUoQiN_XDUi0lODvnlYMKUB_rugF_TzzX-Fq1eFz1zQ6TGe2_ALlPud0882nxCgTB-jhJ_55RqstmPeiqkGEeTzk3o663LCD3dEhrOe5LEM3RLPijI8ivmh7CwBS7raK0qfjA_vOCXhTk8NVRYnrkYBnCdaGmV6F_EaaoEclQzmpSfAncAQqrOoR7CxWNT6WlYXJmjizCSrq9N2U4xKjxmyyWLQCGWhfn4PB76MiPgB48T0R8nG9r-DChTJMuR60TjKh8jnnFCOrCzecTNiR3EQ8sBngu_ig6351PpF0WTWKYHkcWg_ahrLC7HCZCHEDAWZ8VqGo3iDT53TlaR5w9nifaed7AiR6A_fjUXdArhZdNfnB4aA-q8sx8uOP21cPsN9Th_n9goPmGRIba8gIB_iKyjIrb1uPS8d6Ab3eL1ri87riysihoHjuDUMDQd4I92-DCNQBvanWU7AEz1OPkRj15I5-uwxm86rb7LMMcMxzE7jBaSZVDk74D2c6m1wRzB-78uGQAAkbDm-VGBynkfHA7UT6HgGluYbrRyV4TGY1ZFRYsx-s3cBp5G5ak2XWqKJeplOIpESYsCumwbp4yepQznaaDYSNzoGIUVxgzhY_1LtycftOk6TmzpDNAo80xzcgBSAveYKTZsRnCb9W_ApaAwxa_J1CP5clMeE2fjbYXKFTVkleQAA_FSn6l5_HjEDa-qj9wTHMc1hgzvZXigRAcYKyyYLoWk-ZBUi6nNEtJYVPKruUp1QGwwMCZThFia7jheiZ5WdqFWHYAPc2drttb4CXIdNqfxHQhfGbLQbgs5YMG2yFuRl7oW92_r-UlhcgB2EX38i_f3JKUYapbjRwYye5ykcm1LNqNwDSKFgnL_shTtuTq8x11rtdKMzhPGtz6tCq71la1TjRo_m5TekYYCU9831zNAbdyVYnIQ-hCOO8vtCb5U7gYb6F-Wq3ilopaW4HxYXEoKi4HlhPQKu2urMCuFwLAVSyW0frbyIiQUhIL2PrAGFqxQwXWpSaf5O7MMM3u1QlMUizoxBtNtWG8fftHz0thaLdOjCbRLUvL_z5brzFj6JFb9CY1ynkPi54q9rc8aRkID0MbsewTzM5XVhNikGIYXwlwyNafmMU7rxB1PsZGXDfWWXPZUNo-kMrIne2sk8d7DnQK68iLrath9E-QCZ5N5FgynKKqPPnxGeZbWLKYUzMeVmD69xAgV7XUW0IgV5KQPhXNPpm23fiJESvtkhr85cdnDeKqUuZpG9t6nSgLZvsGn7OTHM3MN1BGW1I0PE-7cNy2gOphVxdLDXdkPakRA9t8WPhUWNLclMyBrrKumdMBylVDBYuiH7IMdEM-u_h6RiU3zHteMSM7cxRzjTpb3TXsTvWd5FXrvvY8Nm4Ln898A&ps=340x191&td=www.aiupnow.com&reader_gdpr_flag=1&reader_gdpr_consent=&gdpr_binary_consent=opt-out&gdpr_comes_from_infopack=0&reader_us_privacy=1---&vl=-1&ciid=1fn0u5cef7n4vhu46oc_VMAP_0_0&cidx=0&sidx=0&rap=1&vidIdx=0&vad=1&omn=0&imal=1
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
60038013e5f77d09d6e56cda263b8c76259c5b8578ee43e70c4ff5623fef857f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Thu, 16 Dec 2021 06:16:50 GMT
content-encoding
gzip
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET
content-type
text/xml
access-control-allow-origin
https://www.dailymotion.com
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:50 GMT
Content-Length
0
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:50 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
x7zgqmr.m3u8
dmxleo.dailymotion.com/cdn/manifest/video/ Frame 19C5 		339 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmxleo.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?auth=1639808199-2562-pygsin3t-c54248d020a085be9eb4616f58ebe01fAafWonwnlnzas_bYNrGGYZwcgVRekWxSqznu_q_nGYHEqyPAJOLDO4gyyhae6eAk6fFMY6ZezsSGF-SVzc8-pY_0RLcWBsx6auWEoTY6v4FwmSqDmxTOEaFgovi_YbLW9p-99wCiQvH3KgXrGYk4gmC3ZbAawe1vY5hvvCyF_ts50v3nenv61tmwm-QDSHJMaAKEQx-jfQkl0fMaWwTtKVyPkRyq5mme7KZalpb6EV4XAsY-ih0H2zoM3AEBkGJAUjgrK6nyLPVa6-nBiDDZdKDP3pW-sOuq-ecD59KuBv4kvi6usKOfSDNQz9-FdnjMsONUBf4sKfneYnqB-KLcVfXyY9zpV_EfxJAE-VL1WyelIYHjYaN5dH7e6ziSFxK7ILeejQix8oeTYx4yUGsJDc3JpIh5ubSWcG3cBV3cI94lzTqFg_6m2NLPx359BtCQDtz0uzWLjN-gbaW6PpU1GBI3W7YtTudYjMtqsqcF7JoahX22YMOKySwqYQT6SY5NprS1M6m7YCitqQEKTKd1xZ9aGk1Q2bXY-TEayzQ0DNsdwneMrWgX24upHJaXswgF5-MJYrYxvxMTk3s5OCZimIL8oTE7v4IOLrTcefaKGJzzHUor8lZTLw9PT3q5BFFCmT-OkIBWufZkshek-NNTDO9dGhIY9NRZUfF7aLqoFGSbAoRjl85GxOUSHhcwKb8couHH8dMyR1uOlRBSkJWMePXEo1sTrVylMKIhjZSyNCsLNZzoL-WmLFFqh2xbIQig80v038r0pnOvc-VW7fBBF50er63ElfY9wVQS4U9-F6CuWLXA5t5_dlvrxhZphBH_npBkeVx__0HtKTm2zNeHxhNdIxKxckCD39gvQXiQ3HryinaPfzYyKulqr8QhqfqV8cQJVWzeuscVVqvWFaQo1m8O96qud4GxakaKMuArvDqyVkQnmDRnkkS45NTrnriSz5Li6ILTpplLRGMFG8VFT465ni_W-v_EcccTnJGKf0lLmLWtQYPLmopqIoS-vLYSiZ5FJ1_bAD5FaWbYqBR4ZjxIU24QDYKK6PJn1E0PekJ6UyEjJsjg7HgKpGI4YnYNLoxdpHi-JLgF1VgW9qivnHnzA3iUauHz9W_O2-WgrzFwxwns2bsRhquyvEEZVlpCBpPVzUP58ak-ZYloto7-MEXNiD5XuWEdxfMr5Pxoo3ojXD4h2gR5Q6pAG295uI-X-XkycpIk9JwYP5NtByjkrWzWNU-JfgD3aNMLR6DzqiY4U0ahtAL6g5eSR_zNfumJy7wRyWcch2YtcuFCKO5tEeAMdxqp1K32Y-Yb6Qp3xI-OFkKx1yVqRnIyup1-lnCZUN818zD_qzb4esIc3-GuBjyY_tPexdrOXUgfcKvSWzAC4RF5lKT7GI5wcLteWQyOzXm369aLPhrPqtiX-wY_NKa06O_IfSXo0NQ1mnspWLKhPeavmenuIjJW3usWeBqUJMqLRR6eszj3UcUXyQaUMQ0nza6iJtDAgaleOyhJJ1sk1gQ-9aQ4tqW6KSHRIIE4mUTSGNC4bMQlm1juJCnGvZROLUAJkQdIX0yRVlYzIKbUuAZvRgycaPVc8W9br1ly4rFUm5dJ-ASfzI-sFw95FCXb2zOa6I4MXnptGdmH5kzv0rokfPI6J8SRbH_XcLG88g41T77dHKj8lH4L8DT7eqaau0QWWiExPmdzLMhNSiGWlMNZ6rMp9FoRq8haM-nXP2t6X7be9O_w5e8fRmqkS0Ii-YW3kmkDfsnwNMHKd5-JQW9mYfZeVBSlbC59QolM5angciPI0dil1EkNLwDQNGtfjymHayUitPUWBcfjv0ZxK8yd6ePbiF2L3hfuc25ycku93g-kEJjYkr4MnYCls0q4e2ySZk2jflxXHQV58oVTZ95G-iUl89UfOY0kQG_f4WVENvwy-K5qb_Iy-aHGsio7Jn4LR7QEj8se4RH_MIXR9l8oCzJuHG5PlujfwMi4bwlAfHhfz2nmQvac_ruPtaCp9OPPauCneyiXh3QlMfLLDldUsKEDM0B8DlI_cY61s1F0IFPW-9LIfW0gHrKsGdTyM6u4gEsn99jzhU_7PBEH-fIm0kIi9_vzr1NQqiogWtARqkbtK_MzxnDFXMK9nNwzdgDOAZoAtG6bJIRN0ytN_UOYfEnZlmwiPg8CFAFHfibhxojaT9RVgudizPvo-IPPakjy19Yq66Lsf8OTRUuAaPfe5gElJ9xsK-496sEcQ8fVdpRTsulGIllI70KLzqzz-wpRjNv6XLbc8EPh8vJenC4nTVjOKVLLsd2VKT30By0-ybJFndNW69jsvbiYIxrGkMlOl3cwJA0zaAHI3Rz2cRQW4W_fIvZZSLymIordl9ZjFFMUnArlPMVg6oz2QlYcbeuSb8_Gs_SVgq-I6IjlDOBiMDsxWUyptQqk-tVEnv80l1UQtkBFhaqwB-UgQtS5hzwhUZ32NWaNVY_KjNX9RYENfnuckOfvUjb8SE9ZN1IAuxoJjaPjhEL2LD87Bopj0GQCLzxxfJ0bpO-iSf4L_OTMuuEGO2Q3_fyDoqqYpcdJM49JwngdhbV6H_fKbVQz1u6CgCtrrr72aGpdaOblh5yS5qCxAL1OeK1G9QhBVe3rXeq6dQfJGN8T8FfNKhbIVOwySHB8EdxLYdsOZM9U5Lsi7NLBIZUscgwyoW_b6Xdn2GXXf0DkeTDs9HzL4CFM_0jdGRQzCurUtJ-uwldlYnpveBl_5fW4CM5SZpwfqsdLuK_dj8SSR9rdJuvh2h8TcPxVZQ2OQZxx2tgQRPpVavCVT7ROJXljwKV_OMmh5-0uVXKGREFPa99ArfrbaqcPsv0O5ZIYCPr79LWhEqvQ3YTjp6eeFq2kK95X_jbOsDHHahNj0pU7gxfDnb0cTWRmYn7-_Ul2sVNlGzjsy5Dog_CRyL3Wop58aFP_y88AFPsRymrsgw3A6siIt5-hIPsjyLPljaEs55ztHr43OQXjKCB4h6Fv_tmsCCzN9bACcjlT9iUt8oaioxrb6ngz1ENzXbnu_sJc2prj2hJPujnw82bGXQeeWt4tLWQK220HyH3d7mhVlttWpCwMAsVmpCkdX_AWgb7E3LhGsxtofy8UGkrb-Nnyj_nVcPZ2ndoeXx4UDBjUHKo1VSRbIkXHl9EaAQy4VlUAs7OlpQpJnQ_O0r-SWb6QhkYVN6gRFKe_UiKuRJSwIQYGaTmfD8v-ZbIB5xAsVlm1XV94_9V3ztOkszHWVKkMt25JwXi87CfQTLWEJLzYVHWmSgZHCh_FdHmCqhza2-3cjbMSunqbr0x8&vl=-1&ciid=1fn0u5cef7n4vhu46oc_PRE_2_1&cidx=0&sidx=0&rap=1&vidIdx=0&omn=0
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
ba60ca1d8432c2791fcf9404d64b05e892d4d37326942fa3a6d88154ea353287
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Thu, 16 Dec 2021 06:16:50 GMT
content-encoding
gzip
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET
content-type
text/xml
access-control-allow-origin
https://www.dailymotion.com
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
content-length
255
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:50 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:50 GMT
Content-Length
0
8xXkV1WypR-WWfVpl
s2.dmcdn.net/w/ Frame 19C5 		290 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2.dmcdn.net/w/8xXkV1WypR-WWfVpl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.115 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-115.deploy.static.akamaitechnologies.com
Software
DMS/2 /
Resource Hash
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:50 GMT
last-modified
Wed, 15 Dec 2021 19:07:53 GMT
server
DMS/2
content-type
image/png
cache-control
max-age=86400
x-status
Hit from child
server-timing
total;dur=1, dc;desc="ix7"
timing-allow-origin
*
content-length
297214
expires
Fri, 17 Dec 2021 06:16:39 GMT
x7zgqmr
www.dailymotion.com/logger/video/access/ Frame 19C5 		0
224 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dailymotion.com/logger/video/access/x7zgqmr?session_id=&referer=https%3A%2F%2Fwww.aiupnow.com%2F&country=GB&user_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F96.0.4664.93+Safari%2F537.36&channel_id=15&class=official&mode=vod&visitor_embedder=https%3A%2F%2Fwww.aiupnow.com%2F&src_ref=&client_embedder=&video_id=482830803&v1st=DE46E839691BEACDA897E6678768451B&pid=61bad9c736012&visitor_referer=&view_id=1fn0u5cef7n4vhu46oc&traffic_segment=57&bot_risk_score=-1&owner_id=149822367&blog_key=&key=236i02nxxu0oyayfor47b2o&v=61bb03d0&i=59ee8ed4&h=ed74178d239925405e67c43a388c724c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:50 GMT
Server
DMS/1.0.42
Server-Timing
total;dur=1, dc;desc="dc3"
Timing-Allow-Origin
*
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
x7zgqmr
www.dailymotion.com/history/log/user/BruceDayne/video/ Frame 19C5 		0
760 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dailymotion.com/history/log/user/BruceDayne/video/x7zgqmr?action=start&dmV1st=DE46E839691BEACDA897E6678768451B&dmTs=564338
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Thu, 16 Dec 2021 06:16:50 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Content-Type
image/gif
Vary
X-DM-SSL
Cache-Control
no-cache
Server-Timing
total;dur=11, dc;desc="dc3"
Timing-Allow-Origin
*
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Length
0
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:50 GMT
Content-Length
0
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(2)/video/308/038/ Frame 19C5 		118 KB
118 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(2)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
20ff102938aabdeac21d49e224dcac48f788dd7901d5cbe8bb80d33960fca984

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
120884
Expires
Fri, 17 Dec 2021 06:16:51 GMT
dmp.videolist.ee0f9523a25da4ceb702.js
static1.dmcdn.net/playerv5/ Frame 19C5 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.videolist.ee0f9523a25da4ceb702.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
62f2557cbb5c12ab6f5974e6688375f8153f2cf3da0aad2624d327de6a547816

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:51 GMT
content-encoding
gzip
age
2066636
server-timing
total;dur=0, dc;desc="dc3"
content-length
1908
last-modified
Mon, 22 Nov 2021 08:08:40 GMT
server
DMS/1.0.42
etag
"619b5008-13c4"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
5eecda01abb88b3da0c2235904d2ba8b
expires
Wed, 22 Dec 2021 08:12:55 GMT
token
graphql.api.dailymotion.com/oauth/ Frame 19C5 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/oauth/token
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
9dfbd727401ae1023e1481de844dc04741301d75491d89cb87d96da538a5057a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

X-DM-Visitor-Id
DE46E839691BEACDA897E6678768451B
X-DM-PlayerInfo-Version
v-0.0.2668-rc1
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
X-DM-PlayerInfo-Embedder
https://www.aiupnow.com/
X-DM-VisitorInfo-Onsite
0

Response headers

X-Dm-Api-Name
oauth
Date
Thu, 16 Dec 2021 06:16:51 GMT
Content-Encoding
gzip
X-Dm-Api-Version
1
X-Dm-Api-Backend-Response-Time
6
X-Dm-Api-Endpoint
/oauth/token
Content-Length
728
X-Dm-Lb-Name
icscale-01-01
Pragma
no-cache
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.dailymotion.com
Access-Control-Expose-Headers
Date,server,Content-Length
Cache-Control
no-store
Access-Control-Allow-Credentials
true
X-Dm-Api-Edge
dm-dc3
token
graphql.api.dailymotion.com/oauth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/oauth/token
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-DM-VISITOR-ID,X-DM-PLAYERINFO-VERSION,X-DM-VISITORINFO-ONSITE,X-DM-PLAYERINFO-EMBEDDER
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://www.dailymotion.com
Cache-Control
no-store
Content-Length
0
Content-Type
application/octet-stream
Date
Thu, 16 Dec 2021 06:16:51 GMT
Pragma
no-cache
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Dm-Api-Backend-Response-Time
3
X-Dm-Api-Edge
dm-dc3
X-Dm-Api-Endpoint
/oauth/token
X-Dm-Api-Name
oauth
X-Dm-Api-Version
1
X-Dm-Lb-Name
icscale-01-02
4pAo
pdc.dmleonyc.com/ Frame 19C5 		0
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pdc.dmleonyc.com/4pAo?d=1sqgd8oVXoxm9ZsjnGLrhK556VI9dWbfNY3erykiNtI3puRXNsmLMLZyVFwv3_en
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.dailymotion.com
date
Thu, 16 Dec 2021 06:16:52 GMT
access-control-allow-credentials
true
server
nginx/1.19.3
content-length
0
strict-transport-security
max-age=15724800; includeSubDomains
x-dm-lb-name
icscale-01-01.adm.ix7.dailymotion.com
4pAo
pdc.dmleonyc.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pdc.dmleonyc.com/4pAo?d=1sqgd8oVXoxm9ZsjnGLrhK556VI9dWbfNY3erykiNtI3puRXNsmLMLZyVFwv3_en
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.19.3
date
Thu, 16 Dec 2021 06:16:51 GMT
access-control-allow-origin
https://www.dailymotion.com
access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-allow-headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
access-control-max-age
86400
strict-transport-security
max-age=15724800; includeSubDomains
x-dm-lb-name
icscale-01-01.adm.ix7.dailymotion.com
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(3)/video/308/038/ Frame 19C5 		108 KB
108 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(3)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
1b678dbebf39129dc22911bba323b8bd710f334947ec060ca22190f57f45714b

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
110732
Expires
Fri, 17 Dec 2021 06:16:51 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(4)/video/308/038/ Frame 19C5 		108 KB
108 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(4)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
de0ddbb5fd111b29b2e6faf23e25135560cc3a9acbf16c60f8e2f06b49d3998c

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
110168
Expires
Fri, 17 Dec 2021 06:16:51 GMT
dmp.svg_dialog.d1057805d2c5f3d6210e.js
static1.dmcdn.net/playerv5/ Frame 19C5 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.svg_dialog.d1057805d2c5f3d6210e.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
cdc8ad4d5245368ddcf674a4129fb3184a048373e19203b3ab47f7d7676b8986

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:51 GMT
content-encoding
gzip
age
81474
server-timing
total;dur=0, dc;desc="dc3"
content-length
2342
last-modified
Tue, 14 Dec 2021 14:47:43 GMT
server
DMS/1.0.42
etag
"61b8ae8f-1d28"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
334462fa1e00f84a2b45483abe57657d
expires
Fri, 14 Jan 2022 07:38:57 GMT
dmp.dialog.641d6ff8ce9adf151dab.js
static1.dmcdn.net/playerv5/ Frame 19C5 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.dialog.641d6ff8ce9adf151dab.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e8fa42be0d1faca5c512acce6805d2986dc8875b030b952f93ec8233d0a13e13

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 06:16:51 GMT
content-encoding
gzip
age
1873467
server-timing
total;dur=0, dc;desc="dc3"
content-length
6942
last-modified
Wed, 24 Nov 2021 13:48:53 GMT
server
DMS/1.0.42
etag
"619e42c5-6017"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
1b0182d430684f13989ef94e64a530dc
expires
Fri, 24 Dec 2021 13:52:24 GMT
/
pebed.dm-event.net/ Frame 19C5 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
en-GB,en;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Thu, 16 Dec 2021 06:16:51 GMT
Content-Length
0
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(5)/video/308/038/ Frame 19C5 		107 KB
107 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(5)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
2b7e576c2f47081713b193780f22eb673eef065c526d1097a57daa69a314bfb1

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
109228
Expires
Fri, 17 Dec 2021 06:16:51 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5ADC 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=1910.0000&a1=https&f1=layout_html&s1=0&d1=66.0000&i=563830748103&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F215047436056395776%2Findex.html&gqi=xtm6YensHeeA3gOKoq-oBA&qqi=CL7p9OvV5_QCFTjRuwgd2coMwg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(6)/video/308/038/ Frame 19C5 		106 KB
106 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(6)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
59a9c1deb5aecead76c3f1c4a436a779c35d454596c8aaeb2da771218e4cea98

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
108288
Expires
Fri, 17 Dec 2021 06:16:51 GMT
/
graphql.api.dailymotion.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
authorization,content-type,x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://www.dailymotion.com
Access-Control-Expose-Headers
X-DM-API-Backend-Response-Time, X-DM-API-Edge, X-DM-API-Name, X-DM-API-Version, X-DM-API-Endpoint, X-DM-API-GraphQL-HasError, X-DM-To-Cache, X-DM-Log-URL, X-DM-Tracing-URL, X-DM-API-CDN-Name, X-DM-PlayerMetadata-IsCached, authorization,content-type,x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Access-Control-Max-Age
7200
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 16 Dec 2021 06:16:51 GMT
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Dm-Api-Backend-Response-Time
0
X-Dm-Api-Edge
dm-dc3
X-Dm-Api-Endpoint
/
X-Dm-Api-Name
graphql
X-Dm-Api-Version
1
X-Dm-Lb-Name
icscale-01-02
Content-Length
20
/
graphql.api.dailymotion.com/ Frame 19C5 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
a1265bdec186ff6e2f93e9ddb63543efaee3bd139043770ccdfddaed6d9e1c8d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

X-DM-Visitor-Id
DE46E839691BEACDA897E6678768451B
X-DM-PlayerInfo-Version
v-0.0.2668-rc1
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhaWQiOiJmMWEzNjJkMjg4YzFiOTgwOTljNyIsInJvbCI6ImNhbi1tYW5hZ2UtcGFydG5lcnMtcmVwb3J0cyBjYW4tcmVhZC12aWRlby1zdHJlYW1zIGNhbi1zcG9vZi1jb3VudHJ5IGNhbi1hZG9wdC11c2VycyBjYW4tcmVhZC1jbGFpbS1ydWxlcyBjYW4tbWFuYWdlLWNsYWltLXJ1bGVzIGNhbi1tYW5hZ2UtdXNlci1hbmFseXRpY3MgY2FuLXJlYWQtbXktdmlkZW8tc3RyZWFtcyBjYW4tZG93bmxvYWQtbXktdmlkZW9zIGFjdC1hcyBhbGxzY29wZXMgYWNjb3VudC1jcmVhdG9yIGNhbi1yZWFkLWFwcGxpY2F0aW9ucyIsInNjbyI6Im1hbmFnZV9zdWJzY3JpcHRpb25zIG1hbmFnZV92aWRlb3MgdXNlcmluZm8iLCJsdG8iOiJkbUpXVzFoYmRrTkJXaWQ2UWdSZEtXd0liblZRRDF4UmRBeE5PdyIsImFpbiI6MSwiYWRnIjoxLCJpYXQiOjE2Mzk2MzU0MTEsImV4cCI6MTYzOTY3MDk2NCwiZG12IjoiMSIsImF0cCI6ImJyb3dzZXIiLCJhZGEiOiJ3d3cuZGFpbHltb3Rpb24uY29tIiwidmlkIjoiREU0NkU4Mzk2OTFCRUFDREE4OTdFNjY3ODc2ODQ1MUIiLCJmdHMiOjU2NDMzOCwiY2FkIjoyLCJjeHAiOjIsImNhdSI6Miwia2lkIjoiQUY4NDlERDczQTU4NjNDRDdEOTdEMEJBQjA3MjI0M0IifQ.y-mNv8jBFupueehlan2ZyNpZQ4dbi7ntHtOP1jLinQw
X-DM-PlayerInfo-Embedder
https://www.aiupnow.com/
X-DM-VisitorInfo-Onsite
0

Response headers

X-Dm-Api-Name
graphql
Date
Thu, 16 Dec 2021 06:16:51 GMT
Content-Encoding
gzip
Vary
origin
X-Dm-Playermetadata-Iscached
0
X-Dm-Api-Version
1
X-Dm-Api-Graphql-Haserror
0
X-Dm-Api-Endpoint
/
Content-Length
918
X-Dm-Lb-Name
icscale-01-02
X-Dm-Graphql-Engine
Tartiflette
X-Dm-Api-Backend-Response-Time
126
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.dailymotion.com
Access-Control-Expose-Headers
X-DM-API-Backend-Response-Time, X-DM-API-Edge, X-DM-API-Name, X-DM-API-Version, X-DM-API-Endpoint, X-DM-API-GraphQL-HasError, X-DM-To-Cache, X-DM-Log-URL, X-DM-Tracing-URL, X-DM-API-CDN-Name, X-DM-PlayerMetadata-IsCached
Access-Control-Allow-Credentials
true
X-Dm-Api-Edge
dm-dc3
Access-Control-Max-Age
7200
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(7)/video/308/038/ Frame 19C5 		104 KB
104 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(7)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
98e8ff348a4a3d7858b5d7825e0fbdc9e6346233cd30e6fcac7b9971938378fd

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
106596
Expires
Fri, 17 Dec 2021 06:16:51 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(8)/video/308/038/ Frame 19C5 		107 KB
107 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(8)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
407449646f260250b4623d63e8237c4b6e1635c735d8fa41ecba3ee03d792a50

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
109604
Expires
Fri, 17 Dec 2021 06:16:51 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(9)/video/308/038/ Frame 19C5 		105 KB
105 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(9)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
0cc89f9fa2c12c25ba0de83767db81b6536e2415c85e68cdacc82054930eac4f

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
107536
Expires
Fri, 17 Dec 2021 06:16:51 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(10)/video/308/038/ Frame 19C5 		109 KB
109 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(10)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
2a83c91f3c71c2f65a5ed035360d4062030a7fe3ef6817abe5bf7f23eafd54eb

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
111672
Expires
Fri, 17 Dec 2021 06:16:51 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(11)/video/308/038/ Frame 19C5 		99 KB
99 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(11)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
a3e78f43f3867e634d57fb2a68a8ebeaedc456f580cec6148abd4efd794d3dcb

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:51 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
101520
Expires
Fri, 17 Dec 2021 06:16:51 GMT
53791720
mc.yandex.ru/watch/ 		43 B
145 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/53791720?page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=nb%3A1%3Acl%3A235%3Aar%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfpgygy63o3j%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A1%3Als%3A13840100265%3Ahid%3A396170086%3Az%3A0%3Ai%3A20211216061653%3Aet%3A1639635414%3Ac%3A1%3Arn%3A690903723%3Arqn%3A2%3Au%3A16396353991036985383%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Aeu%3A1%3Ans%3A1639635397039%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C6022%2C6022%2C19%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C6022%2C6022%2C19%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639635414&t=gdpr(14)aw(1)lt(55200)ti(0)&force-urlencoded=1
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 06:16:53 GMT
last-modified
Thu, 16-Dec-2021 06:16:53 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 16-Dec-2021 06:16:53 GMT
db9141e72b
bam-cell.nr-data.net/events/1/ Frame 787A 		0
0
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(12)/video/308/038/ Frame 19C5 		105 KB
106 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(12)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
c742fa56a72ecfd253b893cf555296cfec401d50a35420b3befd51f3818f0e68

Request headers

Accept-Language
en-GB,en;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 06:16:54 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
107912
Expires
Fri, 17 Dec 2021 06:16:54 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.dailymotion.com
URL
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Domain
www.facebook.com
URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Domain
open.spotify.com
URL
https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Domain
snd.click
URL
https://snd.click/mjI0tjt?embed=1
Domain
bam-cell.nr-data.net
URL
https://bam-cell.nr-data.net/events/1/db9141e72b?a=184865423&v=1212.e95d35c&to=ZAMANRNYWxZYAUxeXF1JIwIVUFoLFiNIR297EhYRPXpaC00QV1tfVhQRPTJcUyZWDExFXF8KBxMhSUcKWgdLRA%3D%3D&rst=15540&ck=1&ref=https://snd.click/mjI0tjt

Verdicts & Comments Add Verdict or Comment

206 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| _mNHandle string| medianet_versionId function| fbq function| _fbq object| webpackChunkpublisher_sdk function| Shareaholic string| GoogleAnalyticsObject function| ga function| $ function| jQuery function| loadCSS object| adsbygoogle number| perPage object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_persistent_state_async boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map string| google_user_agent_client_hint string| disqus_shortname number| infolinks_pid number| infolinks_wsid object| $iceboot object| INFOLINKS object| gapi object| ___jsl object| creditsyear function| ym string| no_image object| month_format string| more_text string| comments_text string| pagenav_prev string| pagenav_next string| POSTPAGER_OLDER string| POSTPAGER_NEWER string| s string| o string| u function| selectnav object| jQuery111009923631939546902 undefined| jQuery111009923631939546902_1639635398064 undefined| jQuery111009923631939546902_1639635398066 undefined| jQuery111009923631939546902_1639635398068 undefined| jQuery111009923631939546902_1639635398070 undefined| jQuery111009923631939546902_1639635398072 object| FB function| _typeof object| $ice object| $infolinks boolean| publisherConfigLoaded function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt function| __gjsload__ object| cookieChoices number| level number| offset undefined| jQuery111009923631939546902_1639635398074 undefined| jQuery111009923631939546902_1639635398076 function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages function| disqus_config object| DISQUS function| disqus_recommendations_config object| _mN object| _mNSrv function| setup string| _mN_Idf undefined| _mN_ctr string| _mN_ctrM object| mnjs object| hbCMBidxc object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE object| osapi object| gadgets object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ number| $iceId function| vglnk object| Ya object| yaCounter53791720 function| JSONP_9494 function| JSONP_3733 object| VK function| JSONP_5547 object| DISQUS_RECOMMENDATIONS object| help object| hgb object| userfeedback object| google_image_requests boolean| __v5k function| vl_cB function| vl_disable function| vglnk_16396353989736 undefined| vglnk_16396353989737 object| bubble object| skins function| __shareaholicAdsBannerLoaded undefined| vglnk_16396353992779 object| googletag number| widthCompare object| google_llp object| GoogleGcLKhOms

74 Cookies

Domain/Path Name / Value
.googleusercontent.com/docs/securesc/c0jljo546ovcmhi60v630u11lj634ct8 Name: AUTH_qdmi9efeoehtknu3p24e0i7gtkokn87f
Value: 06222150506394430363Z|1639635375000|lam7cr1i4hti1mpale9asnda053vg4de
www.aiupnow.com/2021/12 Name: logglytrackingsession
Value: ec264bbb-03a5-4cdd-b7ba-0f0b2f0de73c
.google.com/ Name: NID
Value: 511=PjWOOpd6KlKh2065NH_ftg_4uHaZDd3YOqfccAGA1bclA-HPHmKkX_oQXEq-N2pQa8SK_11kMSipgwNHDXS_xJcpCSKTRp37Wmi_bRfN7HKQOnZCibG7L4gkeudb5hTlJFF3BnpUqY2Ce1OZBm9nGbpiMKZqaCFROpAeM75cVZg
.aiupnow.com/ Name: _ga
Value: GA1.2.1143674651.1639635398
.aiupnow.com/ Name: _gid
Value: GA1.2.500541169.1639635398
.aiupnow.com/ Name: _gat_blogger
Value: 1
.infolinks.com/ Name: cuid
Value: 26078be3-b1ed-469f-99e8-c8af9b709a0a
.spotify.com/ Name: sp_t
Value: 567e1f3a796f8be12faf5478f6cfe41a
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Ffollow%2F1
.youtube.com/ Name: YSC
Value: Wmwl1U8ZM64
.aiupnow.com/ Name: _fbp
Value: fb.1.1639635398548.669525801
www.aiupnow.com/ Name: cookie_consent
Value: seen
.facebook.com/ Name: fr
Value: 0hl2TCvsuegN8lHet..BhutnG...1.0.BhutnG.
.dailymotion.com/ Name: v1st
Value: DE46E839691BEACDA897E6678768451B
.dailymotion.com/ Name: dmvk
Value: 61bad9c66fe48
.dailymotion.com/ Name: ts
Value: 564338
.aiupnow.com/ Name: _ym_uid
Value: 16396353991036985383
.aiupnow.com/ Name: _ym_d
Value: 1639635399
.aiupnow.com/ Name: __gads
Value: ID=228acd49a76a6a56-22df70ee07cd0000:T=1639635398:RT=1639635398:S=ALNI_MbqjLlsV5b80LmOqP5AlXg5AbIF3w
.yandex.ru/ Name: yandexuid
Value: 7507159571639635398
.yandex.ru/ Name: yuidss
Value: 7507159571639635398
mc.yandex.ru/ Name: yabs-sid
Value: 2099448411639635398
.yandex.ru/ Name: i
Value: 8htVVPAKZxT+4g3ix0SfNblLyyNuQM6mLR0rp5pU/5ggS3PIaeIsIKcPZEvx2PGaE1ffFNl18Xwi2TqqPKOAxBomhtQ=
.yandex.ru/ Name: ymex
Value: 1671171398.yrts.1639635398#1671171398.yrtsi.1639635398
.adnxs.com/ Name: uuid2
Value: 2474772255915933107
.advertising.com/ Name: APID
Value: UPbaa48959-5e37-11ec-a355-06323c827ac4
.yahoo.com/ Name: A3
Value: d=AQABBMbZumECENADAoZu4msb4InMCr5OBD8FEgEBAQErvGHEYQAAAAAA_eMAAA&S=AQAAAnLp3Sn8cOs9euWCCV1oh_M
.casalemedia.com/ Name: CMID
Value: YbrZxqPeBnkhKBrHhDzkgQAA
.casalemedia.com/ Name: CMPS
Value: 697
.aiupnow.com/ Name: _ym_isad
Value: 2
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.pubmatic.com/ Name: SyncRTB3
Value: 1640822400%3A220
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 0840FBD7-3FE4-406E-8991-93E6855C9219
.casalemedia.com/ Name: CMPRO
Value: 658
.casalemedia.com/ Name: CMST
Value: YbrZx2G62ccA
.aiupnow.com/ Name: _ym_visorc
Value: w
.analytics.yahoo.com/ Name: IDSYNC
Value: "192u~2246:18xp~2246"
.yahoo.com/ Name: APID
Value: UPbaa48959-5e37-11ec-a355-06323c827ac4
.yahoo.com/ Name: APIDTS
Value: 1639635399
.adsrvr.org/ Name: TDID
Value: 76eaaba9-a022-46ce-a4b9-adce9b50399f
.vk.com/ Name: remixlang
Value: 3
.lijit.com/ Name: ljt_reader
Value: 43bb7d2911283285c3fdde80
.infolinks.com/ Name: ANUSERCOOKIE
Value: 2474772255915933107
.infolinks.com/ Name: VRUSERCOOKIE
Value: y-ZpUSiAxE2uGn4b0jUWPjcPkeXZcrfY1hAJH3GMo-~A
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwjQyd-gy5mgOhAFOAE.
.cpx.to/ Name: cpSess
Value: 78c63066b40cd565
.cpx.to/ Name: dsp_app_nexus
Value: 2474772255915933107#1639635399190
.doubleclick.net/ Name: IDE
Value: AHWqTUkEri1DZP7qjY-MS3nd7jHsBnUiGYLQC1cG61hp2opRp94HAaf-v-bm4JkEGfc
.infolinks.com/ Name: OUTHUSERCOOKIE
Value: y-ssIrZh5E2uEaqQ1L2Xor1xsFeIt19O7O~A~UPbaa48959-5e37-11ec-a355-06323c827ac4
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003%22%7D
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0MjE2MjI2MjAztjQF8kwNhPgMdR29dKsMI71zUysrwgDo4egOJQAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFslzmtoZmxpZmxqbGlpbGQJAANcUKQQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0MjE2MjI2MjAztjQF8kwNhPgMdR29dKsMI71zUysrwqR4DYFyZsamxpaWxkYWANZ9euc0AAAA
.infolinks.com/ Name: IXUSERCOOKIE
Value: YbrZxqPeBnkhKBrHhDzkgQAA&658
.pubmatic.com/ Name: PUBMDCID
Value: 3
.w55c.net/ Name: wfivefivec
Value: dlE3Hli01MXK4f5
.pubmatic.com/ Name: pi
Value: 60809:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.infolinks.com/ Name: SOVRNUSERCOOKIE
Value: 43bb7d2911283285c3fdde80
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003%22%7D
.infolinks.com/ Name: ZTUSERCOOKIE
Value: 5124322320639551250
.w55c.net/ Name: matchcasale
Value: 5
.dailymotion.com/ Name: usprivacy
Value: 1---
.infolinks.com/ Name: R1USERCOOKIE
Value: RX-2436b0f3-c83d-4c8b-aec3-cf4ec1f8e04d-003
.casalemedia.com/ Name: CMRUM3
Value: 2f61bad9c72760dlE3Hli01MXK4f5&2d61bad9c72760CAESEO-cTEPEzSCoiW_4Q0hnstU&e661bad9c72760&2761bad9c70b40&4161bad9c705a0&4961bad9c705a0&f161bad9c705a0&3361bad9c705a0
.infolinks.com/ Name: KADUSERCOOKIE
Value: 0840FBD7-3FE4-406E-8991-93E6855C9219~1639635486330
.doubleclick.net/ Name: DSID
Value: NO_DATA
.aiupnow.com/ Name: fc
Value: %7B%22NDI0fjY0MDA2NV82NDAwNjc%22%3A%221%3A1639635400492%22%7D
.aiupnow.com/ Name: pv
Value: %7B%22a%22%3A%221%3A1639635400493%22%7D
.infolinks.com/ Name: tv
Value: |NDI0fjY0MDA2NV82NDAwNjc~1
disqus.com/ Name: __jid
Value: 8tn8a0539vrt79
.disqus.com/ Name: disqus_unique
Value: 8tn8a992o8b19j
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 0ho8ipoePtQ
.nr-data.net/ Name: JSESSIONID
Value: 5c592c3e9e9505e

231 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~r/wmexperts/~4/XMvfuvRqk3g'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~r/wmexperts/~4/tkpYeuiT0cA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914(Line 152)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914(Line 152)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914(Line 152)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0(Line 397)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0(Line 397)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0(Line 397)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
worker info URL: blob:https://www.dailymotion.com/d016ac5c-8ae5-45b1-92f8-54efeb74ea02
Message:
[log] > manifest codec:mp4a.40.5,ADTS data:type:2,sampleingIndex:7[22050Hz],channelConfig:2
worker info URL: blob:https://www.dailymotion.com/d016ac5c-8ae5-45b1-92f8-54efeb74ea02
Message:
[log] > parsed codec:mp4a.40.5,rate:22050,nb channel:2
worker info URL: blob:https://www.dailymotion.com/d016ac5c-8ae5-45b1-92f8-54efeb74ea02
Message:
[log] > audio sampling rate : 22050
javascript warning URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Message:
The resource https://imasdk.googleapis.com/js/sdkloader/ima3.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network error URL: https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
network error URL: https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
3.bp.blogspot.com
4.bp.blogspot.com
a.disquscdn.com
accounts.google.com
adservice.google.co.uk
adservice.google.com
ajax.googleapis.com
analytics.shareaholic.com
ap.lijit.com
api.bufferapp.com
api.pinterest.com
api.tumblr.com
api.viglink.com
apis.google.com
b1sync.zemanta.com
bam-cell.nr-data.net
blogs.windows.com
c.disquscdn.com
casale-match.dotomi.com
cdn.iubenda.com
cdn.shareaholic.net
cdn.viglink.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
connect.ok.ru
contextual.media.net
d2908q01vomqb2.cloudfront.net
de.tynt.com
disqus.com
dmxleo.dailymotion.com
doc-14-1o-docs.googleusercontent.com
docs.google.com
drive.google.com
dsp.adkernel.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
feeds.feedburner.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graphql.api.dailymotion.com
i.scdn.co
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
img.youtube.com
is5-ssl.mzstatic.com
js-agent.newrelic.com
js-cdn.music.apple.com
m9m6e2w5.stackpathcdn.com
match.adsrvr.org
match.bnmla.com
maxcdn.bootstrapcdn.com
mc.yandex.ru
media-mbst-pub-ue1.s3.amazonaws.com
node228.impressionssl.adshop.infolinks.com
o.aolcdn.com
o22381.ingest.sentry.io
onetag-sys.com
open.scdn.co
open.spotify.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.shareaholic.com
passport.mobilenations.com
pdc.dmleonyc.com
pebed.dm-event.net
pixel.advertising.com
pm.w55c.net
pr-bh.ybp.yahoo.com
proxy-019.dc3.dailymotion.com
recs.shareaholic.com
referrer.disqus.com
resources.blogblog.com
resources.infolinks.com
router.infolinks.com
rt3009.infolinks.com
s.amazon-adsystem.com
s.cpx.to
s.yimg.com
s0.2mdn.net
s2.dmcdn.net
sigma2.disqus.com
snd.click
speedtest.dailymotion.com
ssc-cms.33across.com
ssl.gstatic.com
ssum-sec.casalemedia.com
static.doubleclick.net
static1.dmcdn.net
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
use.fontawesome.com
vendorlist.dmcdn.net
vk.com
www.aiupnow.com
www.blogger.com
www.dailymotion.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.reddit.com
www.saastr.com
www.shareaholic.net
www.windowscentral.com
www.youtube.com
www.yummly.com
x.bidswitch.net
youtube.com
yt3.ggpht.com
bam-cell.nr-data.net
open.spotify.com
snd.click
www.dailymotion.com
www.facebook.com
104.111.214.240
104.16.138.31
107.20.147.136
141.193.213.20
142.250.185.194
142.250.185.66
143.204.101.204
151.101.0.84
151.101.128.134
151.101.129.140
151.101.194.137
151.139.128.11
162.247.243.147
172.66.41.9
172.66.42.247
174.137.133.49
178.162.133.149
178.79.242.16
18.156.0.31
18.194.149.16
184.73.100.94
185.33.221.87
185.64.189.110
185.64.190.79
188.65.124.38
188.65.124.59
188.65.124.90
188.65.124.91
188.65.126.236
192.0.77.40
193.0.160.129
198.47.127.20
199.212.255.245
199.232.192.134
199.232.194.49
199.232.196.134
2.16.186.115
2.18.234.21
2.18.235.93
209.54.180.3
213.19.147.45
216.52.2.39
217.20.147.3
2600:1901:1:c36::
2600:9000:2156:0:6:8656:f5c0:93a1
2606:2800:233:af6:eab:2108:1892:6d8
2606:4700:3035::6815:1ac5
2606:4700:3037::6815:4e07
2606:4700::6810:135e
2606:4700::6810:a10d
2606:4700::6812:1b47
2606:4700::6812:4c34
2606:4700::6812:bc37
2606:4700::6812:bcf
2a00:1288:80:800::7000
2a00:1450:4001:801::2003
2a00:1450:4001:801::200a
2a00:1450:4001:802::2009
2a00:1450:4001:802::200e
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2008
2a00:1450:4001:80e::200d
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::2006
2a00:1450:4001:812::200e
2a00:1450:4001:812::2013
2a00:1450:4001:827::200a
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2006
2a02:26f0:6c00:299::1fcf
2a02:26f0:6c00:2ad::2a1
2a02:6b8::1:119
2a02:fa8:8806:13::1400
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f107:83:face:b00c:0:25de
2a04:4e42:62::760
2a05:d018:d29:3602:76e9:6e08:1a45:971c
3.120.70.243
3.124.200.54
3.33.220.150
34.120.195.249
34.204.113.242
34.231.31.218
34.243.64.153
34.73.247.27
34.98.64.218
38.27.122.158
51.75.86.98
52.19.63.112
52.217.169.81
64.202.112.159
67.202.105.21
67.202.105.33
87.240.190.67
00bd2bb1b8188c634c6181687ecb0c5c708941277c19332687ebcd4dbf0f3bf0
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
01cc0d5bdf0efbb377c7223a65d5d5cabcd1f12afffc3f243b8d77f10861d74c
02f1a982fff273502b329ba242f856f115b2e51273ffc4476bee77f5172680d4
0365e3f4d308d0beec787524d9a2f686351e1011555515526ddfaf34176d0514
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
03de68cb1fdd007abd024234102ebef9781fbea17813281d3a5717d25870762c
04e9804c14c35b04a24d8ef3fed241423d2b533d0b96c1253bacf8d0008e24aa
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
07820f0ee3e5c253462bade268025f7712fdf14c0821fdaeb25040791fca9e4d
078a1d8d47b0189af4d40f3b7732b9e622a971c94cd6d0d111eeecf215d4c269
08a0a69cc7b20ebc145be0de33415376df6b98011bde781c6bef07ce39564b33
09dec90213d3b1f9af1a0133e35843f22241aafe04b0d2a1983b69116abfddc1
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361
0bcd5919bf34c7672ee85e44fd8c6a695a7ffbdd2126f4e54caecca5ca6996eb
0cc89f9fa2c12c25ba0de83767db81b6536e2415c85e68cdacc82054930eac4f
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
0d4257a3952d7042f95c20a409c2ac8675f4d9b199db3a296de2b6759b77d33e
0dbe03e13c5631178bcea784e0cd37fa982549be1183567da94dc618adf212c0
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ff2df2ef4e19d34978c7767adf55210307603d2ece3f7ffdef9231b1c6e6c4d
1037f1e0d1ae470df705a7179a41aa2c969aec5ff56771a7438edc74fc46a9f5
10a64ebb8661643d154d9ff6466282a8b80d1faac7b93ed08a609e1d182bbe68
10ae4d64b0c71483f2e7214da1da2b2f86279ad766492a028146d6e0623e230c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
120dd585aad17ae7b2f98d532ac5f78acfb20cbc808b5458cdea9ee95d6da139
146903f49c6386085c27bbae3a5c48b2cfa6b3c721d28f3cde78adc2076d1d74
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
159a5e40aad7f035e0dc92dfcc0cc958932ee7682cf3423503929fe43830d227
15deff9370413d6149ee7589473572070e0888af508b013e5eb6450a1734cc55
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
17710b0cbda106bd59c9bb320d152a06bba83cfed9e8a171b4e63f48adfc0a09
17aef8a456df6793c7f80c3241dacb0e31b5e194045a6e9262c6480c000242a0
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a4b9bfd2a0be81f6772b5f835dd9a395216ef6c9526414a75e46d7933f280f3
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b678dbebf39129dc22911bba323b8bd710f334947ec060ca22190f57f45714b
1cd2c555372530d0e0be664ca29569c07dc012088bdfb16463611bb88301d1e3
1cdd65912fdefed8dfed152d5aa2e0909952ef6d0ce163a543f1e90ebdb18ceb
207988d6ceb0915644622340d434fcf1c5830d0ebe44cb40a97af4b56205ac38
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb
20ff102938aabdeac21d49e224dcac48f788dd7901d5cbe8bb80d33960fca984
218558585458a13a0561c9747e86fc90db372981a72ba884d87af47e8b3ce13c
21c3979547c7a7283f7ff462e0d8db01d8b648b7ca66a5fe5693d73b1133c502
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c
22908da9abc1662fdb453bff43b2533c10e76c711d7e457dd50f440639d83c29
22a6b5ca081c7e993a6de605757cb5da85573221300021627663e89fb6950b18
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
249e0a6820514d94f797d39b2c6155c7465c870e8aa8228686b60b784a1b761f
24a8bd06751890737b6d157deecd20daba65d21ffffb22c70a4a6b3df6084462
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
277d726476e7c16cad5cd08c58124b98ddc63c8d8b0a1d7dba42cd03c767e7b0
287a9e7feb492441a1f9f99bbf1b00a2ff11de8b3c8cd7af352710f492e5f71a
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f
2a5aa8749b707f73090c7fc4938f6452803ccfe09c30ff8ff5adbd6735b799e6
2a83c91f3c71c2f65a5ed035360d4062030a7fe3ef6817abe5bf7f23eafd54eb
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b7e576c2f47081713b193780f22eb673eef065c526d1097a57daa69a314bfb1
2baf0db4101196df611d843d4741b65c2ebde9d4d458196ab9fb71039d8ccec7
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d387f8955e673b6b83572bdd758e2b0be9da640de3fc2d83c2cb96dbf4c4037
2d5cf55fc7fb9816c5b7543e469706d77fdfa681df626c471e44b08fbf0cb9fb
2e7f3c240acb42e9492f1136bd92e06cbc91da17800b9f91ef44bd6e25acbd3c
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
3077cb5e37d8dc041b829c7f823616f6433006e6cc7aa94e2e44692b20c2c720
311d0ae54122e562c9d7209237279a234746e4bc9bc08c8fa698fd7a84d79a1c
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
32c8ec967ccde3b64e5317b356d5ca6ac6a0b39ba32f6de2f8c3b1a4e38c2574
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33fb4f945a35b6ccaf4d19c0e6d1d8ad39736c430884b7090fc0f965d3f748ad
34fa06f4b9082afd593822ef7a15e41e2df8c335d9e696ec864c061cdabe483b
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39b61bb2c44b3429206f042c0e70a94c6d592f45fae36b786c66a7920c44ce5a
39ffb5a9e67544a56b3ec4b1b8060a8c9a7cd29b750e624394a37f414cdf630b
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
3f8cc7f538737fe8ccad69519bba518c156bf2e49cb7de925385cc359ca6c69c
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
3fb7e9599446e2f4785fb37ad8b123b6275a5f88993db9681a1862ad95d5fc86
407449646f260250b4623d63e8237c4b6e1635c735d8fa41ecba3ee03d792a50
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4476c31489084f057d971484ea8337d294bdce33db840a204e800da4e37ebe1d
44b4caba83d4c4cdd6bdf515ca1d9763e5ba87884ca3df12c379b04dd1d3f1f8
4512240dca2a59d6f18502229269f36846e194a33015ca8ca1a93a3535fb333b
474766eea123bf4e329e67866d3656d1998ba48b118b951f324f61452cf6ad34
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49de1b93c5df859944a241ed5328040a31aaf63a22caf2f64975f3d9bb362617
4bd97569f19339108d50e204a239bf8a3659823bc4a4c6011cc6a686ad5e4922
4c0f1cce1d9f37c25fa9ee1e57c0f4308de2835d5083048c959b13b2cde60ef9
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7a4de80dbec3e143eea735672c7a5aff8303e551c431f479f7e9f8b6c20b78
4e8ef9b72300257edaf73d48208dd42f829088b83670522b90debcbc739fc819
4e9c61cb3ab5d2bcfbf8ebddad7f6c531ea3621fc5ab2adfe61a51f479fc3b69
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
50f875818c12b4bac50d2ac2bb80e0edab07d6172d77641c305daf077f2c34ad
51dc201352664df8a472d290e8da5387964769924e98c6989726b8c391b3b8b0
5257f6397ef05fa34f2658be967345dac7937800cdf382bd8635e31384296191
538644c8d03a34a5f5842ab02d4f32e975b50607bbf7bb3528da122eb0d912b8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55fe82818b43523a014e2f98669e78ad0f672a8446fe7b2f6354c2051ad56947
57ba6876ec4261bdfff3dab8d5dd806264e6d53721cb917647963dfa07e8dd34
591161f686ad308c90a8cc534b0861fd96ef8cb088d2cea60e6d6f8ca73ae458
59a9c1deb5aecead76c3f1c4a436a779c35d454596c8aaeb2da771218e4cea98
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cf34d605f353037a0ab53e0d1abfe48d1c54263e5e763c23366e77d45960bfa
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
5fee9bee5192b952739299570f6f1d5880895edb6e518c14850651083c242fef
60038013e5f77d09d6e56cda263b8c76259c5b8578ee43e70c4ff5623fef857f
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f2557cbb5c12ab6f5974e6688375f8153f2cf3da0aad2624d327de6a547816
635ac3ba0c0db271dfb39b0e2df6037f242edac8d26cb7c6ab7cc8e6775eab1c
638b07dda0f438a7f4c609bd114bedcc9c15b100133b8b8ebffc7fb85197bcb3
654fbcbda47c2aa67f212492935f5f7ac35cb0a0ce269ac8ba0ee283c4afb691
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f
67042b35a4c83e7d770bc7273e2a1d4f867911f1571807e65c5a2f94e3773f9e
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500
690e2c2fc087cba6dcf864ee61e6c566049979c4f5da31b6ec63b8e7ce3ad05a
6991b0dfb02f46e2bb00808bd3eaaf97cfb4caa209a24ceb5a5c3482b091d6ff
6a484ab3ab55740d1b51dab8f319f0778053dc10f6cff128f5f76e76625cc5e5
6bea5291b22c014830cc4840c679f5d70518c716e34feba3edef9f5792e37db8
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
6e6221f8603843e33aea69f1eff610fc753d5689ce75d5324f27144a10cb475f
6f0ddfab71df0dd2b6b3dbd61f8cc7abcf266187d86e135df0a545a8071af409
6fcd9dea2794290acd1f2e793fcfef9232545fff93270744e79e30d9de0e0e61
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
70d75a0c59e0e1d2bc3a34351eff20d5826e419847a0c1f9312bfc09a02e9a1d
72a24849a385cc8c2e75bcd6a6cd2530d7d867ee28ae27aa89cd5b48f7403e8f
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e
752412e549c655c81176207d6a70c7d5c1395034d9c80a49f968beed189bf625
754364afcadb8b459f52deecd98837f91aba0e49aba84fad5b96fd6bacb92144
755026a08524e613a9b91a5d75c46317a6317743dc0eb1aef4680e1396fa9bdf
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7ad3ff657f32032ef8efa653730c135bd6aab764db571b1de66d295ec10c81ac
7ce1ea3b23523090abc2d5b16bf6cf2d940039ca4f754dc7719af34b4185cb7a
7d4767763ce995c13decef23ba129277c5a6e2682ecb104c8e06d2ca0af00137
7d5be5af6446385ffce8ddc940fe35f941412d8c69696a175f2c97ccb2b7798e
7ec2fc40578b5d3c7c8ac12187d460fbde0d2775e48091c1363e4fac43f99a0b
7f4b2fd6898761ef0e73aaf27d4b1ef8d067d4e38bcecc4d3af51fedfa399ced
81378bffc819362ba4204facf328c565b8a963ab4b5c292c835d945e63713003
8306b110649100e1a82a22573136f9208f5ceb738bb508a7d2fbad3b66bed7aa
830966159f5de04c698b991860de7d3ad1056825d1f6f0552526da6d0900b4c3
84077212eff3a118119952d95dfdd412f3a97e1c779d3881ce6c3402fbfc96b8
8559b7e5e86976ac2b43d84dca46f5710852e2e1c50d5fdce5fd532efcb2154e
86bd843e845b3814a6cb1438975575e4b8dcd68f9c2ca1a420c649b2d8db6f3b
871f64d89795838c773a27fb668e45b3e494fb3c24758cfcca6934f305f0db72
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
8810175440dc6192ce2f7f404a2c8442fc1f1b0c5e6d5f03579ad1c7eea48da6
884bab512acc3235af224271f85a9030fd7461211c697519808bcb7702c1a091
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89b0e94617f528936f86951d28f96aac27b7a24c1166688a29129281fa7b7b91
8a45304faa7819fc819fde8dc964341eed7b246b78ace3586b151e2be2c2a9ed
8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e
8b61fb2893b73c586d2845e65490400034813f611dce6503606c9408b8404fe0
8b82f883c1cd11ad9b0f4cd6cea48c70c84a84f41c57ee6e637417ef78182f50
8bec9c490503ced6d8e92080693b1cea51de26bc67b758394b4638f2f1a03cd8
8ca0c44926e7904b379b0abae96e5def8ad7c140d7c68d0ede2f2148e1ad5745
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dcb8e128bd3aa982b2fe3a53685a5a6fe9ad4f6ec590611052b74813631e5f4
8e6f5085d26154df7059db5629f5db6132d63fbfdb1520a98ef6115ebb08574b
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9
91c71e452935a05cae764c9e9ce251a5d4088d23a4f764988f0aed6f19b6908c
9222037993e442ba70d3b56378f359c8c37b8e2cadfb301735de27bd0ea24635
9245e24051590798719955aeb2a4d749974644490c27a7141e142f8f203cb246
92492a41ed7dbc02f64b8f399adef0bc87063f9011ea0dcf397d19a8d484bfa7
92a52c85d6e732cc7b34a65f9317ef052b15c2f2b58c9fc7f0ef939c7e3ba248
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
9379a60c9161c83f5075dec933369e78b3be0d8c3b7827ceda7d7a038ee62ce9
93a8cc54b517a35c22648e5a2b1694dac62247ad174386f1791d1c4d0c6edd8c
956c937c18e92293c7ef920d33914118c5c3b5930f608c9f59b76367d9c409d9
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a
964e46ffb1cb7b086176196d02b695bacd525fe9ccb27d7f59d378139c72c6d6
96a96229c6397e7b5b44811bee268f7f6dfcfdd2703efdba8e348f311d0fa6db
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
98e8ff348a4a3d7858b5d7825e0fbdc9e6346233cd30e6fcac7b9971938378fd
9904ccc112b0cbf11bac902cb4c91ce4af8398396917bc1d3d8dd5d355ace176
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424
9bf3586f658525a33339636e3673dcd20db704f7dc4a8399ebaba807e1a6425a
9cc42edd3434423ba5ed7bab4141062c32ca45432ee495b4db48399fcf625a56
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710
9dfbd727401ae1023e1481de844dc04741301d75491d89cb87d96da538a5057a
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
a02e6d132289d6c2c5acd7ffc6857f810f34b143c66720cea44d9a90f4cd21c9
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1265bdec186ff6e2f93e9ddb63543efaee3bd139043770ccdfddaed6d9e1c8d
a1801957e205fedeb5ad3143a9a15114323490bf7babf1444e4695dff08d16be
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1d91ae72925e0ed23501502a4152657a2252df43a9071e61fdfc8a46272cc96
a29d510cc6827794383ee2d8aaa0ff664aec760c9bfb99bf5c179c41c97aac48
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a2b9c28205959e1323e482a8ebab65490ba2200da1665b75004947fbc4e18672
a2c0acdd5bc625dde811cbe3d364688921eef737a6663a070cef6995a4fdb84b
a3e78f43f3867e634d57fb2a68a8ebeaedc456f580cec6148abd4efd794d3dcb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a6baee973ea81a9215152cdfba5cd63f80ff4913fe33c916f6e6fb42a6b12e9c
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e
a924247a34d2261adba0ab013836e8f7bc8df1f5414459c906d5c2a0448232a4
a97e731cbb8c8f2fd76edc5ff46950f4548da821813db1770d62cbd710cd168a
a9ea70e468a1ea49c3e1fe1d7181aeeb1f66d6d9af315a8fb19525e1a989b2fb
aa3e45b119196aef98db5cc4180fbadbe4127094d0acb14fe825711bff64ec6b
ab05b367f46df440a8aa3405388726debd4b483abde9f9d0dda311a12ce41bb2
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac45e4c266a4fb5e7d49b00f4b3b9c53b70ccb5754d3a6d5cfc338ca3b98bd84
ac56d1b1b22c128f9d0743f4670ad1248a51697da5c2ecde14e6c8e9a662256a
ac58756be8a08b00efa89ae967645beadb91d7a724c5217e4c847be2f06d4034
ac978cb44cb684b3b4d68c67826683b37e5ada690aa4e031c4c505921331756e
ad1105158e1427450c46a0102818ac33a94e9152c2a2e1a4f7876057da9ab048
ad671f60b455b1a6641cd531081ae4708cdfbde540efc21fd251deb617c40cd2
afec0c8624bf56edfff72e4f496a1a8d9339be03ccd85eb2397994da127df88e
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16ee208e163e440832f7c31333c523ec8d0635bb1b2d332d733c1feb73dbf97
b17de2bb097917f12756ebb689a9cdcdf47a46ca5df26ea2b27b6620452ea6a7
b1dfa2a8da20548fee650f32f03b13149c5c6a68ed7efc0e60cfde82dc92cd19
b1fc6b300942d8a4130ee178e5aedc2fb8759c1c49715e99cfceb22301cacc63
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2534d2e7e46f99247fb8da7142946eeb60dc696d63681d66fd6f215a3fc8756
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b307cbb70ca418ad5378ec8eedf2e876c1659d179890a8d40372a761578bb5ca
b32688c6a904698b92220c7a34832402acdd326ff715643c9dc7022249f7c256
b4700758182849390e83510cfa4d6ac01e49183ad810851b099d55fb0b93eec1
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b58937d9caf0695d97edc06070a8c2deea94626b7ac5dfbe77b33ed36804ad49
b71079af3ec36279d0386b3b1498fa09d315d859221fa026027c4175ca3c7f0f
b7fbd43d6a71c8bddad3eeeb139c57a9db40de0180b47c78aee87e25342100a4
b8bb346898f5a5a3b128454695814dbdc26273a8f07f860fef151408e7344657
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
ba60ca1d8432c2791fcf9404d64b05e892d4d37326942fa3a6d88154ea353287
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bd05c4e7898527514e35ce29e5144acce25e1d96073573f57d841a79a8df42c7
bd1d46e090dd11a9123e403410ad1b3354ed4c0906c92a13ae0a0daf85a91421
bd27265365870814b531d27242813f9df904229b004d7e6f6e1512a68d29f8f4
be43a684a99f6071923acef248515dadee8bf4db7cc059aed54dda51b6d3dd44
bef5318f625cf3dad8e4db35a1eb5a8548dae2317569c5aa4647e8a198cdd60a
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642
bf459edbca835630ab04fe10ab0ea320af9c2a02a28354fac1dd2dacb5b48155
c065b1be26a26b657d9c95a2314d6da2316d981f6139e795a1a14685f8fd292b
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe
c1ccf769f3f6c5a9626ee6f2699b67018a6aa438cda8d628492575b1bf4d3641
c1dd3ae27cd0cf43059c6571c71a67429c3071d2fba84eba2d62809aa38ba3d8
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c2ca691fb99db5d425f30e3a6ef5a2f9c6d44045902ab8092d0f2ddac2d8e1ab
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c54745b0cbf62e61ae51457f61995fdb04a4ac6c9ea5a371a3ba28148b74a917
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c64d5de3007f6cf4df15b2b4ff8d0e566c48d69c34ae9a5d4105b85ef83c564e
c742fa56a72ecfd253b893cf555296cfec401d50a35420b3befd51f3818f0e68
c811b52b159c35e96af4b1f0b999753162f21933e5e520e288de72dbd5a2018a
c8520c4df0969be1603059e7639e03decb805f23feb63736ba40f00365156caa
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
c90b7e832a212a6390a5ec8c2c1161bda9375fb414ad87bfea2e282d2284be79
c9dbf391eb49cc7fb60b02931b2d3595eaf3c065b716778f0be58306dd7cbde1
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
cb060519450cc4982f29f8a767e47c4440e26614975f99ecbf3cec04e0cf9cef
cbf52478eea923d6c8559defe2bd5ce6f23107952a3ab8056d0d2d97df20a79e
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd134b4001ca6ab0b25d9df618162ca0c867a3b40cc0d16e53b5fbb142c8cb8c
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
cdc8ad4d5245368ddcf674a4129fb3184a048373e19203b3ab47f7d7676b8986
cdd297fd79b6ba4200519c00d3d9b7c596e397e40cd6af96eb5a63332f91bf8b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfa9eb61fc8151655bb4081417610d49fb91cd53242d1880092a0d1c20fc3b34
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50
d4a0ee6d728ead9cf6f762458a1de9463cfea40e4edce958d445ee006fc27f16
d50b115ed15f11d96d3ab369d091db9bf261ff6a41ee29ef08599464913bb0d9
d53fc34a8a2122326a547282899df3aa84a3def278217628e218ba771c4305cb
d5adf666701b746821cc08cfa7064589419b3e1aa81e6324ddd6843e5bebf082
d69ce89c3ea8c123578d546fd149843e3ec1c83cac45023ec1f80f788c7615ec
d71d986a726a9a3b37c6a5e049fee9692442911b24fcbc115a55608634a3ebf9
d76f32f8bd2f4896065ce24a53a651b8b31f8518eeffef24d8ff3b7942a2437b
d777536c363f541d3a0a29627c1294ed6c6c0889011ea21d8d4eb859c9aef31b
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d7f79d58b05187430d13e54745588aaffd6abcfe45d744d355137110365a22f3
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
db01487388f15a4c0cb6c6e28ca365fc9a9e0855a90894665baa6f582c9e50b6
db6ac8aa8b0eec0264d904f0f99a2c1b6ea00a3bf79b4bfd77002c47fa29db92
dbea79f2df0b90afb4a54efb447d86eeb387be30ca8387fb69b069a46ae4896a
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
dd6132f04a2eec5299eda587492ffe9177e8b004b667a81aa01d2467add786d1
de0ddbb5fd111b29b2e6faf23e25135560cc3a9acbf16c60f8e2f06b49d3998c
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e33de29236bd945ad5963c32fd373b982e0970b3a1f784b8e7ae07d7be8c254d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050
e564a3162413efc438ca1087c6d299b042e35695cb79b44f655fe699e5d46fc7
e568b10e0bb7610abbe4f1f62ccb35ba7d479ef4b125936b97a2cc80ba9c3a98
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a
e6829d5b4a0802d493bfa6fe6efb9e9db4763299c47d1a29000145c64984c966
e89c1da385be36ce801884d3609d7339ed0a608898520cc43a31334a8ab5535d
e8fa42be0d1faca5c512acce6805d2986dc8875b030b952f93ec8233d0a13e13
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
edd44cad5cd50082407878419dee3031955cfb380d85653ce1100cea73bf9eef
edddcb46193aacdf88726f8250fd0248b2dd411d392b3288ea04ab9e9e6bd526
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef447194c4f88706e59e91d4dd03aa925cd6f5d30ae87b863c8fe282153c2fbc
efed9c0be7c7adf375be6a20b399eeb790011c96ec3c3921fa91cc3d0fb7e095
f11b16a761b9b2d565e3d57f0d2430b7666beedffd2022b59bd544ccb130c27b
f1a32bc2f145aea8c098f09896ed081513a6f6fcb8adc1aecfdc2b43618393a7
f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0
f2bfdbf7d2df8d37016a17d53674d2799bb77996a763bf2bee8b1f604dd31a9f
f2c227400d4343e5fd00ecf710c55c5d14d9a0efd1c884199f79ba8d89d704d7
f3a2b319fd9e6fbfa8b9caefe9cf9a03489e4b03e14dd8215400caf7f33f170c
f46b2d4a856ea7159beddd14178005a469671e498cc36f6cd1ffc088eb0431f0
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
f5faeb48c8c68fd8cfa486fff4f37b181eae3a57ffa783670fee9a3473c29b09
f5fb80c6ab695aec793967d59c135b29618aad2f987174711a218fc44da08d77
f615e7ba92273145a27dfc0773e0a936233f96a40cee0eb90cedf8cdcf2e6e0a
f6b152c4c3aecf0a0ae21adefee6a0130a36c6bc92ebddc0e3ee3a0387f24ff9
f9019344d935a479e1acede01e904875eec4e1decdbf0254343eccb1c0511175
f9f21406615f1546dd9ced7d75db04dffb75609a92a35f835405784c78119447
fa0d1383cd6184c9654b458ceb23a3ad8c700d98cab32478b805e385efd97af0
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52
ff970c3708056e1a85cf2b085d4d73f9f75f67765e9543647ef91266e34d0e98
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2