securityaffairs.com Open in urlscan Pro
2606:4700:3031::ac43:8cd3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Submission: On April 18 via api (April 18th 2023, 2:08:07 am UTC) from TR — Scanned from DE

Summary HTTP 179 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 29 IPs in 9 countries across 31 domains to perform 179 HTTP transactions. The main IP is 2606:4700:3031::ac43:8cd3, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.com.
TLS certificate: Issued by GTS CA 1P5 on February 24th 2023. Valid for: 3 months.

This is the only time securityaffairs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	2606:4700:303... 2606:4700:3031::ac43:8cd3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.99.78 13.32.99.78	16509 (AMAZON-02) (AMAZON-02)
6	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
12	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:224... 2600:9000:224a:5a00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.121.88.215 3.121.88.215	16509 (AMAZON-02) (AMAZON-02)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
3 3	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
19	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 2	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:f48d:cf88:c413:b006	16509 (AMAZON-02) (AMAZON-02)
1	34.160.236.64 34.160.236.64	15169 (GOOGLE) (GOOGLE)
4 4	37.157.3.28 37.157.3.28	198622 (ADFORM) (ADFORM)
2 2	18.198.62.230 18.198.62.230	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 3	52.28.153.196 52.28.153.196	16509 (AMAZON-02) (AMAZON-02)
2 2	54.247.79.230 54.247.79.230	16509 (AMAZON-02) (AMAZON-02)
1 1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	213.155.156.167 213.155.156.167	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
179	29

42 2606:4700:3031::ac43:8cd3 (United States)

ASN13335 (CLOUDFLARENET, US)

securityaffairs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-78.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:5a00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.88.215 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-88-215.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.130.49 (United States) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.105.8 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:f48d:cf88:c413:b006 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.236.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.236.160.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.3.28 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.62.230 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-62-230.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.28.153.196 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-153-196.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.247.79.230 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-79-230.eu-west-1.compute.amazonaws.com

r.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.167 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-167.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 tpc.googlesyndication.com — Cisco Umbrella Rank: 177	522 KB
42	securityaffairs.com securityaffairs.com	846 KB
32	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 67 stats.g.doubleclick.net — Cisco Umbrella Rank: 166 cm.g.doubleclick.net — Cisco Umbrella Rank: 313	186 KB
10	gstatic.com www.gstatic.com fonts.gstatic.com	131 KB
8	wp.com i0.wp.com — Cisco Umbrella Rank: 4167 stats.wp.com — Cisco Umbrella Rank: 3510 pixel.wp.com — Cisco Umbrella Rank: 2908	216 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 130 region1.analytics.google.com — Cisco Umbrella Rank: 2930 www.google.com — Cisco Umbrella Rank: 16	2 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119 Failed	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 238	244 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 908	3 KB
4	google.de adservice.google.de — Cisco Umbrella Rank: 5261 www.google.de — Cisco Umbrella Rank: 3425	1 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	281 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 427	1 KB
3	everesttech.net 3 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 1020	1 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 5368 buttons-config.sharethis.com — Cisco Umbrella Rank: 6788 l.sharethis.com — Cisco Umbrella Rank: 5697	46 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 6958	655 B
2	scoota.co 2 redirects r.scoota.co — Cisco Umbrella Rank: 35205	1 KB
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 50702	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1332	2 KB
2	blismedia.com 1 redirects tr.blismedia.com — Cisco Umbrella Rank: 2823	573 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 447	465 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 1223	716 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 4805	104 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 1124	339 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 2062	586 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1646	213 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 689	715 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 1007	98 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1063	465 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1718	256 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1132	609 B
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2802	1 KB
179	31

	Domain	Requested by
42	securityaffairs.com	securityaffairs.com
31	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
19	cm.g.doubleclick.net	googleads.g.doubleclick.net
16	pagead2.googlesyndication.com	securityaffairs.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
7	www.gstatic.com	googleads.g.doubleclick.net
6	fonts.googleapis.com	securityaffairs.com googleads.g.doubleclick.net
6	i0.wp.com	securityaffairs.com
5	www.googletagservices.com	googleads.g.doubleclick.net
4	c1.adform.net	4 redirects
4	www.googletagmanager.com	securityaffairs.com www.googletagmanager.com
3	x.bidswitch.net	3 redirects
3	sync-tm.everesttech.net	3 redirects
3	fonts.gstatic.com	fonts.googleapis.com
3	www.google.com	1 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	d5p.de17a.com	2 redirects
2	r.scoota.co	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	pm.w55c.net	2 redirects
2	tr.blismedia.com	1 redirects googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	um.simpli.fi	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	onetag-sys.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	id.rlcdn.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.de	securityaffairs.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	securityaffairs.com
1	secure.gravatar.com	securityaffairs.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.com
1	platform-api.sharethis.com	securityaffairs.com
179	42

This site contains links to these domains. Also see Links.

Domain
securityaffairs.co
i0.wp.com
securelist.com
docs.google.com
twitter.com
www.facebook.com
infosec.exchange
www.linkedin.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
*.securityaffairs.com GTS CA 1P5	`2023-02-24` - `2023-05-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
sharethis.com Amazon RSA 2048 M01	`2023-02-28` - `2023-07-18`	5 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-04-12` - `2023-07-11`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh

This page contains 20 frames:

Primary Page: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Frame ID: 5CE69073037ADF3570905334FFD182EA
Requests: 81 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20190131/zrt_lookup.html
Frame ID: 596BF46DAC5C959A693E44B5F18160C6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1681783682&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783682420&bpp=181&bdt=236&idt=402&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1113155451314&frm=20&pv=2&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=422
Frame ID: DC316A96904768EBAAB3C87D153EA481
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=2&bdt=1402&idt=-M&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0&nras=2&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azb0CXnBgV&p=https%3A//securityaffairs.com&dtd=6
Frame ID: B95FA4D943B135644D6FBD9682D2FF63
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23
Frame ID: C444D08A7DFFE94EF7485A41E5E0C082
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=600&adk=2697633112&adf=1762069438&pi=t.aa~a.2641062588~rp.3&w=300&fwrn=4&fwrnh=100&lmt=1681783683&rafmt=1&to=qs&pwprc=8791289769&format=300x600&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683613&bpp=1&bdt=1429&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280%2C630x280&nras=4&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=980&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=fNinhS3Yr8&p=https%3A//securityaffairs.com&dtd=4
Frame ID: 4E124D626982DF12EA752E9DA1BD532A
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1CA49FDA3B618CCFE98D833223563129
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1
Frame ID: 71BB19256A12FF391B60F9F0645740C1
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5EEC9DA191D0CFFA83FBA279977082C8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EFB3CCC24D858D1B1B1FD529423066B1
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: A2C0D93D30E44D6269E501B3CD2CC8D4
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CA6D9CEC9DAAFD9460D59D8AF1060161
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
Frame ID: 7F0759AC939345FBA390492995A063EA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
Frame ID: 0BE9CA3DEC49D5BB93507D7A47F86FCB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0EA399FD43F61EB2C88915EC6994E7C9
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4A2AEC21C1E0BDF7FD5CD2AC3907D7EB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
Frame ID: 89E3A10C5A6869D4955D7DEA34D1DAAD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EE18BAB0B90AD34B83F991061174427E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
Frame ID: 9D0DE59482BB2A0E79359D27546D1806
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
Frame ID: CA54010C948B9EBFEE29191AD7A5A1E0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New QBot campaign delivered hijacking business correspondenceSecurity Affairs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

twemoji(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

179
Requests

89 %
HTTPS

53 %
IPv6

31
Domains

42
Subdomains

29
IPs

9
Countries

2490 kB
Transfer

5573 kB
Size

30
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://securityaffairs.co/wordpress/104916/hacking/qbot-campaign-us-banks.html
Title: Qakbot

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/60233/malware/pinkslipbot-banking-trojan.html
Title: Pinkslipbot

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/111197/cyber-crime/qakbot-egregor-ransomware.html
Title: ProLock

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/112399/cyber-crime/doppelpaymer-fbi-alert.html
Title: DoppelPaymer

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/85062/malware/megacortex-ransomware.html
Title: MegaCortex

Search URL Search Domain Scan URL

URL: https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/04/image-23.png?ssl=1

Search URL Search Domain Scan URL

URL: https://securelist.com/qbot-banker-business-correspondence/109535/
Title: report

Search URL Search Domain Scan URL

URL: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Title: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@securityaffairs
Title: Mastodon

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/
Title: SecurityAffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&media=https%3A%2F%2Fsecurityaffairs.com%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html

Search URL Search Domain Scan URL

URL: http://securityaffairs.co/wordpress/70429/deep-web/deep-web-book.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/112244/breaking-news/security-affairs-newsletter-is-back.html

Search URL Search Domain Scan URL

URL: https://securityaffairs.co/wordpress/132506/breaking-news/securityaffairs-best-european-cybersecurity-blog-2022.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 155

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAKNNKszrJ-RaamQlbQNzGE&google_cver=1&google_push=Aer7DvLykeRT6irZ5M2gwvve-ezBTrQtWxFeCx430jB4cyxjfeSIDTeHbGbB6t7mhaKJYBQnOvqDY8xvmTud89rmzKMDx29CI1wRSB5h HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAKNNKszrJ-RaamQlbQNzGE&google_push=Aer7DvLykeRT6irZ5M2gwvve-ezBTrQtWxFeCx430jB4cyxjfeSIDTeHbGbB6t7mhaKJYBQnOvqDY8xvmTud89rmzKMDx29CI1wRSB5h

Request Chain 158

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELFaUT4_WwwLRLBp9MjnxEY&google_cver=1&google_push=Aer7DvJAv3yedTuEtmnoBIsRpjR9dXOJOA1LvSG2f-4qIcapDgsfQF9odE_ACDKzXpEnIZOLaYIuCDmoH9byX70C4W8j6oFlaQRMJ6Rr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJAv3yedTuEtmnoBIsRpjR9dXOJOA1LvSG2f-4qIcapDgsfQF9odE_ACDKzXpEnIZOLaYIuCDmoH9byX70C4W8j6oFlaQRMJ6Rr&google_hm=eS1HMXU1bTFWRTJwRWdULmE2N1ZjZjRpSUxzN0lHY21Id35B

Request Chain 160

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJwJ54D8oWJH04vywxmzqTg&google_cver=1&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS_zwGLqdi1WZSjCIE_pwOmSTnVq HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJwJ54D8oWJH04vywxmzqTg&google_cver=1&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS_zwGLqdi1WZSjCIE_pwOmSTnVq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkyNTMxODk4OTM0MTg3NDAzMg&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS_zwGLqdi1WZSjCIE_pwOmSTnVq

Request Chain 162

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cver=1&google_push=Aer7DvI77nnerHE5B91ZaLOjl0BaZ_evxXmrI3JjQfo-5G6L0Q2xwiHDZ1WZ9o4cud8CDp_Lf4y6wrSB0A5mLFghEJnTADjWLd2fFgA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cver=1&google_push=Aer7DvI77nnerHE5B91ZaLOjl0BaZ_evxXmrI3JjQfo-5G6L0Q2xwiHDZ1WZ9o4cud8CDp_Lf4y6wrSB0A5mLFghEJnTADjWLd2fFgA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UllZWElxdzExUE9BTGk1&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cver=1&google_push=Aer7DvI77nnerHE5B91ZaLOjl0BaZ_evxXmrI3JjQfo-5G6L0Q2xwiHDZ1WZ9o4cud8CDp_Lf4y6wrSB0A5mLFghEJnTADjWLd2fFgA

Request Chain 163

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFA_sJRd1v9URXTec72xEg0&google_cver=1&google_push=Aer7DvIySJg-HMTxC46aJ0yuzalU9rpMMYkwwCc2Z38SvxGRzLq0-ofzAyKmci_d2E9AS3a2y4s3BQoiKdayP37OmaCPhTfp6belRgo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFA_sJRd1v9URXTec72xEg0&google_push=Aer7DvIySJg-HMTxC46aJ0yuzalU9rpMMYkwwCc2Z38SvxGRzLq0-ofzAyKmci_d2E9AS3a2y4s3BQoiKdayP37OmaCPhTfp6belRgo

Request Chain 164

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESED56HO75qWJVGLdKbhvvlUw&google_cver=1&google_push=Aer7DvKdjPmW-YlnN-SnEiPAlokguvYT6lWvaVTq9wmbiUP_7Lw75D7SAR5vJoNfap23Ztzf0hE-DDGUmzuIvuYdtSYDea0-zsgK3OA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKdjPmW-YlnN-SnEiPAlokguvYT6lWvaVTq9wmbiUP_7Lw75D7SAR5vJoNfap23Ztzf0hE-DDGUmzuIvuYdtSYDea0-zsgK3OA&google_hm=JWFwv7M1TpmgpgR5y_oZuqE

Request Chain 165

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEgoGxsYWLQ-Mtsk56rD_R4&google_cver=1&google_push=Aer7DvIsOpI61E6cu-HVKukuFl0TsXtImDJMx5_oeeFdCTHZlZvErMf1IMYOlDqotT0gHoonWEPKhTKgpIabwcJJe_xQY-cfjZ5XtA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIyMzIwNTkyMTczMTM3NzMwMA%3D%3D&google_push=Aer7DvIsOpI61E6cu-HVKukuFl0TsXtImDJMx5_oeeFdCTHZlZvErMf1IMYOlDqotT0gHoonWEPKhTKgpIabwcJJe_xQY-cfjZ5XtA

Request Chain 166

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELWmesks_x6hqGgU928F4ZY&google_cver=1&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5hS49xL5drPY HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESELWmesks_x6hqGgU928F4ZY&google_cver=1&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5hS49xL5drPY HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=4f0d5727-596c-4b6e-8579-d056f6b76156&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5hS49xL5drPY&google_hm=BGCidmZ0QpamHyNzWfqMag==

Request Chain 167

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPa9LPJToME5p3s6xbyMSDc&google_cver=1&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hniMgPlw1nIGpGXmgNchZdhxYs8 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPa9LPJToME5p3s6xbyMSDc&google_cver=1&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hniMgPlw1nIGpGXmgNchZdhxYs8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc2NTEwMjE1NjYwNjA5MTY5OQ&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hniMgPlw1nIGpGXmgNchZdhxYs8

Request Chain 168

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEA6cDYc25Fdq1JMYm3UXz2g&google_cver=1&google_push=Aer7DvJBgDSnWUXUTJRv0pdVL3OuTYvJuN6_O-_Dm8uFma4QfqS_AQXk9vMB7L4G0yDZTH_z8b2jFwesF15Ygz5U73j9QL3xSCULlss HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvJBgDSnWUXUTJRv0pdVL3OuTYvJuN6_O-_Dm8uFma4QfqS_AQXk9vMB7L4G0yDZTH_z8b2jFwesF15Ygz5U73j9QL3xSCULlss

Request Chain 175

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAQCNwj89JLvawwxxU-gJSE&google_cver=1&google_push=Aer7DvL9wP7wV3_-8Jzy4HqOqPypktdreuZRez92BWRmdCR7JK0pG553FgNSb7DTPsPcMeV5dmFqISO9XzFnR6jOcQnVLdEDjV_SyuK6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAQCNwj89JLvawwxxU-gJSE&google_push=Aer7DvL9wP7wV3_-8Jzy4HqOqPypktdreuZRez92BWRmdCR7JK0pG553FgNSb7DTPsPcMeV5dmFqISO9XzFnR6jOcQnVLdEDjV_SyuK6

Request Chain 176

https://um.simpli.fi/gp_match?google_gid=CAESEJ41H7vE4q110XZuJhiYpzA&google_cver=1&google_push=Aer7DvJhb1yj4hDGIrqkDIz3CgK3Bwj9B_3YnQ1MHTH-2CO_mHzYabphhvtyo4Tr-TlWdyLTPg_x9oZMRX5g928wJHpLJzw5l68ECXPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=179AB9724AB544D3832E6293BD63A04C&google_push=Aer7DvJhb1yj4hDGIrqkDIz3CgK3Bwj9B_3YnQ1MHTH-2CO_mHzYabphhvtyo4Tr-TlWdyLTPg_x9oZMRX5g928wJHpLJzw5l68ECXPw

Request Chain 177

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEF6TKD59smzFsTyOY6Us61I&google_cver=1&google_push=Aer7DvKkO7mBfsrfrRCsftTopPEHC_ErOKZLemOJxbZ9u54ftqrKFDZr9DXN7lrDwlCHMqO5PnXzzARWX6JK35kyVuKOYz-F_BBnDIok HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKkO7mBfsrfrRCsftTopPEHC_ErOKZLemOJxbZ9u54ftqrKFDZr9DXN7lrDwlCHMqO5PnXzzARWX6JK35kyVuKOYz-F_BBnDIok&google_hm=JWFwv7M1TpmgpgR5y_oZuqE

Request Chain 178

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOEoMsffBdnAQ8SM4_OUxYI&google_cver=1&google_push=Aer7DvK0_LdHY-iyvP4EDa-XJt1sOyTxOrmxJ0YQS5AOHARcihOVqshNP3jbvCJu2lgTYJHBPebW7nEQy1UTkXNeCrKA3gHW6WmJr5w HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=Aer7DvK0_LdHY-iyvP4EDa-XJt1sOyTxOrmxJ0YQS5AOHARcihOVqshNP3jbvCJu2lgTYJHBPebW7nEQy1UTkXNeCrKA3gHW6WmJr5w&google_hm=hmQ9-4QV-KLnFxLPlQ&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D643DFB8415F8A2E71712CF95BLIS

Request Chain 179

https://d5p.de17a.com/cookies/google?google_gid=CAESEJ06nkl4EMexkE5TgKsVYkk&google_cver=1&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkRdvQjWXkmv HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJ06nkl4EMexkE5TgKsVYkk&google_cver=1&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkRdvQjWXkmv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkRdvQjWXkmv

Request Chain 180

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFTqHnaeB4iy6fDZXG7jQqE&google_cver=1&google_push=Aer7DvKI4ckbpD9a5K7ArRZiVWO0YJdjwG58yQ08EVKctf__jScNIOW_DLYfRQH9bAFA_T7025m9biHtWM5tC0fc6vwWjNqIfEmxCzoM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdMTUwwMEYtMTktTDBFUA==&google_push=Aer7DvKI4ckbpD9a5K7ArRZiVWO0YJdjwG58yQ08EVKctf__jScNIOW_DLYfRQH9bAFA_T7025m9biHtWM5tC0fc6vwWjNqIfEmxCzoM

179 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request qbot-campaign-april-2023.html Show response
securityaffairs.com/144927/cyber-crime/ 86 KB
20 KB 158ms
108ms Document
text/html 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5695b25efe49d302f8e67b90c70d0f77ba676fefdb6f7c8c2981b60c671027fd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 7b995b8cfd7e2bb8-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 18 Apr 2023 02:08:02 GMT
link: <https://securityaffairs.com/wp-json/>; rel="https://api.w.org/" <https://securityaffairs.com/wp-json/wp/v2/posts/144927>; rel="alternate"; type="application/json" <https://securityaffairs.com/?p=144927>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8tSCawPmzpmtDoAHK1bWGhTTcv8g2VGrdAAB4amVNkUKYMomnC%2B8ZZDHKX5dwjkWluAb1GZ9au%2F5lfEml7Qmg4FerMWTQju09h3fzM6EH0r7aXp6trB1hLeILHzJVI3NmENbvtYpsJe5TvRuYyxWh5J"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-pingback: https://securityaffairs.com/xmlrpc.php

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
47 KB 158ms
67ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed37de922d856965e3699e56de611d21172161e3bbd8196e115ff6ed44d57bf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47903
x-xss-protection: 0
server: cafe
etag: 10191886616417936674
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:02 GMT

GET
H2 200 style.css
securityaffairs.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 43ms
39ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/css/dist/block-library/style.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1009b5a8852ca3fdbdacabac3778cf9dea8f91a58d36466a5fe20d0441ead1f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=104503
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-19837"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=711nLRBPHC3N8qS2szxZcDRINzAjkgzDPuYUZgjVwwSAC5lTny8pMXNUT4QuTEnTVG8Nwsz77yvQHe2dAlOlg4pO9xQoExJJN6NnOGKiEAruAeL8BbqoZy2gyPHXs9ySf%2FGUMhP0NWH2s800J2tlXvKl"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde3c2bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.com/wp-includes/js/mediaelement/ 11 KB
3 KB 42ms
38ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2427
etag: W/"5fd15e34-2bf8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3hzCT2ywPN659QrWLMcvkP1gozlwy%2BaV5%2B%2BKb4%2Bt9GxGRz2WP7UdT09IfRm3WMmv0mDuizTme8VrHfUWKs%2B9sKzqzwNr84t%2BlcCgCugEaes7dSTdbiTIsHyJGaLifhfzTacnLdBXZwOvwVKv1D%2Fm15v"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde3f2bb8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 25 Apr 2023 01:27:35 GMT

GET
H2 200 wp-mediaelement.css
securityaffairs.com/wp-includes/js/mediaelement/ 4 KB
1 KB 42ms
39ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/mediaelement/wp-mediaelement.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=4960
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: cloudflare
etag: W/"5dcc9728-1360"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FeT4COSSeMkG7CNE83Bp2mZrrdD2d%2FyBru6Fm7v%2F5t5O4K8Ok46v1JDIYH6h7mAwLnV5u1pD3qOGpmTCQUyUrotcOk4UlGsnOSem1SNRPOqzwzHTL5Qlh6wqNFRUfwdy47hmYtcxEoIGG42euYhGBpM%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde3e2bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 classic-themes.css
securityaffairs.com/wp-includes/css/ 257 B
580 B 22ms
19ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/css/classic-themes.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5ea1f3c6951b71eb83050cd630f9c7c1c736b5b277d38a0e4465d80a5e53d4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=729
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-2d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bpkgcwlki3jPcptyo%2FjfPLDFZyEvd2j9zl%2BScANZ8JXOYwraPxKg%2BSXffCqsxGghYmyFQ1R3iSI1lLUJe0pqJNDKaE%2FafUJpwDjCALuy3kaDWd2J%2BThURUj0wZaMryYc3uk1WqX8vuUg03w5WsGkSgIm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce1a2bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 cookie-law-info-public.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 3 KB
1 KB 24ms
21ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.8
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 488722
cf-polished: origSize=3106
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 04 Jan 2023 00:35:43 GMT
server: cloudflare
etag: W/"63b4c9df-c22"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Bt9vaO%2F7n74f%2B4QrrdJZGLgisNq8QK4%2Fe%2Bdoc1T0%2F29khneS%2BHplDKbhcdX4UdpTP0f7mFJjPuD4k4I1%2FbmrWovbzq5r5Grs8vM71wygf1naRQfjXYIKijegb%2F4LjF6qkd8Bmw8EywTna50XP4oGr4A"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce1b2bb8-FRA
expires: Wed, 19 Apr 2023 10:22:40 GMT

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 22 KB
4 KB 23ms
20ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.8
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=27249
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 04 Jan 2023 00:35:43 GMT
server: cloudflare
etag: W/"63b4c9df-6a71"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DikdLAALUSYWef%2BxTcljlHPE9DETxOYcg145cM2ihsfPs38Gsm%2ByqPMwIgXAAoozEDMNJpeGyho89e7HeylOxLrijAxyt5%2Bbyyh%2BUH94nFeWGLwL%2BGtXGSZknxWzxoi%2BunFtogcwu%2FJ4Pzq9n4b12vUr"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce1d2bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 custom.css
securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/ 15 KB
3 KB 27ms
24ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=19858
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: cloudflare
etag: W/"56716d33-4d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73MScRVwowy8MClMbySQWQcJEvBlnr%2FiRmOZkQdyrJEIEbv8TJFw9yQtClISIvmFzJgKKpNKM%2FyP1U%2FmFBcoPOpkYZ6m4icdP%2B22u0A6TRVoqNDauN1FS30WPICX3xSr2IJxYoDN1jjDYQ3bUklfMLF0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce1e2bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 tipsy.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 461 B
544 B 24ms
21ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=539
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: cloudflare
etag: W/"56710b7c-21b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=28KCgEggQnBfZVZU5CJ2DzNNsoe0FPq%2FJffRvEAB9UsgQCnaB5kvmVtsROIiIgSFqoaXSediGuttIqVbwU02%2FXKIT%2B1w5NWsFbbVDZuRQLkIEBboSXdZCs%2FgG4TwJSqDo678n6vmqu%2B7N9Wt7fylqYI5"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce1f2bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 flexslider.css
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/ 5 KB
2 KB 25ms
22ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=6225
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: cloudflare
etag: W/"56716d3d-1851"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8OIKLDq9JDmfkcV%2Bd9jdCdmlgIJBO%2FJ16ht%2BJ1RfS6zo%2FaXPypSXuB64zke9QUHACxzIkUQmhheppNBsoy2X1bNJfk1ZVj4qpEMTSRBT8zd5NQD16o9X%2FkOD%2Brx3A5hJ5ehe2IgewEXpZSlcrKZKeJE%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce202bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 animation.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 1 KB
685 B 25ms
22ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=1716
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: cloudflare
etag: W/"56710b7a-6b4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNUy74GTehdoxbYgiJ%2FRxl5JuMlkQOMplm3TER1flSkV%2F5arBD6%2Bg0IRYuHPK6cQOCNOD3rGf%2F1rWho2gUXeXSpm%2FzvOvjLBR3NicS3yh98%2FGc0GU289lvmvD6p0E7pKHAm9rA%2BiSVtMLrxq4lwFtnJy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce212bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 font-awesome.min.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 17 KB
4 KB 25ms
23ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 430859
etag: W/"56710b7a-4574"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciyVOOBkqNRkuYFwEL50ELQ4uoMPd41gHDCDseU83r2LnfnljU6n9jLwFKmO4v8AeCR%2F%2FYt9Hnu%2F349gl%2BrROcqfqnx%2BmblhT8olnV6KV5izPwpqxWSb%2BNh%2BbRmc%2BnoeRq7KsJmorhSCt9sZfeiUkO4t"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce232bb8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 swipebox.css
securityaffairs.com/wp-content/themes/rigel_old/js/ 3 KB
1 KB 28ms
25ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=4493
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: cloudflare
etag: W/"56710b8a-118d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fSlq%2BbHECl3U%2F%2BkSq1NMTcmiEbOFh7aRGdmUyUF7LeOAgN%2BhtBe7p4gjvNsDygYSCRv5fKERjCxLnUun7mf%2Bc5RVVU51%2B3TGiKtmW2K9S3b%2FhomK99DzaSWXjSm84TrfK9G%2BeDrXzL3TGrApQYD0APyU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce252bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 jquery.circliful.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 264 B
541 B 26ms
23ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=334
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: cloudflare
etag: W/"56710b7a-14e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FuD6tALSit3bwp3fiI7k6aH7f46SDB2l3nB77wyZyxy7JSf5CeE7Ld5Ipn3fpEpCEQKVPAIBwPa7S14wa8%2B%2BsQzu99yi5YSLOSpO8YyOGh2nLW66F3mop0T8IiqplGhSXeEDAw%2FFbRlUwmRhT%2BZQ3jQ8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dce272bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 screen.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 95 KB
17 KB 36ms
34ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=112708
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: cloudflare
etag: W/"56710b7c-1b844"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yHgsq9ZhJoPtKwPcF9QCjrrL7rrJyt3HjBrwpVNwp35vBh4qbEYdqXDImJJUWIXxf7tyfdQ8WmLYev35%2FbP7Ny3zxXDbANZo0un6Z6J%2FDV4Qjrrr2w%2FIpOBCFXSQFk2al%2BXeSzogMY1dhN22ICSjWIL5"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde332bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 custom-css.php
securityaffairs.com/wp-content/themes/rigel_old/templates/ 12 KB
3 KB 378ms
376ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSvLFo%2B68qi3t%2B3LP1kNYDhz6qCkQ34I6hGl8bP%2BxDF3DUxJENThxpWD6ZjPLT7ECtn3Kdbc5T3ndvlO0DH8DEQh2Urm8Fc43rNCApmJKhdsFAZI0SBbHZH1%2F%2BzJbXkJgZobbhUin9UlPRPivVSsgsaR"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset: UTF-8;charset=UTF-8
cf-ray: 7b995b8dde342bb8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 grid.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 43 KB
8 KB 39ms
37ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/grid.css?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=50674
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: cloudflare
etag: W/"56710b7b-c5f2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2pO7rrNm9RCsgzhE5unFTRedw3wN9HfFTf3X%2Fq%2BP%2BoDkAV%2B7mVaxwXlKeh9pFhQfKfBawBlJ7zhkEnmWN4aXTYQtB%2BUnO1xoZxV2853tssMqFxdcd3UzPgFGi5sWLZWiFGdF1agQwW4h5RN9fGXN9Hj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde362bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 sharing.css
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/ 16 KB
3 KB 40ms
38ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=12.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a93c1ac24fad6ffb0de84e1f56b111e8b177d68a2948ffe1c87d9c02bb68b2d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 107635
cf-polished: origSize=19408
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:58 GMT
server: cloudflare
etag: W/"64330822-4bd0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CulzCjqG%2FGG3zpFd5zDsC%2BmTOVKWW0VEy3clXk%2BDkMcg7uIj8LA0GXEAgWXuPU3%2BScSUiqPvxU6KNsa%2BQR1dCQQCRFPK7BHbpSKrTR2z7DmecGDw2r%2F1VOyXcEIOzOPXHxQLRnmB%2BJ6OnIACvIBDLUws"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde382bb8-FRA
expires: Sun, 23 Apr 2023 20:14:07 GMT

GET
H2 200 social-logos.css
securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/ 11 KB
8 KB 38ms
36ms Stylesheet
text/css 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=12.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee86b02e97bfb8f83af87a4f7991c713e1e90dce091524c0c675b393091b6ff7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 107635
cf-polished: origSize=12101
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:57 GMT
server: cloudflare
etag: W/"64330821-2f45"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=loDw0r9pjF4p3zhE3MrUBkqSXOgVnumMiU0jNtW4po%2BLlIZ2UuMqSBs3AbGfbZLsY0mr2kFeJCndahTphZAibkQ3VfY%2BH1XJpHVpUp1kys1thcJjE8VqTWm1NQlWcHkgXM6AhRyQ6jlgjARKCc0ocB29"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 7b995b8dde392bb8-FRA
expires: Sun, 23 Apr 2023 20:14:07 GMT

GET
H2 200 jquery.js Show response
securityaffairs.com/wp-includes/js/jquery/ 142 KB
42 KB 49ms
47ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/jquery/jquery.js?ver=3.6.3
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73e52be898a7afbbfa119fdb5a95ca82c2b914da8d756404f7e5c7e0b6ff1928

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=292478
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-4767e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4upaaCHyHQikVi%2BNklhkxgQ4kFG5IrNoZDLuD6kGawr8gqqfIRaMnrIKGYnNYb6a8jRByFWeXlphU4CvsZBnDSASj3akPAganZtPYctYp1OjDUGxq9q9D56dB9BdLk%2FpPZqZ2B2FQDUq6ftBsjDxuEkH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8dde402bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 jquery-migrate.js Show response
securityaffairs.com/wp-includes/js/jquery/ 18 KB
6 KB 54ms
52ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c4baf058901663c6879894c0067cf923fa200cb95a0a4c25b1471a62c2a63c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=30789
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-7845"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Owi6gzJYUBSrjqgVgb1I8TOFfVHSCcG7c%2FqILuXbouuGpqSdV2Zovjm80NRvHMJfL%2BkKnn6%2B%2Brf6DhPGIrBsKVsFDxGjepWkN5W8RubgTL2UJ5ymmRL85yMM8Z4pvDYkGftzfC83Ev%2FN21%2BIYgvnjWE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8dde422bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/ 27 KB
7 KB 42ms
40ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.8
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 430859
cf-polished: origSize=34179
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 04 Jan 2023 00:35:43 GMT
server: cloudflare
etag: W/"63b4c9df-8583"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMNGRAh9rbSfhyfWwCtrQqucvlNV8%2FJTdtexAG%2FaamNx%2F26sGYXKVSLVpGwJAe1brGsd8UTWOWmMNiuk8CN3NINu3xugIkDHT93NuVs%2FsEpgCAp7REyF8xSk%2FX7FFqRJyFkY0lW9O5fL%2B8y7X%2FC%2B3PD5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8dde432bb8-FRA
expires: Thu, 20 Apr 2023 02:27:03 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 198 KB
45 KB 62ms
8ms Script
text/javascript 13.32.99.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-78.fra60.r.cloudfront.net

Software

Resource Hash

d7a1bdec6b5209de5be156a573409f2f9e30488cca22fb380d2234057c7973f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:05:14 GMT
content-encoding: gzip
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 168
etag: W/"3184b-xStZrNgO3eG9+q9l3cRkzPWrPx0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: aXqFHJhte7xnp4rlvEfzue4N3KtrTtZioSIegl1qIc-FGy2VVmeOCw==

GET
H2 200 image-23.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2023/04/ 123 KB
123 KB 44ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/04/image-23.png?w=1024&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

91e20b27fc6897e61a2929f66ccb0886932dac31b3745ce09a8e805692df41dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 Apr 2023 20:50:19 GMT
server: nginx
etag: "bf53de6301b0beba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2023/04/image-23.png>; rel="canonical"
content-length: 125930
expires: Thu, 17 Apr 2025 08:50:19 GMT

GET
H3 200 APT41.png
securityaffairs.com/wp-content/uploads/2023/04/ 100 KB
101 KB 15ms
13ms Image
image/png 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2023/04/APT41.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12062757f7afd3465861b81180b44b65476545f41d920fe978d95cc258ceef52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 44158
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 102872
last-modified: Mon, 17 Apr 2023 12:23:18 GMT
server: cloudflare
etag: "643d3a36-191d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0zzfx3hSwtexvOOdaTukcuP6d7%2F2DixzFl7sGhbp1HloyUgmDh62i5Ad27njBC2fk8F1KcH0xeviDONkxPQwZQPchHrgxaMjew3FOjbI7fRjGxyhocXFnloTgjUtUre1Td45TKom7D4ni7krfsvc%2FTb"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 7b995b903bd439be-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Vice-Society-Data-Exfiltration-PowerShell.png
securityaffairs.com/wp-content/uploads/2023/04/ 490 KB
491 KB 36ms
34ms Image
image/png 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.com/wp-content/uploads/2023/04/Vice-Society-Data-Exfiltration-PowerShell.png
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9004ee639c9ce710e32cbbd8c25731737c5b6dfcdfb5604bb6749a842849b53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 53240
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 502135
last-modified: Mon, 17 Apr 2023 11:16:34 GMT
server: cloudflare
etag: "643d2a92-7a977"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9uMFMVMbrIdzaRBWxII678tiU7XdHjGCpnPwpcnRN5NiB5Pr1jZ%2Bxf3TfBPRvNUZ565cuUYRqK7YThM8IcPKvmDgn5Tyzjr4llShiUkizLlwd9rsF0PGWor1gIiyM6Kb8%2FqV5Rx2MUiWVBPjguV9zRd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 7b995b903bd539be-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 APT41.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2023/04/ 20 KB
20 KB 44ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/04/APT41.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

2503c5349f739c4f93395ec839d25203b93da998d861ee17aadbaa1d75997032

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 Apr 2023 13:39:27 GMT
server: nginx
etag: "e43a90d912c9a815"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2023/04/APT41.png>; rel="canonical"
content-length: 20430
expires: Thu, 17 Apr 2025 01:39:27 GMT

GET
H3 200 email-decode.min.js Show response
securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Apr 2023 15:48:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"642ee9e0-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0QJ7Wbdh9Wtn66dc37ooEX2nXGuzfkUDCSMDFWpheH8rRNbm3Qri0JgYLOrGnEIlyq0H7j8ppLlrEAlkc23sHjoAwxVTSujMLUxu%2BWNhm2%2B2vL%2BO7WR0PTomUUh%2FHDnaLIiQv3eyPsOG6okehuKPbZL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7b995b8f0b2139be-FRA
expires: Thu, 20 Apr 2023 02:08:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 181ms
94ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

66d1694c65fb8e85de0f6bab20482b88e7d4755fb81bfba0ef6e71e8ae5b1421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83945
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 18 Apr 2023 02:08:02 GMT

GET
H3 200 photon.js Show response
securityaffairs.com/wp-content/plugins/jetpack/modules/photon/ 927 B
960 B 14ms
13ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a37deb9dd04cdebb5a80730395780332c03ec667693b3ddb06d8983157679d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 497589
cf-polished: origSize=1760
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:58 GMT
server: cloudflare
etag: W/"64330822-6e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3bwXtEafzynDqxBkFpFGtbc%2B6sdMk9nzFxGpFd%2FvgvLVKkCcYCeQgfG4rQ2b3tBvFDe67cDCZRPVXboMYIA0rSVKX6erSDbvYLRAe5cYFYiYbxy2y7kh9leompLJABMcZJhtuR%2FMMUfmmccw4OA5b1%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8f3b3439be-FRA
expires: Wed, 19 Apr 2023 07:54:53 GMT

GET
H3 200 ssba.js Show response
securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
1 KB 15ms
15ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1678144527
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5810
cf-polished: origSize=3110
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 06 Mar 2023 23:15:27 GMT
server: cloudflare
etag: W/"6406740f-c26"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5X8YDMqif54ZDOd76EKTYq4po08Sg9mOjHUolnILg09HHwy2xSEx3F4XDJ44JLFKuT55A1uaT9wKDkqQCIg%2FhfQ56G67XOYJhDWRZB2vflC0DV5IQapJOgkB2E7zl%2FbqZLPjatmXya4D0bHkBOAVNYBa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8f4b4139be-FRA
expires: Tue, 25 Apr 2023 00:31:12 GMT

GET
H3 200 hint.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 467 B
788 B 12ms
12ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 341424
cf-polished: origSize=987
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: cloudflare
etag: W/"56710b89-3db"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jnRTLUYAQvI6lgCf7Jl4xB%2F4erc6YRxsp5qM0qIdf2P6opVVILi0oeFgDLnTB7P69RmQQYevLSKOOfbVMHGmTs%2B%2BYgt2%2F75i%2Bctoi0YJ%2Bl81goazj%2BoSsyAQ3YoCysjNfOD9X3nmU68LDQlNjeMjxsPR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8f6b5839be-FRA
expires: Fri, 21 Apr 2023 03:17:38 GMT

GET
H3 200 jquery.tipsy.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 2 KB
1 KB 12ms
12ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 499987
cf-polished: origSize=4371
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: cloudflare
etag: W/"56710b89-1113"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJlaBT3VbQ%2FUWEcl6iD1RSadN7TnMqq1N4EBC2IWAo%2FaF3VXMP9XvaatXSjM6zmn7pGm60dkRjYnnrOTHzg5mKLSOcSccnrlO%2BGp0NEu1hfvzXrgZ%2FzK2UROGdxPj7mWGMPsNqhzN2%2BGwsHzhkfas4zW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8f7b6839be-FRA
expires: Wed, 19 Apr 2023 07:14:55 GMT

GET
H3 200 jquery.easing.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 4 KB
1 KB 15ms
15ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 499987
cf-polished: origSize=8097
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: cloudflare
etag: W/"56710b89-1fa1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WB3S6bY4G9yghaDv4YlpO%2B1kzrikEXdITmJsMrG3kKI1WW1URySdI0zZLWUT3k3YtAlgZGbGbkDQ5vMEzDEbJq50xw4KZ%2BW3B%2Fbg3%2B7Jhj%2ByugzIcY0G0%2BFcyfL3T0P%2FT0dPiX3Tx8anAVvpKaS%2BxycZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8f8b7239be-FRA
expires: Wed, 19 Apr 2023 07:14:55 GMT

GET
H3 200 browser.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 2 KB
1 KB 14ms
14ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 499987
cf-polished: origSize=2614
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: cloudflare
etag: W/"56710b88-a36"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWnuSts8hgGENm%2FciY%2F15hMz21yyIeNwT4lVMUdAZkrRejVN5nS62vrhm9D7N51DM7OdHRwo05xLQQDHccufc%2FMNnDBAPJxyz3PpiAhBDM%2FCuFB5XPm4GEQhpqNC7mobGNGK1tQj%2B0nPTxMU%2BOtU4pu9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8fab8239be-FRA
expires: Wed, 19 Apr 2023 07:14:55 GMT

GET
H3 200 jquery.flexslider-min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/ 21 KB
7 KB 13ms
13ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 499986
etag: W/"56716d3e-53ae"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ieHxMFQff2gi1FOzyLZhNyXyxjM6l3BqeOCqmojADCDIjGxnfYdc5TWBCnWdRxH236UwqqLkhl04VYm6pyWuhCk6oE93EzR%2FD0Egls5SspuFu37DGWwmB3OtirngmLC9%2BnlFC9%2F6U36pPXB5mTUBiJdi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8fcb8b39be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 19 Apr 2023 07:14:56 GMT

GET
H3 200 waypoints.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 8 KB
3 KB 13ms
12ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 499986
etag: W/"56710b8a-1f6c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e90Qr%2FFOKptWyjarJqS03KyKfjG0q2a2h0xHhRUTXFXqEajxX8b5lvyVFS20pG3%2BJA4dJhNp8F0wSLNAyys%2FsKFJ1VGCDHvJatgVK8tqlxBcUoGkrxbajZ4g%2Bj4OBicRHtqSiG0tyA1AYec4q6l9%2Bfya"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b8fdb9439be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 19 Apr 2023 07:14:56 GMT

GET
H3 200 mediaelement-and-player.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
20 KB 15ms
15ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 342062
etag: W/"56716d42-11571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77fWk7bbhCJvAlKXivPwcakTgZyaZZk2cq7MFc4UFs1LieYt3lgZkVf9bsM0il0qnB5ZG48TowNYFUYLacdEG9zeGoovikfd3Js4FaQFx4uAwl4WFhblqdJ6lWYsXarG4JcN9q04jfQL837Lr2DCDXpl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b900ba739be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 21 Apr 2023 03:07:00 GMT

GET
H3 200 jquery.swipebox.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 11 KB
4 KB 13ms
13ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 504448
etag: W/"56710b89-2a67"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkxnTNTVuh5oTn1UEmX8fKLKXS8aJJFGvtjGJRe4IhN5BRyrpEUgDfYsD%2Fcjl3sUJQ%2FFf0rhhtpIrlUaO%2BRncIEUzk7Kj2zWd1O4MG%2FkBS0TmpRK6PlW6T2Ws8XA9kbKK%2BY6WLXifvg7CozmQ10MSVW4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b901bb639be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 19 Apr 2023 06:00:34 GMT

GET
H3 200 jquery.circliful.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 3 KB
1 KB 12ms
12ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 499986
etag: W/"56710b89-c18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojJbZE9QqtR1%2B%2F0pq5rAx9mfDRwbvN%2B6I8we%2BnVVzDCIiMKoYmFrf3h3NVQSij10fDIekbX5RnMJlROrnQmOWmVywotqWAKwzXiPBpQfafa5R37h5WhtJLRgs%2FVZS%2F2vTwL%2FiE7u6Aahc1jkC6i2ZKv3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b902bc639be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 19 Apr 2023 07:14:56 GMT

GET
H3 200 jquery.smarticker.min.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 13 KB
4 KB 14ms
13ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 450638
etag: W/"56710b89-3225"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EHodUGuYJEHs%2FprJFdXTi9miwc%2F9rdBNegW3hDGGai2v0zPHwv56T2kRUa8UEPOT94QE33plUrjZnP9r%2BU%2FDund%2FAhdX5WUrdYTRKk0kugpSxup0BQZljhwQkW3hIojKNqlrkmmG70zVqQFQRm8uEY5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b903bcf39be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Wed, 19 Apr 2023 20:57:24 GMT

GET
H3 200 custom.js Show response
securityaffairs.com/wp-content/themes/rigel_old/js/ 10 KB
3 KB 22ms
19ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 501547
cf-polished: origSize=12756
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: cloudflare
etag: W/"56710b88-31d4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UpPALKIRfSXuDYpYqcNCd8nCWJmQRX9vX0OsJxL13WETcFfvwgjo2Te%2FC71gVnxRIhLKJSceLbcEeNe4TGy9crLsD6ymyUCPQa4y%2FJ7JGHQZADj0j0xe2ucpUnwe8Pi0T1ZF6W9zSo6hIqgeAjzT2TMc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b903bd239be-FRA
expires: Wed, 19 Apr 2023 06:48:55 GMT

GET
H3 200 sharing.js Show response
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/ 12 KB
4 KB 22ms
20ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=12.0
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c11433c4dc7cf18972c22ca0f2cf78493b92aaf89bab4dab47c6c9b6c551d50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 101661
cf-polished: origSize=18206
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 09 Apr 2023 18:46:58 GMT
server: cloudflare
etag: W/"64330822-471e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYbMcfOZvwxIwHmGFUdOaiun09eo610pUXZoH%2BMLo7tTsjqwpe3z22sF32Cd9qTv%2BOfGz5w7ahJfF2hu5J4W6BfSWCab3Wqeb%2B64jx94yrpWgRFdbWOCyXBoQGAWekvNsDrAvmKEzqF%2BwsW8w1J2xmcb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b903bd339be-FRA
expires: Sun, 23 Apr 2023 21:53:41 GMT

GET
H2 200 e-202316.js Show response
stats.wp.com/ 9 KB
3 KB 43ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202316.js
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn
date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 14 Apr 2024 02:59:55 GMT

GET
H3 200 twemoji.js Show response
securityaffairs.com/wp-includes/js/ 17 KB
5 KB 55ms
54ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/twemoji.js?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 439978
cf-polished: origSize=33089
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-8141"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ij2SlbwvtQixLosQreGXFcHRzb9CLBqyxx%2BDETjmXgVWaoIMbwvIEFz1myiXu%2FxtnJBC1TBV5SVylxUbCmYiUtKc2C%2BtJxmi90WTFCJigu9YIE3JDK8EFC95xFRq2mwXDWtAm6A7FX1gikBCZcM4mnZD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b903bd639be-FRA
expires: Wed, 19 Apr 2023 23:55:04 GMT

GET
H3 200 wp-emoji.js Show response
securityaffairs.com/wp-includes/js/ 4 KB
2 KB 55ms
54ms Script
application/javascript 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-includes/js/wp-emoji.js?ver=540fd913fdda078d6087769568ea9bcb
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 439978
cf-polished: origSize=8969
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 29 Mar 2023 22:54:43 GMT
server: cloudflare
etag: W/"6424c1b3-2309"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BKSh0xEiYpCQhCK4FRnaohEpoDUJSbJApC4gV2mz0C%2FavEtRde2TQ5zdSdX%2FDnXMGrQJNDJw4C8SXKsHqFxouc8YxMrOSNZcPRJca5j%2FKeAKeGbXubLkvSUJrOjmEN1A%2BTrqVZHuivcqLBagJpgPYAeE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 7b995b903bd839be-FRA
expires: Wed, 19 Apr 2023 23:55:04 GMT

GET css
fonts.googleapis.com/ 0
0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304130101/ 345 KB
116 KB 141ms
68ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304130101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76c2859eb7ed829b130f73bffffbcb03b11b56ec350fc1c619b02a8fcbb3b19f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 118335
x-xss-protection: 0
server: cafe
etag: 16175786761538747686
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:02 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230413/r20190131/ Frame 596B 10 KB
5 KB 115ms
35ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230413/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30701
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 17 Apr 2023 17:36:21 GMT
etag: 2378337311435320485
expires: Mon, 01 May 2023 17:36:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 63aa5463b92caa0012f81022.js Show response
buttons-config.sharethis.com/js/ 438 B
886 B 73ms
15ms Script
text/javascript 2600:9000:224a:5a00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/63aa5463b92caa0012f81022.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:224a:5a00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:07:17 GMT
via: 1.1 0616b48dd6be4cda83365410ecccbda4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: DUS51-P1
age: 46
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 438
last-modified: Wed, 28 Dec 2022 04:37:49 GMT
server: AmazonS3
etag: "d0446970cab2a3b08a2f4f8bdf2fbef7"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
x-amz-cf-id: eSZ-5mlT_zGTTV4ukoqRu_WAKqNNykZTrHXkhBB9e9BM7gGnOsVaGQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 103 KB
40 KB 134ms
49ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9954fd915cba5a934f306c294f3a3c50bf1bd99649d180343933c20fa420f462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40798
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 00:09:14 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 18 Apr 2023 02:08:02 GMT

GET
H3 200 fontawesome-webfont.woff
securityaffairs.com/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 51ms
51ms Font
application/font-woff 2606:4700:3031::ac43:8cd3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8cd3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6557789
etag: W/"56710b81-ad90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myIh3guTRlqmSJLruM7fghu4ereO4KyEkcSYUpulgO8M5DU0Kiy5kfyZU23wJQlEHeiOggj02cZFTRY3D%2Fz6%2FgKfZWKCoDfd3bJ24bvS6O6lcNP2Ci25Ch8F2ZICBg6%2BqvwV1dFhiHOGkGOSh7TXDVzN"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: public, max-age=315360000
cf-ray: 7b995b903bd939be-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 6 KB
6 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51df3ca60fafe5df2786ce34c4b6dff5af9bb0a061f1808783f65bb1016e016d

Request headers

Referer
Origin: https://securityaffairs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
406 B 52ms
9ms XHR
text/plain 3.121.88.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.com&location=%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=New%20QBot%20campaign%20delivered%20hijacking%20business%20correspondenceSecurity%20Affairs&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Kaspersky%20researchers%20warn%20of%20a%20new%20QBot%20campaign%20leveraging%20hijacked%20business%20emails%20to%20deliver%20malware.%20In%20early%20April%2C%20Kaspersky%20experts%20observed%20a%20surge%20in%20attacks%20that%20QBot%20malware%20attacks%20(aka%20Qakbot%2C%20QuackBot%2C%20and%20Pinkslipbot).%20QBot%20has%20been%20active%20since%202008%2C%20it%20is%20used%20by%20threat%20actors%20for%20collecting%20browsing%20data%20and%20banking%20credentials%2C%20and%20other%20%5B%E2%80%A6%5D&ua=&ua_mobile=false&ua_full_version_list=

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.88.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-88-215.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 18 Apr 2023 02:08:02 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 46ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 18 Apr 2023 02:08:02 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Tue, 18 Apr 2023 02:13:02 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/ 30 KB
30 KB 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 01:09:36 GMT
server: nginx
etag: "90081d39f1874091"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 30524
expires: Thu, 26 Dec 2024 13:09:36 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/ 7 KB
7 KB 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 01:09:36 GMT
server: nginx
etag: "f66b518bba6e1555"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7234
expires: Thu, 26 Dec 2024 13:09:36 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/ 19 KB
19 KB 9ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 01:09:36 GMT
server: nginx
etag: "d8c02e2ccf1e41bf"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 18968
expires: Thu, 26 Dec 2024 13:09:36 GMT

GET
H2 200 EU-Blog-e.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/ 13 KB
13 KB 8ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Dec 2022 00:56:49 GMT
server: nginx
etag: "a583ea31753e6f10"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length: 13098
expires: Thu, 26 Dec 2024 12:56:49 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 13ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=29506073&post=144927&tz=0&srv=securityaffairs.com&j=1%3A12.0&host=securityaffairs.com&ref=&fcp=642&rand=0.8539240665971803
Requested by: Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 18 Apr 2023 02:08:02 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
77 KB 61ms
61ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cdc11c8cc0ec2477edbbb23408142058b9313d76f34dcf6714f731be20fcc6a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78364
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 18 Apr 2023 02:08:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 50ms
50ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b97186b3a8a4613e503dfa625811caad7f380ca86c614958b22aec7b445b0379

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83871
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 18 Apr 2023 02:08:02 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 405 B
609 B 124ms
44ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.com&callback=_gfp_s_&client=ca-pub-4918072057181794

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304130101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57d7c6f77519306c68c89483b09f8306011df700bc9d49f224bae14f78d4067a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 125ms
44ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 135ms
44ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 69ms
69ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=0&y=1130.4

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DC31 284 KB
69 KB 644ms
643ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1681783682&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783682420&bpp=181&bdt=236&idt=402&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1113155451314&frm=20&pv=2&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=422

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04d6b01d34ab1ecd2831d04d07ec175fc72f542a22599601c0783fa6fe6b46f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 70015
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:03 GMT
expires: Tue, 18 Apr 2023 02:08:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 62ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=45je34c0&_p=1330464881&_gaz=1&cid=1870748947.1681783683&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1681783682&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&dt=New%20QBot%20campaign%20delivered%20hijacking%20business%20correspondenceSecurity%20Affairs&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 63ms
18ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NPN4VEKBTY&cid=1870748947.1681783683&gtm=45je34c0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 127ms
49ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NPN4VEKBTY&cid=1870748947.1681783683&gtm=45je34c0&aip=1&z=1735344593

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 48ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=45je34c0&_p=1330464881&cid=1870748947.1681783683&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1681783682&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&dt=New%20QBot%20campaign%20delivered%20hijacking%20business%20correspondenceSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 51ms
50ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230413&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3defb775c33173083cf2ae47997db8b3eeda97f4e61bf8daab8ef9c603eaf28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11340
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304130101/ 150 KB
51 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304130101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de80ffc9e2a1d62fe39240a14f34b9cbb9474be8c15865d1012f1cb85befc28a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52145
x-xss-protection: 0
server: cafe
etag: 2253137771383558324
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 45ms
44ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 45ms
44ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B95F 89 KB
33 KB 419ms
419ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=2&bdt=1402&idt=-M&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0&nras=2&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azb0CXnBgV&p=https%3A//securityaffairs.com&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28d4e0404bf8af1ce6f75c38c85875d5a7811f1bd3c69a9b22a2cdcc1403469a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33744
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:03 GMT
expires: Tue, 18 Apr 2023 02:08:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C444 90 KB
33 KB 459ms
459ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

734c41c73534400cdb92220d0300d3205d7ae3b53b5bcfe03082802ff93c408e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34025
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:04 GMT
expires: Tue, 18 Apr 2023 02:08:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4E12 96 KB
34 KB 578ms
578ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=600&adk=2697633112&adf=1762069438&pi=t.aa~a.2641062588~rp.3&w=300&fwrn=4&fwrnh=100&lmt=1681783683&rafmt=1&to=qs&pwprc=8791289769&format=300x600&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683613&bpp=1&bdt=1429&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280%2C630x280&nras=4&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=980&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=fNinhS3Yr8&p=https%3A//securityaffairs.com&dtd=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fc530140ea92ef4167e5fe52d6e7276aa62f0fe9e25681fcb5f576afb37e794

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34289
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:04 GMT
expires: Tue, 18 Apr 2023 02:08:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 128ms
48ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 45ms
44ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 46ms
44ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/ Frame 1CA4 10 KB
4 KB 51ms
51ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:03 GMT
etag: 2378337311435320485
expires: Tue, 02 May 2023 02:08:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/ Frame 71BB 10 KB
4 KB 62ms
61ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:03 GMT
etag: 2378337311435320485
expires: Tue, 02 May 2023 02:08:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 1CA4 4 KB
1 KB 124ms
45ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1ae367420c242e83f64dd6cba96fca46a5285d40116c0e849c7752d40303c1ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 01:08:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1CA4 205 B
649 B 116ms
35ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 00:29:11 GMT
x-content-type-options: nosniff
age: 5932
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 17 Apr 2024 00:29:11 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1CA4 604 B
695 B 117ms
36ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 19:43:06 GMT
x-content-type-options: nosniff
age: 23097
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 16 Apr 2024 19:43:06 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/elements/html/ Frame 1CA4 19 KB
8 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5663a1ab2a975aedc88dbbf644d92980a966b614286321a39baac756077b738

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 14:09:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8167
x-xss-protection: 0
server: cafe
etag: 3140062999518874537
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 14:09:27 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 71BB 4 KB
691 B 112ms
45ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0f0d14e678c7dd5f443e5810048090a0a12ac42e474c478b948a8d44c7f6a4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 00:31:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame 71BB 2 KB
818 B 91ms
91ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:03 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/ Frame 71BB 22 KB
9 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:03 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame 71BB 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36798
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 15:54:45 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame 71BB 20 KB
8 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 71BB 159 KB
49 KB 139ms
48ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H2 200 c15427455071565d8097eb04c444439b.js Show response
www.gstatic.com/mysidia/ Frame 71BB 33 KB
14 KB 99ms
37ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c15427455071565d8097eb04c444439b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fb5a960b6817695b363d2294c0945cc75bf10cd17e5a03b3ff68229b9f0d77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287794
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14106
x-xss-protection: 0
last-modified: Fri, 14 Apr 2023 00:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 13 Jul 2023 18:11:29 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5EEC 13 KB
5 KB 37ms
35ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 22812
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 17 Apr 2023 19:47:51 GMT
expires: Tue, 16 Apr 2024 19:47:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EFB3 783 B
1 KB 125ms
46ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e4e2596aedd4a745bbed9ae470f15ea9fe12c56e448a1b5e7a65d3faefc9b8ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5G7yn3Zres-24mj_sIjsmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-5G7yn3Zres-24mj_sIjsmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:03 GMT
expires: Tue, 18 Apr 2023 02:08:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5EEC 36 KB
14 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 13:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46934
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14288
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 13:05:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A2C0 8 KB
966 B 46ms
46ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05ee926cc9bf2039ad93af941a67d23d84bd78ecd9d6ef53ff85eeaf744cbd89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 01:13:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame A2C0 2 KB
765 B 47ms
46ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:03 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/ Frame A2C0 22 KB
9 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:03 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame A2C0 3 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36798
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 15:54:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame A2C0 20 KB
8 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A2C0 159 KB
49 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:03 GMT

GET
H2 200 c15427455071565d8097eb04c444439b.js Show response
www.gstatic.com/mysidia/ Frame A2C0 33 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c15427455071565d8097eb04c444439b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fb5a960b6817695b363d2294c0945cc75bf10cd17e5a03b3ff68229b9f0d77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287794
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14106
x-xss-protection: 0
last-modified: Fri, 14 Apr 2023 00:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 13 Jul 2023 18:11:29 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EFB3 0
0 70ms
70ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230413&jk=4490632412454305&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5EEC 0
10 B 38ms
38ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?U5oTsg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CA6D 143 B
166 B 36ms
35ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 01:56:39 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame B95F 4 KB
618 B 46ms
45ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=2&bdt=1402&idt=-M&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0&nras=2&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azb0CXnBgV&p=https%3A//securityaffairs.com&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0f0d14e678c7dd5f443e5810048090a0a12ac42e474c478b948a8d44c7f6a4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 00:22:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Apr 2023 02:08:04 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame B95F 2 KB
765 B 82ms
81ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/ Frame B95F 22 KB
9 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame B95F 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 15:54:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame B95F 20 KB
8 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B95F 159 KB
49 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:04 GMT

GET
H3 200 c15427455071565d8097eb04c444439b.js Show response
www.gstatic.com/mysidia/ Frame B95F 33 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c15427455071565d8097eb04c444439b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fb5a960b6817695b363d2294c0945cc75bf10cd17e5a03b3ff68229b9f0d77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14106
x-xss-protection: 0
last-modified: Fri, 14 Apr 2023 00:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 13 Jul 2023 18:11:29 GMT

GET
H3 200 MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js Show response
pagead2.googlesyndication.com/bg/ Frame 7F07 36 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 13:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14288
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 13:05:49 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CA6D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

70ms
70ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:04 GMT
expires: Tue, 18 Apr 2023 02:08:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Apr 2023 02:08:04 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js Show response
pagead2.googlesyndication.com/bg/ Frame 0BE9 36 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js

Requested by

Host: securityaffairs.com
URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 13:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14288
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 13:05:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B95F 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CrsE-g_s9ZL65JZuz3gPnlbPoAcr0w_lv-4mlpZQQ-rLPuOkcEAEgu6PgmAFgleKQgqAHoAG62-OYA8gBCagDAcgDywSqBIACT9BpS33WkOqhVUZSmZjfeTSyzLJxroOBae5Dy1BpEce_Miqyjb3-DfDfwRyns3P-JEQoEim2u7ol8uRqIqNMubyg0SU1Go3CHzt4iDLznvZj59Q9CAFGTEMGDCusuRMk4T_vC_rVhutv7nPA-iHizOpz36mOJ3H5o6wpqay5wjPzVETXEeRgvIQ9NJnLyyKebn9HbaQqzMFIYibFNk0pYe8ebbywOuBq12_N41LKQ9GFORGZCS19axArNhG7sezb6VoZ_zLkifzWeu36gDzHuEVJjsrw6KYqCHCw57giST1AOVK9Afqc7EtlYQUriltETFQSrJwob2ovMw_hf1miY8AE_Kbi1oUEkgUECAQYAZIFBAgFGASgBi6AB66knGeoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCIshDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgT5APYEw2IFALQFQGYFgGAFwGyFxwKGggAEhRwdWItNDkxODA3MjA1NzE4MTc5NBgA&sigh=57NeXpHnilE&uach_m=[UACH]&cid=CAQSOwBygQiDFlgbFTBOAy0VEVcJL2wldhgPXPWyeLcLoRwOEijrW-x38QAbm85nabxfvzwTe5-OeuMDi0jDGAE&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=3158154027&pi=t.aa~a.509917982~i.19~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=2&bdt=1402&idt=-M&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0&nras=2&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azb0CXnBgV&p=https%3A//securityaffairs.com&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 18 Apr 2023 02:08:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5764291513729847510/ Frame B95F 9 KB
9 KB 39ms
38ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5764291513729847510/14763004658117789537?w=200&h=200

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d83dcdc82a44665d9062723adbeefcefd04515138f5ec969bb9fab7bb628b557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:36:44 GMT
x-content-type-options: nosniff
age: 282680
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9533
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 17:40:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Apr 2024 19:36:44 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17418262659696052794/ Frame B95F 18 KB
18 KB 46ms
45ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17418262659696052794/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b257bab053fe634db0d2846013162c34deb86c8332725856b9ee8e4aa56dc7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:29:52 GMT
x-content-type-options: nosniff
age: 286692
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18151
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 12:02:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Apr 2024 18:29:52 GMT

GET
DATA 200
OK truncated
/ Frame B95F 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame C444 8 KB
3 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/error_handler.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 16:04:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36217
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3465
x-xss-protection: 0
server: cafe
etag: 6788195977828770272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 16:04:27 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C444 4 KB
618 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0f0d14e678c7dd5f443e5810048090a0a12ac42e474c478b948a8d44c7f6a4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 00:18:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Apr 2023 02:08:04 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame C444 2 KB
765 B 47ms
47ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/ Frame C444 22 KB
9 KB 76ms
76ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame C444 3 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 15:54:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame C444 20 KB
8 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C444 159 KB
49 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:04 GMT

GET
H3 200 c15427455071565d8097eb04c444439b.js Show response
www.gstatic.com/mysidia/ Frame C444 33 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c15427455071565d8097eb04c444439b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fb5a960b6817695b363d2294c0945cc75bf10cd17e5a03b3ff68229b9f0d77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14106
x-xss-protection: 0
last-modified: Fri, 14 Apr 2023 00:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 13 Jul 2023 18:11:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C444 0
0 79ms
79ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ClVO3g_s9ZLXCJpam3wODjo6YBcrsgY5ws8_K_7EQh8eysIwsEAEgu6PgmAFgleKQgqAHoAGr1bS7AsgBCagDAcgDywSqBIICT9DaRyWqFlLG8s5eRoG27wEE6nP1d6WgpV9vJLdeJXZ6D3h1ODwwZE2Z8PxDWva9YYtCVBWPB0673ww0aNrWCkdTX3RAVMr2RjbBjWpyk6ymo5CwsTKRrp4Jh66tUwLwUh9FGV1Ra71gUtH_5_2r2b9O892RaBf5UQBZHNAj7khpzBW5f4J52kGMweDRogWnuAnPktexNndBn4hKvz4t8_ucWBN0hOVtVZjFjuNtLQ108J42skRLAmng4_9LXb0byGuboysiWJ-v2d8p-yf9kMDrD8S3xSZsV3d0ClimNr1NCky3HxTnDHz5qCiMssO1EZN3VAObCyObkfhTW-A2eYiOwASN_tjt8QKSBQQIBBgBkgUECAUYBKAGLoAHxbSTyQGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCwhHTSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgT5APYEwyIFAXQFQGAFwGyFxwKGggAEhRwdWItNDkxODA3MjA1NzE4MTc5NBgA&sigh=wVXPciSrECY&uach_m=[UACH]&cid=CAQSOwBygQiD1QNJCEYRcq0mDaA5tDsLYIXdrRtchzmUBdeXyhyyJHBoBmTKRa39Kupkm8_8Uwf1nmsgRa7dGAE&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 18 Apr 2023 02:08:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0EA3 1 KB
643 B 35ms
35ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 17 Apr 2023 11:06:46 GMT
etag: 48472445140208031
expires: Tue, 18 Apr 2023 11:06:46 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4A2A 1 KB
643 B 35ms
35ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 17 Apr 2023 11:06:46 GMT
etag: 48472445140208031
expires: Tue, 18 Apr 2023 11:06:46 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B95F 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17bddcb93183548217695ffc798be0ad8affaaa7ec1b07f363185f3f68516a12

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4613882048550124365
tpc.googlesyndication.com/simgad/ Frame C444 20 KB
20 KB 39ms
39ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4613882048550124365?w=200&h=200

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1eff8c9e2b8d23c216ab416b7d15949fedb249ad7710918248204396e8580a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:13:28 GMT
x-content-type-options: nosniff
age: 287676
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20376
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 19:44:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Apr 2024 18:13:28 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/2724091701197079474/ Frame C444 29 KB
29 KB 44ms
44ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2724091701197079474/14763004658117789537?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70dde362896983ec57f5616c96f890fc5bf33d9f23611949ce09a4d5e6a9cdab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:17:05 GMT
x-content-type-options: nosniff
age: 287459
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29583
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 20:29:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Apr 2024 18:17:05 GMT

GET
DATA 200
OK truncated
/ Frame C444 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame C444 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0b906ad5b7a86987e24516907e1869f3dc32831385adcf9b78fd7426e99f368

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 4E12 8 KB
893 B 48ms
47ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=600&adk=2697633112&adf=1762069438&pi=t.aa~a.2641062588~rp.3&w=300&fwrn=4&fwrnh=100&lmt=1681783683&rafmt=1&to=qs&pwprc=8791289769&format=300x600&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683613&bpp=1&bdt=1429&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280%2C630x280&nras=4&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=980&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=fNinhS3Yr8&p=https%3A//securityaffairs.com&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05ee926cc9bf2039ad93af941a67d23d84bd78ecd9d6ef53ff85eeaf744cbd89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 01:54:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Apr 2023 02:08:04 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame 4E12 2 KB
765 B 65ms
65ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/ Frame 4E12 22 KB
9 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame 4E12 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 15:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 01 May 2023 15:54:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/ Frame 4E12 20 KB
8 KB 140ms
140ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230413/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 02 May 2023 02:08:04 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4E12 0
0 46ms
45ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTCDY4oDpgcffHh8EaVEGbalKz1q0bBC4OKq8TeHJ_NghjMdkwylMNpPKoUs9qPu-rD6ko0nmzY0OSAjjDeVMLhUj7Tqg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=600&adk=2697633112&adf=1762069438&pi=t.aa~a.2641062588~rp.3&w=300&fwrn=4&fwrnh=100&lmt=1681783683&rafmt=1&to=qs&pwprc=8791289769&format=300x600&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683613&bpp=1&bdt=1429&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280%2C630x280&nras=4&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=980&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=fNinhS3Yr8&p=https%3A//securityaffairs.com&dtd=4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4E12 159 KB
49 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Apr 2023 02:08:04 GMT

GET
H3 200 c15427455071565d8097eb04c444439b.js Show response
www.gstatic.com/mysidia/ Frame 4E12 33 KB
14 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c15427455071565d8097eb04c444439b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fb5a960b6817695b363d2294c0945cc75bf10cd17e5a03b3ff68229b9f0d77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14106
x-xss-protection: 0
last-modified: Fri, 14 Apr 2023 00:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 13 Jul 2023 18:11:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4E12 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cs4wzg_s9ZOmDJ5Hd3wP_74KgBcrsgY5ws8_K_7EQiv2ghMMBEAEgu6PgmAFgleKQgqAHoAGr1bS7AsgBAagDAcgDywSqBIgCT9DSYp0Hsj2MqhQUV2TLQ91oM-F6ACtYPEAxhYV0lp8D8iXgBtcUcK8i5pbklcH109NTFz38RN-qxPyooyCDk4hsVboZd18hP-3kSLn9LEtOLl4Vv0tjRmINNKJyqoJpeBBrE7zNm6i9aZFeSIhFvr8GAparH6dYAxonMaU93lxFqqXM697JlQrFOsVybgvxiFGx5mVv8C2ANaLYPK5VospbSnWx96IUpsFy0sQhJQdVKblF-3_9xf-Ops2iLpP8OZbol1ji0sEk3p86FLtnzVZB5scKTLG4iH5RlyOXaHoykjgwsrojcYbLJirpFqaSEVqNI3CtQaDCNnaDkp_HgLiLTtCnGx01wASN_tjt8QKSBQQIBBgBkgUECAUYBKAGLoAHxbSTyQGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDDtBDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDIgUBdAVAYAXAbIXHAoaCAASFHB1Yi00OTE4MDcyMDU3MTgxNzk0GAA&sigh=zBSJNqCzSIk&uach_m=[UACH]&cid=CAQSOwBygQiD9cCGiCIbumCeEXrXlRQ9TmDRQVYls_FieaCPr0QLvQx_ePiGZIvVZSlgYIGShueGb29gDZCCGAE&template_id=5021

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=600&adk=2697633112&adf=1762069438&pi=t.aa~a.2641062588~rp.3&w=300&fwrn=4&fwrnh=100&lmt=1681783683&rafmt=1&to=qs&pwprc=8791289769&format=300x600&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683613&bpp=1&bdt=1429&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280%2C630x280&nras=4&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=980&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=fNinhS3Yr8&p=https%3A//securityaffairs.com&dtd=4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 18 Apr 2023 02:08:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B95F 15 KB
16 KB 123ms
39ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:01:11 GMT
x-content-type-options: nosniff
age: 413
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Apr 2024 02:01:11 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/6950847046367072469/ Frame 4E12 832 B
859 B 38ms
38ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6950847046367072469/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

600a1dfa177394bf4957dface01929f7e69677b483a014f155d286fdf10e9063

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 10:18:09 GMT
x-content-type-options: nosniff
age: 316195
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 832
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 19:48:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Apr 2024 10:18:09 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/2724091701197079474/ Frame 4E12 16 KB
16 KB 38ms
38ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2724091701197079474/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2fe81f88785cf19b9a88b00cc5ccadd056d921d1b731db35f7689ae8bb414fb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 14:31:23 GMT
x-content-type-options: nosniff
age: 41801
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16754
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 20:29:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 Apr 2024 14:31:23 GMT

GET
DATA 200
OK truncated
/ Frame 4E12 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85ccd85b4e7d6dcab329b2c4c7d084ca5ff392e935794491601452ef0eea1e9d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4E12 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 372a3186cdfa2b7a80c939a0496851ab0519c9b8cb656609fb902168ee053a8b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 dpixel
cms.quantserve.com/ Frame 0EA3 35 B
465 B 52ms
8ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP5tuAZy92rpIv-G7pXtlLw&google_cver=1&google_push=Aer7DvKUmmmigY-ECbXGTo43JvylGZwCD4z8ddWDyH42SEyeMsdo3DNwQaJFzaYGwS4iLzWCZU0dgr1a24weFjffDEjrwBzpjlGpKIHW

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0EA3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAKNNKszrJ-RaamQlbQNzGE&google_push=Aer7DvLykeRT6irZ5M2gwvve-ezBTrQtWxFeCx430jB4cyxjfeSIDTeHbG...

170 B
232 B

49ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAKNNKszrJ-RaamQlbQNzGE&google_push=Aer7DvLykeRT6irZ5M2gwvve-ezBTrQtWxFeCx430jB4cyxjfeSIDTeHbGbB6t7mhaKJYBQnOvqDY8xvmTud89rmzKMDx29CI1wRSB5h

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230034-FRA
pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1681783684.293586,VS0,VE98
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAKNNKszrJ-RaamQlbQNzGE&google_push=Aer7DvLykeRT6irZ5M2gwvve-ezBTrQtWxFeCx430jB4cyxjfeSIDTeHbGbB6t7mhaKJYBQnOvqDY8xvmTud89rmzKMDx29CI1wRSB5h
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 0EA3 0
173 B 62ms
18ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEJow7xoFuguHlaOYn5uAfQ0&google_cver=1&google_push=Aer7DvLzXaa7kBP7zpogFhECz0zOu7pcEzxn3eG9WWBG8rH4ywfoIW6_h3h8nnWDx3zGoaBhFh0C5s-ypnyEyPLAkm6exKaMrzUSN6zq
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 0EA3 0
98 B 57ms
20ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAer7DvIN-yfBWEunQ7VJfrnXgzHXALNpQGLD6VH-jGPJyjbKr5wmZB4SFgBzope50t8cxAWmq8WBp4H1bsUbYbDthEQBktExlW0_IjFZ&google_gid=CAESELfBL6rDE4wtJrbazU2JeFI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0EA3
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELFaUT4_WwwLRLBp9MjnxEY&google_cver=1&google_push=Aer7DvJAv3yedTuEtmnoBIsRpjR9dXOJOA1LvSG2f-4qIcapDgsfQF9odE_ACDKzXpEnIZOLaYIuCDmoH9byX70C4W8j6oF...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJAv3yedTuEtmnoBIsRpjR9dXOJOA1LvSG2f-4qIcapDgsfQF9odE_ACDKzXpEnIZOLaYIuCDmoH9byX70C4W8j6oFlaQRMJ6Rr&google_hm=eS1HMXU1bTFWRTJwRW...

170 B
232 B

48ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJAv3yedTuEtmnoBIsRpjR9dXOJOA1LvSG2f-4qIcapDgsfQF9odE_ACDKzXpEnIZOLaYIuCDmoH9byX70C4W8j6oFlaQRMJ6Rr&google_hm=eS1HMXU1bTFWRTJwRWdULmE2N1ZjZjRpSUxzN0lHY21Id35B

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 18 Apr 2023 02:08:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aer7DvJAv3yedTuEtmnoBIsRpjR9dXOJOA1LvSG2f-4qIcapDgsfQF9odE_ACDKzXpEnIZOLaYIuCDmoH9byX70C4W8j6oFlaQRMJ6Rr&google_hm=eS1HMXU1bTFWRTJwRWdULmE2N1ZjZjRpSUxzN0lHY21Id35B
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 0EA3 42 B
213 B 69ms
20ms Image
image/gif 34.160.236.64
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEA4BUA5gUENHo30WG0uKwj0&google_push=Aer7DvJVjscAW-Rw4T0FQ_pT02yDA-Ot_8PuoCwrFOAuKGA5_rA_VBLRO2MsUGIMTOjXluACiVN-3oVxYvfrwfBBfFktKJt8TtEwJtzy&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.236.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.236.160.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 google
last-modified: Tue, 28 Jun 2022 14:08:50 GMT
server: nginx
etag: "62bb0b72-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0EA3
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJwJ54D8oWJH04vywxmzqTg&google_cver=1&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS_z...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJwJ54D8oWJH04vywxmzqTg&google_cver=1&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsW...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkyNTMxODk4OTM0MTg3NDAzMg&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS...

170 B
232 B

48ms
46ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkyNTMxODk4OTM0MTg3NDAzMg&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS_zwGLqdi1WZSjCIE_pwOmSTnVq

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkyNTMxODk4OTM0MTg3NDAzMg&google_push=Aer7DvI_JLiYGVLh7tGjVlh6bw1zjK93sLpf1oiXw3wK-Jp7bz1w2GbFwUi5QexPIi-FbIVnFsWsKS_zwGLqdi1WZSjCIE_pwOmSTnVq
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 0EA3 0
139 B 146ms
45ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IGp-sWNKquEDwgocJCQrAcsO_YecVFqpJyxuXb-R1IIHEA-dIunnIO7Tcv0KshuP_sqBny

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UllZWElxdzExUE9BTGk1&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cver=1&google_push=Aer7DvI77nnerHE5B91ZaLOjl0BaZ_evxXmrI3JjQfo-5G6...

170 B
232 B

48ms
47ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UllZWElxdzExUE9BTGk1&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cver=1&google_push=Aer7DvI77nnerHE5B91ZaLOjl0BaZ_evxXmrI3JjQfo-5G6L0Q2xwiHDZ1WZ9o4cud8CDp_Lf4y6wrSB0A5mLFghEJnTADjWLd2fFgA

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 18 Apr 2023 02:08:04 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-03d536d47c7b38dcc@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UllZWElxdzExUE9BTGk1&google_gid=CAESEEtgMJEzOiOU-NR8x9zmAG4&google_cver=1&google_push=Aer7DvI77nnerHE5B91ZaLOjl0BaZ_evxXmrI3JjQfo-5G6L0Q2xwiHDZ1WZ9o4cud8CDp_Lf4y6wrSB0A5mLFghEJnTADjWLd2fFgA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFA_sJRd1v9URXTec72xEg0&google_push=Aer7DvIySJg-HMTxC46aJ0yuzalU9rpMMYkwwCc2Z38SvxGRzLq0-ofzAy...

170 B
232 B

49ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFA_sJRd1v9URXTec72xEg0&google_push=Aer7DvIySJg-HMTxC46aJ0yuzalU9rpMMYkwwCc2Z38SvxGRzLq0-ofzAyKmci_d2E9AS3a2y4s3BQoiKdayP37OmaCPhTfp6belRgo

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230034-FRA
pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1681783684.293651,VS0,VE94
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFA_sJRd1v9URXTec72xEg0&google_push=Aer7DvIySJg-HMTxC46aJ0yuzalU9rpMMYkwwCc2Z38SvxGRzLq0-ofzAyKmci_d2E9AS3a2y4s3BQoiKdayP37OmaCPhTfp6belRgo
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESED56HO75qWJVGLdKbhvvlUw&google_cver=1&google_push=Aer7DvKdjPmW-YlnN-SnEiPAlokguvYT6lWvaVTq9wmbiUP_7Lw75D7SAR5vJoNfap23Ztzf0hE-DDGUmzu...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKdjPmW-YlnN-SnEiPAlokguvYT6lWvaVTq9wmbiUP_7Lw75D7SAR5vJoNfap23Ztzf0hE-DDGUmzuIvuYdtSYDea0-zsgK3OA&google_hm=JWFwv7M1TpmgpgR5y...

170 B
329 B

90ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKdjPmW-YlnN-SnEiPAlokguvYT6lWvaVTq9wmbiUP_7Lw75D7SAR5vJoNfap23Ztzf0hE-DDGUmzuIvuYdtSYDea0-zsgK3OA&google_hm=JWFwv7M1TpmgpgR5y_oZuqE

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKdjPmW-YlnN-SnEiPAlokguvYT6lWvaVTq9wmbiUP_7Lw75D7SAR5vJoNfap23Ztzf0hE-DDGUmzuIvuYdtSYDea0-zsgK3OA&google_hm=JWFwv7M1TpmgpgR5y_oZuqE
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEgoGxsYWLQ-Mtsk56rD_R4&google_cver=1&google_push=Aer7DvIsOpI61E6cu-HVKukuFl0TsXtImDJMx5_oeeFdCTHZlZvErMf1IMYOlDqotT0gHoonWEPKhTKgpIabwc...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIyMzIwNTkyMTczMTM3NzMwMA%3D%3D&google_push=Aer7DvIsOpI61E6cu-HVKukuFl0TsXtImDJMx5_oeeFdCTHZlZvErMf1IMYOlDqotT0gHoonWEPKhTKgpIabwcJJe_...

170 B
232 B

111ms
49ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIyMzIwNTkyMTczMTM3NzMwMA%3D%3D&google_push=Aer7DvIsOpI61E6cu-HVKukuFl0TsXtImDJMx5_oeeFdCTHZlZvErMf1IMYOlDqotT0gHoonWEPKhTKgpIabwcJJe_xQY-cfjZ5XtA

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIyMzIwNTkyMTczMTM3NzMwMA%3D%3D&google_push=Aer7DvIsOpI61E6cu-HVKukuFl0TsXtImDJMx5_oeeFdCTHZlZvErMf1IMYOlDqotT0gHoonWEPKhTKgpIabwcJJe_xQY-cfjZ5XtA
Date: Tue, 18 Apr 2023 02:08:04 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELWmesks_x6hqGgU928F4ZY&google_cver=1&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESELWmesks_x6hqGgU928F4ZY&google_cver=1&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrF...
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=4f0d5727-596c-4b6e-8579-d056f6b76156&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5hS49xL5drPY&google_hm=BGCidmZ0QpamHyNzWfqM...

170 B
188 B

46ms
46ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5hS49xL5drPY&google_hm=BGCidmZ0QpamHyNzWfqMag==

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aer7DvIGq_wg8cNA5IMtaWJDi8qedbieq3DPKA8i0CMcjsjpwTr4oIVuc-UhrrIRTj63pzZ4bziA0cNT_L1lrFSeChE5hS49xL5drPY&google_hm=BGCidmZ0QpamHyNzWfqMag==
date: Tue, 18 Apr 2023 02:08:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPa9LPJToME5p3s6xbyMSDc&google_cver=1&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hniM...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPa9LPJToME5p3s6xbyMSDc&google_cver=1&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc2NTEwMjE1NjYwNjA5MTY5OQ&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hn...

170 B
232 B

47ms
47ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc2NTEwMjE1NjYwNjA5MTY5OQ&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hniMgPlw1nIGpGXmgNchZdhxYs8

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mjc2NTEwMjE1NjYwNjA5MTY5OQ&google_push=Aer7DvKT7uSkMtc-wX57ogHlOcD5d8O5mJeGLW6lMyIGRDhkiEblsTzBNG23BTXo2YUOg5pFOUO3hniMgPlw1nIGpGXmgNchZdhxYs8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4A2A
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEA6cDYc25Fdq1JMYm3UXz2g&google_cver=1&google_push=Aer7DvJBgDSnWUXUTJRv0pdVL3OuTYvJuN6_O-_Dm8uFma4QfqS_AQXk9vMB7L4G0yDZTH_z8b2jFwesF15Y...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvJBgDSnWUXUTJRv0pdVL3OuTYvJuN6_O-_Dm8uFma4QfqS_AQXk9vMB7L4G0yDZTH_z8b2jFwesF15Ygz5U73j9QL3xSCULlss

170 B
232 B

113ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvJBgDSnWUXUTJRv0pdVL3OuTYvJuN6_O-_Dm8uFma4QfqS_AQXk9vMB7L4G0yDZTH_z8b2jFwesF15Ygz5U73j9QL3xSCULlss

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvJBgDSnWUXUTJRv0pdVL3OuTYvJuN6_O-_Dm8uFma4QfqS_AQXk9vMB7L4G0yDZTH_z8b2jFwesF15Ygz5U73j9QL3xSCULlss
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4A2A 0
40 B 145ms
46ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LjRyh6VQGhTzJNGkkPWX6CCUjKx-hXp-Tl2RCiIzCwNORx7msB8YY5WAsBr1ZxVmcoPzW4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C444 15 KB
16 KB 76ms
48ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:01:11 GMT
x-content-type-options: nosniff
age: 413
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Apr 2024 02:01:11 GMT

GET
H3 200 MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js Show response
pagead2.googlesyndication.com/bg/ Frame 89E3 36 KB
14 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=280&adk=1315944321&adf=2279221826&pi=t.aa~a.509917982~i.25~rp.4&w=630&fwrn=4&fwrnh=100&lmt=1681783683&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8791289769&ad_type=text_image&format=630x280&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rh=158&rw=630&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683586&bpp=1&bdt=1402&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280&nras=3&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=2065&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=tPia12EzKK&p=https%3A//securityaffairs.com&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 13:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14288
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 13:05:49 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EE18 1 KB
643 B 35ms
35ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 17 Apr 2023 11:06:46 GMT
etag: 48472445140208031
expires: Tue, 18 Apr 2023 11:06:46 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D0D 36 KB
14 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 13:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14288
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 13:05:49 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame EE18 0
104 B 104ms
27ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEM3oYKqlgdbU_y50dqfJKt0&google_cver=1&google_push=Aer7DvJpR02AL6XnW15WuwvP5htS3T5ADjAJMSqTp5ffGN0YYGS019ugFLP1clRx6gVD90PxLtcIkABIplB9js1YE8dPXPH_QIAThK5T
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&h=600&adk=2697633112&adf=1762069438&pi=t.aa~a.2641062588~rp.3&w=300&fwrn=4&fwrnh=100&lmt=1681783683&rafmt=1&to=qs&pwprc=8791289769&format=300x600&url=https%3A%2F%2Fsecurityaffairs.com%2F144927%2Fcyber-crime%2Fqbot-campaign-april-2023.html&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681783683613&bpp=1&bdt=1429&idt=1&shv=r20230413&mjsv=m202304130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D073a65e5c7341550-220923f09bdd00a0%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ&gpic=UID%3D00000bd7f05bdddb%3AT%3D1681783682%3ART%3D1681783682%3AS%3DALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A&prev_fmts=0x0%2C630x280%2C630x280&nras=4&correlator=1113155451314&frm=20&pv=1&ga_vid=1870748947.1681783683&ga_sid=1681783683&ga_hid=1330464881&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=980&ady=1382&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21065725&oid=2&pvsid=4490632412454305&tmod=485038453&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=fNinhS3Yr8&p=https%3A//securityaffairs.com&dtd=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EE18
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAQCNwj89JLvawwxxU-gJSE&google_push=Aer7DvL9wP7wV3_-8Jzy4HqOqPypktdreuZRez92BWRmdCR7JK0pG553Fg...

170 B
188 B

45ms
45ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAQCNwj89JLvawwxxU-gJSE&google_push=Aer7DvL9wP7wV3_-8Jzy4HqOqPypktdreuZRez92BWRmdCR7JK0pG553FgNSb7DTPsPcMeV5dmFqISO9XzFnR6jOcQnVLdEDjV_SyuK6

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230034-FRA
pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1681783684.395575,VS0,VE90
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAQCNwj89JLvawwxxU-gJSE&google_push=Aer7DvL9wP7wV3_-8Jzy4HqOqPypktdreuZRez92BWRmdCR7JK0pG553FgNSb7DTPsPcMeV5dmFqISO9XzFnR6jOcQnVLdEDjV_SyuK6
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EE18
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJ41H7vE4q110XZuJhiYpzA&google_cver=1&google_push=Aer7DvJhb1yj4hDGIrqkDIz3CgK3Bwj9B_3YnQ1MHTH-2CO_mHzYabphhvtyo4Tr-TlWdyLTPg_x9oZMRX5g928wJHpLJzw5l68ECXPw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=179AB9724AB544D3832E6293BD63A04C&google_push=Aer7DvJhb1yj4hDGIrqkDIz3CgK3Bwj9B_3YnQ1MHTH-2CO_mHzYabphhvtyo4Tr-TlWdyLTPg_x9oZMRX5g928...

170 B
232 B

48ms
48ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=179AB9724AB544D3832E6293BD63A04C&google_push=Aer7DvJhb1yj4hDGIrqkDIz3CgK3Bwj9B_3YnQ1MHTH-2CO_mHzYabphhvtyo4Tr-TlWdyLTPg_x9oZMRX5g928wJHpLJzw5l68ECXPw

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 18 Apr 2023 02:08:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=179AB9724AB544D3832E6293BD63A04C&google_push=Aer7DvJhb1yj4hDGIrqkDIz3CgK3Bwj9B_3YnQ1MHTH-2CO_mHzYabphhvtyo4Tr-TlWdyLTPg_x9oZMRX5g928wJHpLJzw5l68ECXPw
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 17 Apr 2023 02:08:04 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EE18
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEF6TKD59smzFsTyOY6Us61I&google_cver=1&google_push=Aer7DvKkO7mBfsrfrRCsftTopPEHC_ErOKZLemOJxbZ9u54ftqrKFDZr9DXN7lrDwlCHMqO5PnXzzARWX6J...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKkO7mBfsrfrRCsftTopPEHC_ErOKZLemOJxbZ9u54ftqrKFDZr9DXN7lrDwlCHMqO5PnXzzARWX6JK35kyVuKOYz-F_BBnDIok&google_hm=JWFwv7M1TpmgpgR5...

170 B
232 B

47ms
47ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKkO7mBfsrfrRCsftTopPEHC_ErOKZLemOJxbZ9u54ftqrKFDZr9DXN7lrDwlCHMqO5PnXzzARWX6JK35kyVuKOYz-F_BBnDIok&google_hm=JWFwv7M1TpmgpgR5y_oZuqE

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvKkO7mBfsrfrRCsftTopPEHC_ErOKZLemOJxbZ9u54ftqrKFDZr9DXN7lrDwlCHMqO5PnXzzARWX6JK35kyVuKOYz-F_BBnDIok&google_hm=JWFwv7M1TpmgpgR5y_oZuqE
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EE18
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOEoMsffBdnAQ8SM4_OUxYI&google_cver=1&google_push=Aer7DvK0_LdHY-iyvP4EDa-XJt1sOyTxOrmxJ0YQS5AOHARcihOVqshNP3jbvCJu2lgTYJHBPebW7nEQy1UTkX...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=Aer7DvK0_LdHY-iyvP4EDa-XJt1sOyTxOrmxJ0YQS5AOHARcihOVqshNP3jbvCJu2lgTYJHBPebW7nEQy1UTkXNeCrKA3gHW6WmJr5w&google_hm=hmQ9-4QV-KLnFx...

170 B
232 B

47ms
47ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=Aer7DvK0_LdHY-iyvP4EDa-XJt1sOyTxOrmxJ0YQS5AOHARcihOVqshNP3jbvCJu2lgTYJHBPebW7nEQy1UTkXNeCrKA3gHW6WmJr5w&google_hm=hmQ9-4QV-KLnFxLPlQ&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D643DFB8415F8A2E71712CF95BLIS

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=Aer7DvK0_LdHY-iyvP4EDa-XJt1sOyTxOrmxJ0YQS5AOHARcihOVqshNP3jbvCJu2lgTYJHBPebW7nEQy1UTkXNeCrKA3gHW6WmJr5w&google_hm=hmQ9-4QV-KLnFxLPlQ&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D643DFB8415F8A2E71712CF95BLIS
date: Tue, 18 Apr 2023 02:08:04 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EE18
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEJ06nkl4EMexkE5TgKsVYkk&google_cver=1&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkR...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJ06nkl4EMexkE5TgKsVYkk&google_cver=1&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMK...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkRdvQjWXkmv

170 B
188 B

46ms
45ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkRdvQjWXkmv

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aer7DvIWfCmLYZjLsl2iesE2G0XxYY3X1AnKBgNSpMSuoW56eLPoAUeUIaIqo29yddMAuJdJydhUCjSIKHIrH5D-wuRMKkRdvQjWXkmv
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EE18
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFTqHnaeB4iy6fDZXG7jQqE&google_cver=1&google_push=Aer7DvKI4ckbpD9a5K7ArRZiVWO0YJdjwG58yQ08EVKctf__jScNIOW_DLYfRQH9bAFA_T7025m...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdMTUwwMEYtMTktTDBFUA==&google_push=Aer7DvKI4ckbpD9a5K7ArRZiVWO0YJdjwG58yQ08EVKctf__jScNIOW_DLYfRQH9bAFA_T7025m9biHtWM5tC0fc6vwWjNqIfEmxCzoM

170 B
232 B

48ms
47ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdMTUwwMEYtMTktTDBFUA==&google_push=Aer7DvKI4ckbpD9a5K7ArRZiVWO0YJdjwG58yQ08EVKctf__jScNIOW_DLYfRQH9bAFA_T7025m9biHtWM5tC0fc6vwWjNqIfEmxCzoM

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdMTUwwMEYtMTktTDBFUA==&google_push=Aer7DvKI4ckbpD9a5K7ArRZiVWO0YJdjwG58yQ08EVKctf__jScNIOW_DLYfRQH9bAFA_T7025m9biHtWM5tC0fc6vwWjNqIfEmxCzoM
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 54ae5f20a7acdd83fd00ddb00e96a2c1
Expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame EE18 0
49 B 46ms
45ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K_SwdJLzBweLigU6e32ZVSK-979UBPSaWmpUE_Qqjh9-Zofolp5eBha8DnPx1pMBjyY13N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:08:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 4E12 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d45cbfcf6ff12ca5bf1fca13637883da152840f520c4547c12fc5d635190683d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v46/ Frame 4E12 29 KB
29 KB 39ms
38ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 21:54:53 GMT
x-content-type-options: nosniff
age: 15191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29728
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 16:59:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Apr 2024 21:54:53 GMT

GET
H3 200 MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js Show response
pagead2.googlesyndication.com/bg/ Frame CA54 36 KB
14 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 13:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14288
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 13:05:49 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 72ms
71ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230413&jk=4490632412454305&bg=!FhWlFUHNAAZA7GLoYOw7ADkAdvg8WrIj4mLUIpiLc0InPxOHOAsetp1AafCbXKM87Z_3ABPupEh_YWDB9psqpUuEXU-vA7Ozx4YCAAAAllIAAAADaAEHCgBxRjjqAwlPLGMtjGfSLwEhKMM3e_O7oLFAhJomJQjGT96brTPNzIzhf9LdbGXDvOWfZ3jpEXX3QxoVgS-xkBJrjPAZM8nSPrtyonulFjDiJ4jKZxsp0A58rGmg9WaU25hLd3IlDQNxo3n2VQes16zASpCZAtXCGXUJnUXEIJn0JN_wGl4sdyHkgShyS6WfdLCG6jc0c0wo3XI2sknPPWkAtu7C5NypFMCrksw5Q4ymVUW2RfJtoIsrk-duQvDXSw628Gf--8zbUnTUuatuvPwRNCEP7nmVwuiple3sdiEthF53rIPfS9ZUOVW1kc-u1bA7f6vokiuOjWd8cRTTDsFAOwvpff4KIOfQxmnIS-j-K0QQ8G3FtMuLImjxbos43xKT0bd1Y0vWkIhVV_fkZ7Rj828RtdLrAPQ6HpvlbOMk6d1jf7dP_3StNQ88IhCGO_GStxao47yFmgXJX3ZCejak7zBPCconmSgtyWm8Px1VrgtY4daaMd35C_fMEgigQeOda4aqarBCze40gF2Vjghc_jciSCttx6ny3B8xcfYo5Vk_6vuFizb4KIeHKf8gvVDbMyN0cTwfPLbQ18JCcycfQWRP6D15Us81p8991aHywRj-gOwg-uzRe1UAMZUOcsiuoqi5-vYSitCQDnGl_lm6aCkTDm7k6Ok4ggDELMWPWGTp-rUel5TIUwSlnaaZ7zLVKR8ZMC9xoMwbla7xBd5SaHKMX5VjOtGv7C4W9IlMzpdqkvm81VW8plVJguV6pT6oKw4T97MX9uyjXYbtnRUyRfPJJFhOl9q1yuxD7n44qShDhNsFsX4ecdBXw_zwYiBc4L8JARMkelJlXtUCqdKUaworPRxgmz1BA4CYYB56HdTBomHsnFiTGiUgMtRoaO5cWI2sdgARHH7vL4RhmyTmTS2Czg_-xTLZhVsRwxDxg8RnbDg09Y1p6uubRvGJnig7RdS3N6UnNgijp2jKX8OsNEzlLLenZPD8-tkCT_dgOlzsn3AemrWUZM3BISJ4CqWIcNwo1MiIXywH0MjmSTdF6rB0Q2_X-OzDlQ6dTxpdRt3xq-WVCFwtU_bFkJRyXKNfdLe2b08_IjjsMFQqaRZ0y_Ye2sCOaw2COQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://securityaffairs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=540fd913fdda078d6087769568ea9bcb

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
securityaffairs.com/	1970-01-20 19:55:19	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.com/	1970-01-20 19:55:19	Name: cookielawinfo-checkbox-non-necessary Value: yes
.securityaffairs.com/	1970-01-20 20:45:43	Name: _ga_NPN4VEKBTY Value: GS1.1.1681783682.1.0.1681783682.60.0.0
.securityaffairs.com/	1970-01-20 20:45:43	Name: _ga Value: GA1.1.1870748947.1681783683
.securityaffairs.com/	1970-01-20 20:45:43	Name: _ga_P62M3QN974 Value: GS1.1.1681783682.1.0.1681783682.0.0.0
.securityaffairs.com/	1970-01-20 20:31:19	Name: __gads Value: ID=073a65e5c7341550-220923f09bdd00a0:T=1681783682:RT=1681783682:S=ALNI_MZ7AryUsF_bi9yDGvtWhGi20nvkrQ
.securityaffairs.com/	1970-01-20 20:31:19	Name: __gpi Value: UID=00000bd7f05bdddb:T=1681783682:RT=1681783682:S=ALNI_Mat5bdR8TLJluMNzXkVqVtX6K7r6A
.doubleclick.net/	1970-01-20 11:09:47	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 20:31:19	Name: IDE Value: AHWqTUl3NPNrqgWN2PL7kSzkpk0I3vtLcK3d-tUbB_EC_t5w00F5Ib74uPpzoFI_xU8
.adfarm1.adition.com/	1970-01-20 13:19:19	Name: UserID1 Value: 7223205921731377300
.quantserve.com/	1970-01-20 13:19:19	Name: d Value: EFQBCQHkKIEA
.quantserve.com/	1970-01-20 20:39:58	Name: mc Value: 643dfb84-495d9-17aa1-98f6c
.ctnsnet.com/	1970-01-20 19:55:19	Name: gid_CAESED56HO75qWJVGLdKbhvvlUw Value: 1
.blismedia.com/	1970-01-20 19:55:23	Name: b Value: 643DFB8415F8A2E71712CF95BLIS
.w55c.net/	1970-01-20 20:39:58	Name: wfivefivec Value: RYYXIqw11POALi5
.w55c.net/	1970-01-20 11:52:55	Name: matchgoogle Value: 5
.adform.net/	1970-01-20 11:52:55	Name: C Value: 1
.yahoo.com/	1970-01-20 19:55:41	Name: A3 Value: d=AQABBIT7PWQCEDJLpH58BQ6zjw4ROGStBa8FEgEBAQFNP2RHZAAAAAAA_eMAAA&S=AQAAAr-lh13KsjPut20IvfP9Nmo
.adform.net/	1970-01-20 12:36:07	Name: uid Value: 2765102156606091699
.ctnsnet.com/	1970-01-20 19:55:19	Name: gid_CAESEF6TKD59smzFsTyOY6Us61I Value: 1
.ctnsnet.com/	1970-01-20 19:55:19	Name: cid Value: 256170bfb3354e99a0a60479cbfa19ba
.simpli.fi/	1970-01-20 19:56:46	Name: suid Value: 179AB9724AB544D3832E6293BD63A04C
.bidswitch.net/	1970-01-20 19:55:19	Name: tuuid Value: 0460a276-6674-4296-a61f-237359fa8c6a
.bidswitch.net/	1970-01-20 19:55:19	Name: c Value: 1681783684
.bidswitch.net/	1970-01-20 19:55:19	Name: tuuid_lu Value: 1681783684
.de17a.com/	1970-01-20 19:48:07	Name: guid Value: 1.4895412335969172932
.everesttech.net/	1970-01-20 19:55:19	Name: everest_g_v2 Value: g_surferid~ZD37hAADkH6HlABL
.scoota.co/	1970-01-20 20:45:43	Name: tuuid Value: 4f0d5727-596c-4b6e-8579-d056f6b76156
.scoota.co/	1970-01-20 20:45:43	Name: c Value: 1681783684
.scoota.co/	1970-01-20 20:45:43	Name: tuuid_lu Value: 1681783684

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html(Line 314) Message: Mixed Content: The page at 'https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=540fd913fdda078d6087769568ea9bcb'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html(Line 315) Message: Mixed Content: The page at 'https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=540fd913fdda078d6087769568ea9bcb'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html(Line 316) Message: Mixed Content: The page at 'https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html(Line 317) Message: Mixed Content: The page at 'https://securityaffairs.com/144927/cyber-crime/qbot-campaign-april-2023.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=540fd913fdda078d6087769568ea9bcb'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAer7DvIN-yfBWEunQ7VJfrnXgzHXALNpQGLD6VH-jGPJyjbKr5wmZB4SFgBzope50t8cxAWmq8WBp4H1bsUbYbDthEQBktExlW0_IjFZ&google_gid=CAESELfBL6rDE4wtJrbazU2JeFI&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230413/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271802&client=ca-pub-4918072057181794&fa=2&ifi=6&uci=a!6&btvi=4&xpc=Hh1AtNF9ir&p=https%3A//securityaffairs.com Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A400%2C700 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
buttons-config.sharethis.com
c1.adform.net
cm.g.doubleclick.net
cms.quantserve.com
d5p.de17a.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
i0.wp.com
id.rlcdn.com
l.sharethis.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pixel.wp.com
platform-api.sharethis.com
pm.w55c.net
pr-bh.ybp.yahoo.com
r.scoota.co
region1.analytics.google.com
region1.google-analytics.com
secure.gravatar.com
securityaffairs.com
stats.g.doubleclick.net
stats.wp.com
sync-tm.everesttech.net
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
fonts.googleapis.com
13.32.99.78
142.250.181.226
151.101.130.49
18.198.62.230
192.0.76.3
192.0.77.2
2001:4860:4802:32::36
213.155.156.167
2600:9000:224a:5a00:c:abe:f440:93a1
2606:4700:3031::ac43:8cd3
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:802::2003
2a00:1450:4001:806::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:400c:c00::9b
2a02:fa8:8806:20::2010
2a04:fa87:fffe::c000:4902
2a05:d018:d29:3602:f48d:cf88:c413:b006
3.121.88.215
34.160.236.64
34.96.105.8
35.186.193.173
35.204.74.118
35.244.174.68
37.157.3.28
51.75.86.98
52.28.153.196
54.247.79.230
69.173.144.165
85.114.159.93
0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b
02fb5a960b6817695b363d2294c0945cc75bf10cd17e5a03b3ff68229b9f0d77
04d6b01d34ab1ecd2831d04d07ec175fc72f542a22599601c0783fa6fe6b46f8
05ee926cc9bf2039ad93af941a67d23d84bd78ecd9d6ef53ff85eeaf744cbd89
0b257bab053fe634db0d2846013162c34deb86c8332725856b9ee8e4aa56dc7c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f0d14e678c7dd5f443e5810048090a0a12ac42e474c478b948a8d44c7f6a4d1
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1009b5a8852ca3fdbdacabac3778cf9dea8f91a58d36466a5fe20d0441ead1f7
12062757f7afd3465861b81180b44b65476545f41d920fe978d95cc258ceef52
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
17bddcb93183548217695ffc798be0ad8affaaa7ec1b07f363185f3f68516a12
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1ae367420c242e83f64dd6cba96fca46a5285d40116c0e849c7752d40303c1ab
1eff8c9e2b8d23c216ab416b7d15949fedb249ad7710918248204396e8580a60
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2503c5349f739c4f93395ec839d25203b93da998d861ee17aadbaa1d75997032
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5
28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431
28d4e0404bf8af1ce6f75c38c85875d5a7811f1bd3c69a9b22a2cdcc1403469a
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
2fe81f88785cf19b9a88b00cc5ccadd056d921d1b731db35f7689ae8bb414fb5
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031
3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11
372a3186cdfa2b7a80c939a0496851ab0519c9b8cb656609fb902168ee053a8b
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
51df3ca60fafe5df2786ce34c4b6dff5af9bb0a061f1808783f65bb1016e016d
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5695b25efe49d302f8e67b90c70d0f77ba676fefdb6f7c8c2981b60c671027fd
57d7c6f77519306c68c89483b09f8306011df700bc9d49f224bae14f78d4067a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
600a1dfa177394bf4957dface01929f7e69677b483a014f155d286fdf10e9063
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66d1694c65fb8e85de0f6bab20482b88e7d4755fb81bfba0ef6e71e8ae5b1421
70dde362896983ec57f5616c96f890fc5bf33d9f23611949ce09a4d5e6a9cdab
734c41c73534400cdb92220d0300d3205d7ae3b53b5bcfe03082802ff93c408e
73e52be898a7afbbfa119fdb5a95ca82c2b914da8d756404f7e5c7e0b6ff1928
751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45
76c2859eb7ed829b130f73bffffbcb03b11b56ec350fc1c619b02a8fcbb3b19f
78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e
7c11433c4dc7cf18972c22ca0f2cf78493b92aaf89bab4dab47c6c9b6c551d50
7c4baf058901663c6879894c0067cf923fa200cb95a0a4c25b1471a62c2a63c8
7fc530140ea92ef4167e5fe52d6e7276aa62f0fe9e25681fcb5f576afb37e794
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
85ccd85b4e7d6dcab329b2c4c7d084ca5ff392e935794491601452ef0eea1e9d
8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4
914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96
91e20b27fc6897e61a2929f66ccb0886932dac31b3745ce09a8e805692df41dd
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254
9954fd915cba5a934f306c294f3a3c50bf1bd99649d180343933c20fa420f462
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a37deb9dd04cdebb5a80730395780332c03ec667693b3ddb06d8983157679d64
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ea1f3c6951b71eb83050cd630f9c7c1c736b5b277d38a0e4465d80a5e53d4d
a93c1ac24fad6ffb0de84e1f56b111e8b177d68a2948ffe1c87d9c02bb68b2d1
aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56
b0b906ad5b7a86987e24516907e1869f3dc32831385adcf9b78fd7426e99f368
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be
b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31
b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b9004ee639c9ce710e32cbbd8c25731737c5b6dfcdfb5604bb6749a842849b53
b97186b3a8a4613e503dfa625811caad7f380ca86c614958b22aec7b445b0379
bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934
c3defb775c33173083cf2ae47997db8b3eeda97f4e61bf8daab8ef9c603eaf28
c5663a1ab2a975aedc88dbbf644d92980a966b614286321a39baac756077b738
c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33
cdc11c8cc0ec2477edbbb23408142058b9313d76f34dcf6714f731be20fcc6a5
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
d45cbfcf6ff12ca5bf1fca13637883da152840f520c4547c12fc5d635190683d
d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5
d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296
d7a1bdec6b5209de5be156a573409f2f9e30488cca22fb380d2234057c7973f1
d83dcdc82a44665d9062723adbeefcefd04515138f5ec969bb9fab7bb628b557
db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf
de80ffc9e2a1d62fe39240a14f34b9cbb9474be8c15865d1012f1cb85befc28a
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e2596aedd4a745bbed9ae470f15ea9fe12c56e448a1b5e7a65d3faefc9b8ff
ed37de922d856965e3699e56de611d21172161e3bbd8196e115ff6ed44d57bf4
ee86b02e97bfb8f83af87a4f7991c713e1e90dce091524c0c675b393091b6ff7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

securityaffairs.com Open in urlscan Pro 2606:4700:3031::ac43:8cd3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

179 Requests

89 %HTTPS

53 %IPv6

31 Domains

42 Subdomains

29 IPs

9 Countries

2490 kBTransfer

5573 kBSize

30 Cookies

23 Outgoing links

Redirected requests

179 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securityaffairs.com Open in urlscan Pro
2606:4700:3031::ac43:8cd3 Public Scan

Screenshot
Live screenshot

Full Image

179
Requests

89 %
HTTPS

53 %
IPv6

31
Domains

42
Subdomains

29
IPs

9
Countries

2490 kB
Transfer

5573 kB
Size

30
Cookies

179 HTTP transactions
8 data transactions