URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Submission: On May 02 via api from US — Scanned from DE

Summary

This website contacted 111 IPs in 12 countries across 101 domains to perform 493 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 315391.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2022. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:215... 16509 (AMAZON-02)
1 143.204.98.21 16509 (AMAZON-02)
1 29 23.35.228.23 16625 (AKAMAI-AS)
11 68.183.31.14 14061 (DIGITALOC...)
9 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 3.124.22.198 16509 (AMAZON-02)
1 2600:9000:205... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
8 92.123.224.108 20940 (AKAMAI-ASN1)
1 2 52.29.249.60 16509 (AMAZON-02)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 178.250.2.146 44788 (ASN-CRITE...)
1 51.195.5.234 16276 (OVH)
6 52.223.40.198 16509 (AMAZON-02)
3 5 185.33.221.53 29990 (ASN-APPNEX)
6 157.245.94.128 14061 (DIGITALOC...)
3 18 185.33.221.11 29990 (ASN-APPNEX)
4 204.237.133.116 3257 (GTT-BACKB...)
4 34.149.20.76 15169 (GOOGLE)
3 52.28.226.141 16509 (AMAZON-02)
4 18.195.0.245 16509 (AMAZON-02)
10 34.98.64.218 15169 (GOOGLE)
4 34.107.148.139 15169 (GOOGLE)
4 185.86.138.16 201081 (SMARTADSE...)
2 10 72.251.249.9 29791 (VOXEL-DOT...)
4 2602:803:c004... 26667 (RUBICONPR...)
4 178.162.133.150 60781 (LEASEWEB-...)
2 35.157.246.167 16509 (AMAZON-02)
1 2 46.249.52.249 50673 (SERVERIUS-AS)
1 66.155.71.149 13768 (COGECO-PEER1)
1 35.227.252.103 15169 (GOOGLE)
4 9 23.22.109.120 14618 (AMAZON-AES)
2 5.178.65.253 50673 (SERVERIUS-AS)
1 3 138.201.8.249 24940 (HETZNER-AS)
3 46.249.52.248 50673 (SERVERIUS-AS)
1 1 104.92.74.8 16625 (AKAMAI-AS)
4 23.205.235.133 16625 (AKAMAI-AS)
6 104.102.28.254 20940 (AKAMAI-ASN1)
3 10 23.35.236.247 16625 (AKAMAI-AS)
1 205.234.175.175 30081 (CACHENETW...)
1 51.89.9.251 16276 (OVH)
16 2606:4700:10:... 13335 (CLOUDFLAR...)
16 47 142.250.185.194 15169 (GOOGLE)
2 3 35.227.248.159 15169 (GOOGLE)
4 6 37.157.5.142 198622 (ADFORM)
1 2 2a04:4e42:200... 54113 (FASTLY)
1 2607:ae80:5::49 26558 (FREEWHEEL)
1 7 198.47.127.19 62713 (AS-PUBMATIC)
3 3 2a05:d018:24:... 16509 (AMAZON-02)
2 2 52.17.114.133 16509 (AMAZON-02)
4 5 18.198.126.47 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
2 2 85.114.159.118 24961 (MYLOC-AS ...)
2 3 34.111.131.239 15169 (GOOGLE)
1 185.15.245.80 24961 (MYLOC-AS ...)
3 5 34.249.222.239 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
2 54.76.15.137 16509 (AMAZON-02)
5 6 151.101.66.49 54113 (FASTLY)
1 1 23.35.228.210 16625 (AKAMAI-AS)
1 1 35.173.74.115 14618 (AMAZON-AES)
3 5 52.94.223.37 16509 (AMAZON-02)
1 104.89.42.102 16625 (AKAMAI-AS)
1 1 54.78.125.222 16509 (AMAZON-02)
3 4 69.173.144.138 26667 (RUBICONPR...)
3 5 52.46.130.91 16509 (AMAZON-02)
1 1 54.234.215.67 14618 (AMAZON-AES)
1 1 185.183.112.148 60350 (VP)
1 1 64.74.236.255 19024 (INTERNAP-...)
1 35.244.174.68 15169 (GOOGLE)
2 4 69.173.144.165 26667 (RUBICONPR...)
1 2 2a05:d018:d29... 16509 (AMAZON-02)
2 3 2620:1ec:22::14 8068 (MICROSOFT...)
38 2a00:1450:400... 15169 (GOOGLE)
1 18.66.97.109 16509 (AMAZON-02)
1 51.15.145.116 12876 (Online SAS)
2 2 74.121.143.245 30419 (MEDIAMATH...)
17 204.237.133.120 62713 (AS-PUBMATIC)
2 2 213.155.156.180 1299 (TWELVE99 ...)
6 185.64.190.80 62713 (AS-PUBMATIC)
1 178.250.0.163 44788 (ASN-CRITE...)
2 2 18.204.146.207 14618 (AMAZON-AES)
1 72.251.241.206 29791 (VOXEL-DOT...)
2 3 52.19.103.233 16509 (AMAZON-02)
1 5.161.47.120 213230 (HETZNER-C...)
1 1 23.88.75.186 24940 (HETZNER-AS)
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 195.5.165.20 44968 (IPROM-AS)
1 1 141.95.171.142 16276 (OVH)
2 2 51.210.112.63 16276 (OVH)
2 2 213.19.147.44 26120 (RHYTHMONE)
1 151.101.129.44 54113 (FASTLY)
5 198.47.127.20 62713 (AS-PUBMATIC)
4 4 141.94.170.77 16276 (OVH)
3 3.127.178.105 16509 (AMAZON-02)
3 4 169.50.137.184 36351 (SOFTLAYER)
1 1 2620:116:800d... 16509 (AMAZON-02)
2 3 18.156.0.31 16509 (AMAZON-02)
5 5 35.158.225.181 16509 (AMAZON-02)
1 1 193.0.160.129 54312 (ROCKETFUEL)
1 1 159.65.196.12 14061 (DIGITALOC...)
3 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 3 2001:678:cb4:... 56396 (AMOBEE)
1 66.155.71.150 13768 (COGECO-PEER1)
1 1 34.102.253.54 15169 (GOOGLE)
3 142.250.185.66 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
21 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
17 2a00:1450:400... 15169 (GOOGLE)
4 104.17.120.107 13335 (CLOUDFLAR...)
4 104.102.28.239 20940 (AKAMAI-ASN1)
1 67.202.105.21 32748 (STEADFAST)
6 142.251.36.66 15169 (GOOGLE)
2 2 51.178.20.139 16276 (OVH)
1 54.76.86.86 16509 (AMAZON-02)
2 104.89.28.165 16625 (AKAMAI-AS)
3 4 185.94.180.126 35220 (SPOTX-AMS)
4 4 3.120.46.173 16509 (AMAZON-02)
2 2 3.127.106.234 16509 (AMAZON-02)
2 178.162.133.149 60781 (LEASEWEB-...)
2 2 76.223.111.18 16509 (AMAZON-02)
1 1 104.45.178.220 8075 (MICROSOFT...)
1 185.86.137.108 201081 (SMARTADSE...)
2 169.197.150.8 398989 (DEEPINTENT)
4 4 35.157.46.192 16509 (AMAZON-02)
2 38.27.122.158 174 (COGENT-174)
4 4 35.201.96.126 15169 (GOOGLE)
2 204.237.133.247 3257 (GTT-BACKB...)
2 4 77.243.60.138 42697 (NETIC-AS)
2 54.229.167.98 16509 (AMAZON-02)
2 2 54.225.138.85 14618 (AMAZON-AES)
1 1 34.111.129.221 15169 (GOOGLE)
493 111
Apex Domain
Subdomains
Transfer
59 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 119 Failed
tpc.googlesyndication.com — Cisco Umbrella Rank: 171
727 KB
53 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 289
googleads.g.doubleclick.net — Cisco Umbrella Rank: 65
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 354
130 KB
47 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 669
ads.pubmatic.com — Cisco Umbrella Rank: 655
image6.pubmatic.com — Cisco Umbrella Rank: 857
simage2.pubmatic.com — Cisco Umbrella Rank: 912
image2.pubmatic.com — Cisco Umbrella Rank: 1403
image4.pubmatic.com — Cisco Umbrella Rank: 1417
simage4.pubmatic.com — Cisco Umbrella Rank: 1543
aud.pubmatic.com — Cisco Umbrella Rank: 7301
62 KB
44 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 315391
1 MB
33 media.net
contextual.media.net — Cisco Umbrella Rank: 786
lg3.media.net — Cisco Umbrella Rank: 4810
prebid.media.net — Cisco Umbrella Rank: 1781
cs.media.net — Cisco Umbrella Rank: 2876
285 KB
27 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 612
ib.adnxs.com — Cisco Umbrella Rank: 326
acdn.adnxs.com — Cisco Umbrella Rank: 853
87 KB
19 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 48262
cdn.pixfuture.com — Cisco Umbrella Rank: 61396
prebidserver.pixfuture.com — Cisco Umbrella Rank: 71951
503 KB
17 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 338
365 KB
17 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 663
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1419
eus.rubiconproject.com — Cisco Umbrella Rank: 829
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 3310
token.rubiconproject.com — Cisco Umbrella Rank: 1060
pixel.rubiconproject.com — Cisco Umbrella Rank: 478
27 KB
16 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 2283
mwzeom.zeotap.com — Cisco Umbrella Rank: 2208
5 KB
11 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 59311
rtb.openx.net — Cisco Umbrella Rank: 2213
u.openx.net — Cisco Umbrella Rank: 1045
us-u.openx.net — Cisco Umbrella Rank: 632
2 KB
11 wp.com
i0.wp.com — Cisco Umbrella Rank: 3393
stats.wp.com — Cisco Umbrella Rank: 3177
pixel.wp.com — Cisco Umbrella Rank: 2695
94 KB
10 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1405
s.amazon-adsystem.com — Cisco Umbrella Rank: 382
7 KB
10 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1860
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 901
11 KB
10 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 881
4 KB
9 google.com
adservice.google.com — Cisco Umbrella Rank: 128
www.google.com — Cisco Umbrella Rank: 20
2 KB
9 audrte.com
a.audrte.com — Cisco Umbrella Rank: 3239
12 KB
8 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 7749
s.e-planning.net — Cisco Umbrella Rank: 10601
u-ams02.e-planning.net — Cisco Umbrella Rank: 91440
i.e-planning.net — Cisco Umbrella Rank: 10706
4 KB
8 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1174
cms.analytics.yahoo.com — Cisco Umbrella Rank: 1597
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 738
ups.analytics.yahoo.com — Cisco Umbrella Rank: 420
4 KB
8 akamaihd.net
res-a.akamaihd.net — Cisco Umbrella Rank: 8789
58 KB
6 onaudience.com
pixel-eu.onaudience.com — Cisco Umbrella Rank: 13029
pixel.onaudience.com — Cisco Umbrella Rank: 4265
3 KB
6 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 955
2 KB
6 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1151
tags.crwdcntrl.net — Cisco Umbrella Rank: 2018
sync.crwdcntrl.net — Cisco Umbrella Rank: 962
13 KB
6 adform.net
dmp.adform.net — Cisco Umbrella Rank: 3301
c1.adform.net — Cisco Umbrella Rank: 950
3 KB
6 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 2860
sync.go.sonobi.com — Cisco Umbrella Rank: 1511
4 KB
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 447
2 KB
5 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 405
3 KB
5 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 9406
loada.exelator.com — Cisco Umbrella Rank: 27185
4 KB
5 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1801
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1716
2 KB
5 33across.com
ssc.33across.com — Cisco Umbrella Rank: 2373
ssc-cms.33across.com — Cisco Umbrella Rank: 1606
794 B
5 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 448
mug.criteo.com — Cisco Umbrella Rank: 1931
dis.criteo.com — Cisco Umbrella Rank: 974
2 KB
5 sharethis.com
ws.sharethis.com — Cisco Umbrella Rank: 11538
platform-api.sharethis.com — Cisco Umbrella Rank: 6215
l.sharethis.com — Cisco Umbrella Rank: 5772
buttons-config.sharethis.com — Cisco Umbrella Rank: 7297
51 KB
4 semasio.net
uipglob.semasio.net — Cisco Umbrella Rank: 1770
2 KB
4 fiftyt.com
visitor.fiftyt.com — Cisco Umbrella Rank: 6843
981 B
4 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 1443
3 KB
4 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 716
1 KB
4 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 744
2 KB
4 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 4075
5 KB
4 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1313
2 KB
4 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 39035
cr.frontend.weborama.fr — Cisco Umbrella Rank: 20076
1 KB
4 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2835
637 B
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 227
110 KB
3 google.de
adservice.google.de — Cisco Umbrella Rank: 5351
1 KB
3 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 940
1 KB
3 turn.com
ad.turn.com — Cisco Umbrella Rank: 1257
r.turn.com — Cisco Umbrella Rank: 4475
1 KB
3 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 4791
dclk-match.dotomi.com — Cisco Umbrella Rank: 5029
310 B
3 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1269
2 KB
3 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 783
2 KB
3 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 899
1 KB
3 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1783
sync.mathtag.com — Cisco Umbrella Rank: 680
2 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 662
usermatch.krxd.net — Cisco Umbrella Rank: 1936
942 B
3 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1794
1 KB
3 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 882
match.taboola.com — Cisco Umbrella Rank: 3369
591 B
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 658
769 B
3 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 2659
744 B
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1585
343 B
3 google-analytics.com
google-analytics.com — Cisco Umbrella Rank: 86
www.google-analytics.com — Cisco Umbrella Rank: 101
20 KB
2 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1676
1 KB
2 gumgum.com
rtb.gumgum.com — Cisco Umbrella Rank: 1724
417 B
2 bnmla.com
match.bnmla.com — Cisco Umbrella Rank: 2433
228 B
2 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1295
83 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 590
954 B
2 sportradarserving.com
a.sportradarserving.com — Cisco Umbrella Rank: 3741
1 KB
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1353
344 B
2 dyntrk.com
c.eu1.dyntrk.com — Cisco Umbrella Rank: 8211
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 789
741 B
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 1369
s.tribalfusion.com — Cisco Umbrella Rank: 3856
1 KB
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 1187
985 B
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 6491
637 B
2 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 2104
1 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 283
2 KB
2 sitescout.com
pixel.sitescout.com — Cisco Umbrella Rank: 4678
pixel-sync.sitescout.com — Cisco Umbrella Rank: 948
382 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 696
569 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 142
99 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 195
83 KB
1 inmobi.com
mweb.ck.inmobi.com — Cisco Umbrella Rank: 4211
323 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 1027
35 B
1 playground.xyz
ads.playground.xyz — Cisco Umbrella Rank: 4962
464 B
1 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 4096
534 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 1180
775 B
1 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 653
536 B
1 erne.co
green.erne.co — Cisco Umbrella Rank: 15132
366 B
1 iprom.net
core.iprom.net — Cisco Umbrella Rank: 7376
277 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 1334
216 B
1 truffle.bid
matching.truffle.bid — Cisco Umbrella Rank: 8323
1 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 2177
408 B
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 9727
535 B
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 862
317 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 2319
307 B
1 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 2332
376 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 171020
214 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 693
225 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 17119
272 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 136024
659 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 17116
361 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1119
814 B
1 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 909
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 915
625 B
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 2382
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1095
6 KB
0 googleapis.com Failed
fonts.googleapis.com Failed
493 101
Domain Requested by
44 securityaffairs.co securityaffairs.co
38 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
38 cm.g.doubleclick.net 16 redirects spl.zeotap.com
ssum.casalemedia.com
eus.rubiconproject.com
googleads.g.doubleclick.net
21 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
18 ib.adnxs.com 3 redirects cdn.pixfuture.com
spl.zeotap.com
ssum.casalemedia.com
googleads.g.doubleclick.net
acdn.adnxs.com
17 s0.2mdn.net securityaffairs.co
s0.2mdn.net
17 simage2.pubmatic.com ads.pubmatic.com
15 contextual.media.net securityaffairs.co
contextual.media.net
cdn.pixfuture.com
13 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
ads.pubmatic.com
13 lg3.media.net securityaffairs.co
11 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
10 ap.lijit.com 2 redirects cdn.pixfuture.com
9 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
9 a.audrte.com 4 redirects ads.us.e-planning.net
a.audrte.com
9 i0.wp.com securityaffairs.co
8 dsum-sec.casalemedia.com 2 redirects ssum.casalemedia.com
googleads.g.doubleclick.net
8 res-a.akamaihd.net securityaffairs.co
7 image6.pubmatic.com 1 redirects spl.zeotap.com
ads.pubmatic.com
6 googleads4.g.doubleclick.net securityaffairs.co
6 www.google.com googleads.g.doubleclick.net
tpc.googlesyndication.com
6 image2.pubmatic.com ads.pubmatic.com
6 sync-tm.everesttech.net 5 redirects ads.us.e-planning.net
6 ads.pubmatic.com ads.us.e-planning.net
ads.pubmatic.com
cdn.pixfuture.com
6 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
6 match.adsrvr.org cdn.pixfuture.com
spl.zeotap.com
ssum.casalemedia.com
eus.rubiconproject.com
ads.pubmatic.com
googleads.g.doubleclick.net
5 x.bidswitch.net 5 redirects
5 s.amazon-adsystem.com 3 redirects ssum.casalemedia.com
eus.rubiconproject.com
5 aax-eu.amazon-adsystem.com 3 redirects ads.us.e-planning.net
eus.rubiconproject.com
5 secure.adnxs.com 3 redirects
4 uipglob.semasio.net 2 redirects
4 visitor.fiftyt.com 4 redirects
4 pm.w55c.net 4 redirects
4 pixel.advertising.com 4 redirects
4 sync.search.spotxchange.com 3 redirects googleads.g.doubleclick.net
4 u.openx.net cdn.pixfuture.com
4 acdn.adnxs.com cdn.pixfuture.com
4 biddr.brealtime.com cdn.pixfuture.com
4 um.simpli.fi 3 redirects ads.pubmatic.com
4 pixel.onaudience.com 4 redirects
4 loada.exelator.com 4 redirects
4 c1.adform.net 3 redirects ads.pubmatic.com
4 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 apex.go.sonobi.com cdn.pixfuture.com
4 fastlane.rubiconproject.com cdn.pixfuture.com
4 prg.smartadserver.com cdn.pixfuture.com
4 prebid.media.net cdn.pixfuture.com
4 pixfuture2-d.openx.net cdn.pixfuture.com
4 hb.emxdgt.com cdn.pixfuture.com
4 ssc.33across.com cdn.pixfuture.com
4 hbopenbid.pubmatic.com cdn.pixfuture.com
3 simage4.pubmatic.com ads.pubmatic.com
3 www.googletagservices.com googleads.g.doubleclick.net
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
3 partner.googleadservices.com pagead2.googlesyndication.com
3 ups.analytics.yahoo.com 2 redirects googleads.g.doubleclick.net
3 ps.eyeota.net ads.pubmatic.com
3 match.prod.bidr.io 2 redirects ads.pubmatic.com
3 px.ads.linkedin.com 2 redirects eus.rubiconproject.com
3 token.rubiconproject.com 3 redirects
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 idsync.frontend.weborama.fr 2 redirects
3 sync.tidaltv.com 3 redirects
3 pixel.tapad.com 2 redirects spl.zeotap.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 u-ams02.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
ads.pubmatic.com
3 sync.richaudience.com 1 redirects ads.us.e-planning.net
spl.zeotap.com
3 btlr.sharethrough.com cdn.pixfuture.com
2 sync.ipredictive.com 2 redirects
2 rtb.gumgum.com ads.pubmatic.com
2 aud.pubmatic.com
2 match.bnmla.com ads.pubmatic.com
2 match.deepintent.com ads.pubmatic.com
2 eb2.3lift.com 2 redirects
2 sync.go.sonobi.com googleads.g.doubleclick.net
2 a.sportradarserving.com 2 redirects
2 dclk-match.dotomi.com googleads.g.doubleclick.net
2 sync.teads.tv googleads.g.doubleclick.net
2 us-u.openx.net googleads.g.doubleclick.net
2 c.eu1.dyntrk.com 2 redirects
2 ad.turn.com 2 redirects
2 sync.crwdcntrl.net 1 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 sync.1rx.io 2 redirects
2 pixel-eu.onaudience.com 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 d5p.de17a.com 2 redirects
2 sync.mathtag.com 2 redirects
2 pr-bh.ybp.yahoo.com 1 redirects ads.pubmatic.com
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 dsp.adfarm1.adition.com 2 redirects
2 dpm.demdex.net 2 redirects
2 trc.taboola.com 1 redirects spl.zeotap.com
2 dmp.adform.net 1 redirects spl.zeotap.com
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 s.e-planning.net ads.us.e-planning.net
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 c2shb.ssp.yahoo.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 aa.agkn.com 1 redirects cdn.pixfuture.com
2 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
2 www.google-analytics.com google-analytics.com
www.googletagmanager.com
2 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
2 l.sharethis.com ws.sharethis.com
securityaffairs.co
2 connect.facebook.net securityaffairs.co
connect.facebook.net
1 cr.frontend.weborama.fr 1 redirects
1 ssbsync.smartadserver.com googleads.g.doubleclick.net
1 cs.media.net 1 redirects
1 mweb.ck.inmobi.com 1 redirects
1 ads.yieldmo.com googleads.g.doubleclick.net
1 r.turn.com googleads.g.doubleclick.net
1 ssc-cms.33across.com cdn.pixfuture.com
1 ads.playground.xyz 1 redirects
1 pixel-sync.sitescout.com ads.pubmatic.com
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 match.adsby.bidtheatre.com 1 redirects
1 p.rfihub.com 1 redirects
1 pixel.quantserve.com 1 redirects
1 match.taboola.com ads.pubmatic.com
1 green.erne.co 1 redirects
1 core.iprom.net ads.pubmatic.com
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 csync.loopme.me 1 redirects
1 matching.truffle.bid ads.pubmatic.com
1 cm.adgrx.com ads.pubmatic.com
1 dis.criteo.com ads.pubmatic.com
1 js.cookieless-data.com s.e-planning.net
1 tags.crwdcntrl.net s.e-planning.net
1 id.rlcdn.com eus.rubiconproject.com
1 b1sync.zemanta.com 1 redirects
1 sync.adotmob.com 1 redirects
1 beacon.lynx.cognitivlabs.com 1 redirects
1 pixel-eu.rubiconproject.com eus.rubiconproject.com
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 onetag-sys.com ads.us.e-planning.net
1 i.e-planning.net ads.us.e-planning.net
1 secure-assets.rubiconproject.com 1 redirects
1 rtb.openx.net ads.us.e-planning.net
1 pixel.sitescout.com ads.us.e-planning.net
1 id5-sync.com cdn.pixfuture.com
1 pixel.wp.com securityaffairs.co
1 secure.gravatar.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
493 161
Subject Issuer Validity Valid
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2022-03-24 -
2023-04-07
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-01-29 -
2023-01-29
a year crt.sh
sharethis.com
Amazon
2021-07-19 -
2022-08-17
a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA
2022-02-20 -
2023-02-22
a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA
2021-11-30 -
2022-12-03
a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA
2020-04-02 -
2022-07-05
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-02-08 -
2022-05-09
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA
2020-08-14 -
2022-11-16
2 years crt.sh
a248.e.akamai.net
DigiCert SHA2 Secure Server CA
2021-07-15 -
2022-07-20
a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018
2020-07-25 -
2022-09-18
2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-11 -
2022-07-07
3 months crt.sh
*.id5-sync.com
R3
2022-03-08 -
2022-06-06
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2021-08-04 -
2022-09-04
a year crt.sh
ssc.33across.com
GTS CA 1D4
2022-03-22 -
2022-06-20
3 months crt.sh
*.sharethrough.com
Amazon
2021-08-13 -
2022-09-11
a year crt.sh
*.emxdgt.com
Amazon
2021-07-02 -
2022-07-31
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-25 -
2023-01-25
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2022-03-11 -
2023-04-12
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2021-12-08 -
2023-01-09
a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-03-08 -
2022-08-31
6 months crt.sh
ads.us.e-planning.net
R3
2022-02-24 -
2022-05-25
3 months crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-15 -
2023-01-15
a year crt.sh
*.audrte.com
Amazon
2022-02-24 -
2023-03-24
a year crt.sh
*.e-planning.net
R3
2022-03-09 -
2022-06-07
3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-12-12 -
2022-12-13
a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA
2022-02-23 -
2023-02-03
a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-10 -
2023-01-03
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-29 -
2022-12-30
a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-02 -
2022-06-07
a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-13 -
2022-10-14
a year crt.sh
dmp.theadex.com
R3
2022-04-28 -
2022-07-27
3 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-03 -
2022-11-02
a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2022-03-11 -
2023-03-10
a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2022-02-26 -
2023-03-01
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2022-02-03 -
2023-02-25
a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2021-04-29 -
2022-05-31
a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2022-03-23 -
2023-03-22
a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA
2022-03-01 -
2023-03-28
a year crt.sh
*.match.prod.bidr.io
Amazon
2022-01-27 -
2023-02-25
a year crt.sh
truffle.bid
R3
2022-04-16 -
2022-07-15
3 months crt.sh
*.iprom.net
R3
2022-03-24 -
2022-06-22
3 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1
2021-10-27 -
2022-11-27
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-01-18 -
2022-07-13
6 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2021-08-10 -
2022-09-11
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.google.de
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.google.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
www.google.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2
2022-01-21 -
2023-02-22
a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2021-12-10 -
2022-12-09
a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.yieldmo.com
Amazon
2022-04-25 -
2023-05-24
a year crt.sh
teads.tv
R3
2022-03-23 -
2022-06-21
3 months crt.sh
*.eyeota.net
R3
2022-03-08 -
2022-06-06
3 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2020-04-09 -
2022-06-08
2 years crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2
2021-01-06 -
2022-02-07
a year crt.sh
*.gumgum.com
Amazon
2021-06-05 -
2022-07-04
a year crt.sh

This page contains 97 frames:

Primary Page: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Frame ID: 3F9DC1B8AA50CFF94212D3007701ABA2
Requests: 157 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: D8BAE3BC1E843CEF971B92D8D1C0A43F
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 54B8F70817CED26FEAC917AC65643878
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 9F4C14810A43294AFB1B333058EF2CE7
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 56E6FC44ABB7BF6D61A3941A54DDBDFE
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: A4386A7F28B56AFF7309DE2E7C6E1E85
Requests: 1 HTTP requests in this frame

Frame: https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Frame ID: 5213E9277A81D55A6C68838B7FD12C98
Requests: 4 HTTP requests in this frame

Frame: https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Frame ID: 15B0242B0D54893142A9A70D5C4DA8B2
Requests: 4 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3C915113B63CE869C8C50687F0679932
Requests: 5 HTTP requests in this frame

Frame: https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Frame ID: DA7376E444F89DA30274E5CB7D27C6A4
Requests: 5 HTTP requests in this frame

Frame: data://truncated
Frame ID: BA12A65215FB62CC6A7550C70D2D2126
Requests: 5 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 55FFB15C712E1DE4453B02191D9CAF67
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: 6EE0C92B61A826B7EC9AF336CA55BFCB
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Frame ID: 20BB410EB79E7DA2FE9B8C27D2018C9F
Requests: 21 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Frame ID: 2253D0B517277477D2221F8EF0BF44F6
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: E9EB306312F5A22DEA0840C57590E3CA
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 3129E9CD031FB9352BBC6CD65CF91302
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361&cmp=0
Frame ID: 21F2D0864512655C29453A3A4BF3B1FE
Requests: 30 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 2DF74E0E0FE338667F40FBC75F32668A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 0DB72B68250535AFC3218170CB7410A3
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 64E94074356EB6B84220B9FD6269E443
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: EAC9AC08CC2E57B395EA3EF2647508E0
Requests: 8 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 8F2AB0CCBB5BEF99532826E850F9ACB9
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AK4o9WcCOab6gbaA
Frame ID: 80E78A8D539401E76F59C1D1106BAF9D
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Frame ID: 8060BC26B2146BF12BDA51810DAE6AD5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&gdpr=0&gdpr_consent=
Frame ID: 13EAB22F02EF2C8D170013D205608304
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7970472423113245867
Frame ID: D2611ACF02EA8F686C3A6FB22E2BD4C7
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 07876DF4D7FEEE82A3A43E545DE18A78
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7093119393942796438
Frame ID: C35C1CF0C5685DA04611641D1A66F38B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ym-SgwAMyeLBGgA-&gdpr=0&gdpr_consent=&_test=Ym-SgwAMyeLBGgA-
Frame ID: C0D548E16D2DA89439938D754D6DFAAF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1aIjRSFXS3R-FgmWfxGLHVFfBSw
Frame ID: 6A41C1007FFF74DAB079CCF2868A2F0E
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 311A09DF91B1DE7010DE2CAEE1E9406B
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: 5567A6010436A19E5EF3142AAA54817D
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 4DC2758D2DD51A93E3E9657F0B22A071
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 17F470E37F864FB14484CB49CF12481C
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 6745279FB8B7547C36566BFE58930A35
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: D66863ABB20367BA3832ED345F6D2BC4
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=Ecv7Kmx8QgRnUYUhbggaabSV
Frame ID: AC1750F9FB605519E01FBE8D625E6B4A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Frame ID: 82D94E094DA443B9988A28F6A33E74AE
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=64ca9e21-3b37-48da-bbd7-8cf2d3db292f-tuct9695803&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 5C8316D4BB2759E58FE42EF8C29DE0EC
Requests: 1 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=258da93cfb81e596&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Frame ID: C81990C71D91746481D75B26AFC8EA6E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Frame ID: 4D3DE820D58F3C2A66280A291DADC6B4
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Frame ID: 708F2C207789A04736A3E72FCD4895CA
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Frame ID: 7281E1526E55C67F4E0F9EF3BE0EBEE7
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY_o_uyAEwAQ&v=APEucNWpF12ONQf4F6mWs8urW_HkpvUTXpe88NFbdu-mbpuFk1FFk8Jhq4Rn-xlIKsXsWntDqjccaXOaR6f9KKbV8m3KCELHajkIE74nKokqKFfl4qVBasCE1Ra7_0HxGIGP_-KUyPkQ6lHjbBcs6Ik2XZPKqq8uZ2Y3j0-2mAOM3MvMLyAnBQ1cgWZaOr1IegqsJRKpPm5hZdmCxVvghSUv4mbqeXjnqw
Frame ID: 9A9504FAFC64C68874DB3BF56FEA5105
Requests: 5 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: E5F1F726C9DAC40116C518B161A203E0
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: C6087AFD75CF256613FE16E80D5B3AE9
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: DE4F140E0CB1E826FFD27963EF318293
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 9D8429638715F5B67F3199AAC5622FAB
Requests: 9 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B51B6AEEF5663F846E24599233DAD56E
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 4BBE7A01EF268241840126DE9D1F19DD
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DB6FCFC51F223D64D03B173F37CDBC8D
Requests: 3 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 0A4D7C416992E3263558422E8C904079
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 5F89DEB0ABCB1F982F1DA4B8A4C3EA15
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: FC924F0CCA6F658BE505E900F6902836
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F8E5F8F0DDBDCEC537050CB940F71A28
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 42BB609E747AA2395A1A58672FF05E48
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: B1DCD6C06BEF69FB0BD6333BB970CC25
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 98ECA13888ED48666FB7E220FF88F492
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: A6E01E3DEC2B0BBBE2B5DC26A088B216
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: A2AC64503B9D59B4C066EAE94B09870C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 15FD66573BFFA9C655325C8A6073F0FE
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: B51F370BB3106D4F5BF76CA39A12CC45
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 5C174D0E300AC2B3FAE85715292C615A
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: C17B860AAC33E47EF60D432557BDE2AA
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: D5BBFE4C4435B376F5B78AB1BAC7AB91
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 36AA5EF475F562371603F360662ACB32
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 3937CF89E391733FC303FDB6B92056FD
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 20E9219ED4AB7E52FBB03009F9A78985
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 1E4B431615D895B13797159095045A32
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 7A2EF32321DE65A3AF5A1A6EBAB89DD1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7EE2E23A70DC7280A30409CD4188651E
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16224771542101161438/index.html
Frame ID: E7F85EF5076F5307A9369E1CD8F1D2D0
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY14ruyAEwAQ&v=APEucNWaCbSt8l7yY6gNGV4vKYwBPLwzRHsiamddEWTnRtBhK4QdyOTfWDn9LNGD3XmWDbXQiWTBnfjROO9y39HYpU3cJXhSS4rXKLA_BkMPW7cFe0rgO7pd2phXLAf1QwhtlSHjNNGOl7EAG2IMMQ6RvRH8o60jS38hktxWrWdw7QV5AtJoQvb3-YJh0rftusAz-hR-CJIwvdBy1XCeYkKEEiwwPkTudA
Frame ID: F1FC20F63A9BFFAF3209EED86402040D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 872AAACB319881AD16DB88CC6161EAE7
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY3ZGNyQEwAQ&v=APEucNXNXecZTPhqKaJm4XEstBBM93dmI2lOVCAwX0-p-QQVhj3bY20WycHRIkOWP5TTPCr11Yuhtj9r7Fbq5DPOOH9-PF0kD6WGsyb09q1qZjKaytQnWDaQ9bw7i0cGS8tWymvUJb-iyvOL3fuXkrN5ALlfSkb42M3yHMrWEzSGJY638XobOMwqCttZ9A0rpbjUXrWMSBzZeuT7GimXTG6vVUh8SQ17sw
Frame ID: 1B62DEB538D879D684C36116931DD6AA
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
Frame ID: 66C2747863C05E1C22E903C44AE083E5
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BE853BDC65BF381B51C5C7C741A122CA
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8BD29448A51261F890E6BE07888C7AB3
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
Frame ID: 90BE4595B857D02338F45A18092B127E
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 932B517DB6327F72B1EADB08ACB953EE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AF3931879743696D05C71E6F6F0A1938
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0AF9C454CD645AF522C76EEFEBB1EA50
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EC69E7CCE64FF9A1B662D1CFAF53265F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 26DA486A27CB00D2F54B66550B1CAD54
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5E6FF51DCDBBD85253596C820F42B80A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 99423FEAAA697D4147FA4AFE7F85DC56
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9CA8CCFC1AABD2EC84288C7EB2623A28
Requests: 2 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=15238/rand=409941518/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Frame ID: B36FE66704007B65763A1175BD7F2AAC
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 81E98388C3A8F7DF51E377FD7481CB12
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Frame ID: AE98A13D55874545526AAE1EB32C4523
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: 7D93F6B8EF3C0E3948F7330717292434
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
Frame ID: 792508ED97F89BABF1538834AE8C6C44
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 082F0ACD8926D5D05A474C7DF360D663
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Frame ID: 54855A8E7E7FF755C8B701D3BDF4716D
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: 29C89995CF370A6EDCDCC8CB510FB237
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
Frame ID: 46AE4CB0933C11378336C8386505B378
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Emotet tests new attack chain in low volume campaignsSecurity Affairs

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • tracker\.js

Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

493
Requests

83 %
HTTPS

21 %
IPv6

101
Domains

161
Subdomains

111
IPs

12
Countries

4086 kB
Transfer

7461 kB
Size

133
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 120
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=2KAnNHxvVTBDWEFRQXNiSkd3K09zZklhVU1tTmU3YU51ZzVXODlhS01HT01kMkM2NFlBL2hMcFk0NUFTNnhzdUFIN2EyTDYrTjh0SWl0enVMMTF0bXU2c2JXMGZvb0tKMXFISE95ZjRiVWxrdW4yWGZNNWx4VWdWWDR0VVQrditIZ0I4QVcvMVg0ZzV2UFBlTHM2TjVEbVVNZkxFYlk5VTEwc2JzKzROZWxLOHR1cnVhL0trMUxMME9BR3BhdTFraGFzV3E2S0drT3BQSE5xejFtKy9ndXJGeC9RQ2pVV0NjOU9uSjcvMTk2cDlnMFRnPXw&cppv=2
Request Chain 124
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 125
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 177
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 182
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D258da93cfb81e596 HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Request Chain 183
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D258da93cfb81e596%26uid%3D%24UID HTTP 302
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=258da93cfb81e596&uid=1783418094771575678
Request Chain 184
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Request Chain 186
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Request Chain 192
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=f396b4f3-51ad-4547-9516-f2ad9a15194c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 198
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=e7557d5b-efda-4cd2-98bb-6067687dc172&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 199
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=1c296382-82fa-461d-7b1d-19466cc1d151&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=1c296382-82fa-461d-7b1d-19466cc1d151&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=87933219208043071631663835005271550173&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 201
  • https://bn01.er.bemail.it/zeotap.php?_bid=1c296382-82fa-461d-7b1d-19466cc1d151&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022050214-46949-0.091988001651495554-477fe408d375003a8b846bfade245391&zdid=533&env=mWeb
Request Chain 202
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7093119393942796438&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 204
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=1c296382-82fa-461d-7b1d-19466cc1d151&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=1c296382-82fa-461d-7b1d-19466cc1d151&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361&bounce=1&random=655600812 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=tnPmu8VFoq7ubfcwtlt8Y.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 206
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=1c296382-82fa-461d-7b1d-19466cc1d151?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=1c296382-82fa-461d-7b1d-19466cc1d151?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 207
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-VYrpCYZE2ooDsVCgPpv1LZ9.vw68Hv.EXA--~A&zpartnerid=570&env=mWeb
Request Chain 208
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnED65TMRGpJnG%2BkGbjfrLt%2B%2BS41iYitP1U%3D
Request Chain 211
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361&_test=Ym-SgwAMy4HAswA-
Request Chain 212
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=91ac626f-d283-4600-b3fa-2e612d8fdf77&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 213
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 214
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361&dcc=t
Request Chain 216
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Request Chain 221
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB&dcc=t
Request Chain 222
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Ym-SgrHXjm.VFp-THVFdOgAA HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=Ym-SgrHXjm.VFp-THVFdOgAA&google_tc= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBC5wIlL7lXBVPq3GpOdc2M&google_cver=1&gdpr=1&google_hm=2
Request Chain 225
  • https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c796c5c5-08f2-4f3c-8ba6-16af90fd412e&expiration=1683031555
Request Chain 226
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Request Chain 227
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Request Chain 230
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODdiZGYyMzZlNGJlYjU0YmE2NGI2YjIzZTQ0OWQxNjQxYWJhZDJkNA
Request Chain 232
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=tV2ymTNURIiJAk5-bGALhg&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=tV2ymTNURIiJAk5-bGALhg
Request Chain 234
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=shwyo2CqTvm-iDX5JIBCcw&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=shwyo2CqTvm-iDX5JIBCcw
Request Chain 235
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEF9WVpVeqpJ3Mpw1nwohPL0&google_cver=1
Request Chain 236
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/ToDRhRB3JLHlHQ1iL5dZcMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1131202488703340910
Request Chain 237
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2OPT9BU-20-6TJR
Request Chain 254
  • https://c1.adform.net/serving/cookie/match?party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Request Chain 255
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&gdpr=0&gdpr_consent=
Request Chain 256
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7970472423113245867
Request Chain 258
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7093119393942796438
Request Chain 259
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=Ym-SgwAMyeLBGgA- HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ym-SgwAMyeLBGgA-&gdpr=0&gdpr_consent=&_test=Ym-SgwAMyeLBGgA-
Request Chain 260
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1aIjRSFXS3R-FgmWfxGLHVFfBSw
Request Chain 262
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEMnAwN0UzNlVBQUQwZldNWTlLZw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Request Chain 264
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 265
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 267
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DEcv7Kmx8QgRnUYUhbggaabSV HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DEcv7Kmx8QgRnUYUhbggaabSV&xl8blockcheck=1 HTTP 302
  • https://pixel-eu.onaudience.com/?partner=161&icm&cver&mapped=21ef3b07a71746f0d0dc1e96b0298943&gdpr=&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3DEcv7Kmx8QgRnUYUhbggaabSV HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=Ecv7Kmx8QgRnUYUhbggaabSV
Request Chain 268
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1651495555238 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Request Chain 269
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=64ca9e21-3b37-48da-bbd7-8cf2d3db292f-tuct9695803&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 271
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YIsQ-WJVQgui0vwuaalhtA%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 272
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=91ac626f-d283-4600-b3fa-2e612d8fdf77
Request Chain 273
  • https://pixel.onaudience.com/?partner=214&mapped=608B10F9-6255-420B-A2D2-FC2E69A961B4 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1&xl8blockcheck=1 HTTP 302
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=5d9b65e5c082ffda80f3f05fe1c2e4c0&gdpr=1 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=da9e636b1aa00185/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1&gdpr_consent=${gdpr_consent} HTTP 302
  • https://pixel.onaudience.com/?partner=162&icm&cver&gdpr=1&gdpr_consent=${gdpr_consent}&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3D${gdpr_consent}%26pid%3Ddn5h51u%26t%3Dgif%26uid%3D%25m HTTP 302
  • https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=2ea1ec544be08a1e
Request Chain 274
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjA4QjEwRjktNjI1NS00MjBCLUEyRDItRkMyRTY5QTk2MUI0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 275
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC64OCEK-U1_HfkqrvbEUoI&google_cver=1
Request Chain 277
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3935973953595647647
Request Chain 279
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1783418094771575678&gdpr=0&gdpr_consent=
Request Chain 280
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ
Request Chain 282
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-521GKzZE2uVQsHNvivglpF1uKNzrsbY-~A&gdpr=0&gdpr_consent=
Request Chain 283
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=pubmatic HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=5131077721300240214&expires=30&ssp=pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aa3f86bd-162c-40a3-b993-b78e863ff485&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 284
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:03140866-f51c-446d-a756-5bef95e81a5d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 286
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8138885220535409139&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 288
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1783418094771575678
Request Chain 311
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1
Request Chain 312
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ym-SgrHXjm.VFp-THVFdOgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1&google_hm=2
Request Chain 313
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEAyPwaasCBKEd6wDGJZODh4&google_cver=1
Request Chain 314
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzQxODA5NDc3MTU3NTY3OA%3D%3D
Request Chain 371
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOY5l-wY66CZ9AqWbcBi81g&google_cver=1&google_push=AYg5qPIz2zJXrjlObyFnBLCaH1IiTtvGZWVyTn6eqgd5YuiwE5YDiD8MvKKrC8osB7f3bROxThP2ijGU-fG7bsr7XW9a5j_7_U4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODEzODg4NTIyMDUzNTQwOTEzOQ==&gdpr=&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOY5l-wY66CZ9AqWbcBi81g&google_cver=1
Request Chain 372
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJPIFFv7SKbPtPtk3WzQ-GWOWmTMUMMElppN6mEpemhii_SRevQSCzCFyvNAl7be0sZtTCKmvfX6cWBzYmS-UtAJ4Ysps3y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJPIFFv7SKbPtPtk3WzQ-GWOWmTMUMMElppN6mEpemhii_SRevQSCzCFyvNAl7be0sZtTCKmvfX6cWBzYmS-UtAJ4Ysps3y
Request Chain 373
  • https://um.simpli.fi/gp_match?google_gid=CAESEKIwGMYctALPf1NvRXwPyr0&google_cver=1&google_push=AYg5qPLH4_rrMywHI6ezQbFWREIgMoAfwLVOVGTS0RAHz76YeJ4TZj5kb8Tn9SXDa-gQmxRmxzzadXWtJGt7jXvsEaJCDQ4fnsvp HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C6CDCCE70F8246B185FE1D2B153F3554&google_push=AYg5qPLH4_rrMywHI6ezQbFWREIgMoAfwLVOVGTS0RAHz76YeJ4TZj5kb8Tn9SXDa-gQmxRmxzzadXWtJGt7jXvsEaJCDQ4fnsvp
Request Chain 374
  • https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEGyxtXgRQPRXQYJRlxjjLqk&google_cver=1&google_push=AYg5qPJUdicetqf3CmCpk3pI3bTatKku3-c9Dd8-KI1ejza_uv_fb04LhjrC50960vqJFzfmmbS2XN9N4zPISeRnNUzghYXr-fY HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJUdicetqf3CmCpk3pI3bTatKku3-c9Dd8-KI1ejza_uv_fb04LhjrC50960vqJFzfmmbS2XN9N4zPISeRnNUzghYXr-fY
Request Chain 375
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENLRVB_DkvLyfgZuxOnnXCQ&google_cver=1&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx02rzkwSZ2A7APjzu4t HTTP 302
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENLRVB_DkvLyfgZuxOnnXCQ&google_cver=1&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx02rzkwSZ2A7APjzu4t&prevuid=&knw= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx02rzkwSZ2A7APjzu4t&google_hm=
Request Chain 376
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEKIM1bBiO_YhcI_1bCnIWLc&google_cver=1&google_push=AYg5qPIXln5tZWWgK2Xl9MgYaxthOz-u5JzKQFSncNLtpdOdRCNGW9WohZTi-7hvQIxu5M1OfAOJoM8mhI-8FhWIvyzx0L7SVOg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=1aIjRSFXS3R-FgmWfxGLHVFfBSw&google_push=AYg5qPIXln5tZWWgK2Xl9MgYaxthOz-u5JzKQFSncNLtpdOdRCNGW9WohZTi-7hvQIxu5M1OfAOJoM8mhI-8FhWIvyzx0L7SVOg
Request Chain 381
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOj6Vg6yAAGOmQFBIwfccpM&google_cver=1
Request Chain 383
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEJ8ierA7QwOqV4o4u1yQf0M&google_cver=1
Request Chain 388
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENrnYYW3QiB4ccWzxJA91Vo&google_cver=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENrnYYW3QiB4ccWzxJA91Vo&google_cver=1&__user_check__=1&sync_id=cf705aa9-ca15-11ec-bc03-10ffbde80206
Request Chain 389
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=cf6f7ed0-ca15-11ec-aa2b-141484330406 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Y3MDVhNjgtY2ExNS0xMWVjLWJjMDMtMTBmZmJkZTgwMjA2
Request Chain 390
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1 HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1&apid=UPcf6db481-ca15-11ec-bf51-062731e89e6e
Request Chain 391
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPcf6db481-ca15-11ec-bf51-062731e89e6e HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBjZjZkYjQ4MS1jYTE1LTExZWMtYmY1MS0wNjI3MzFlODllNmU%3D
Request Chain 406
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=3935973953595647647 HTTP 302
  • https://ps.eyeota.net/match?bid=kh51m51&uid=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=
Request Chain 407
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=&google_gid=CAESEFW9dEeFsVYOyS_b3tpNTVA&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 419
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJtCJlMe6RLZ3feZENT4HcTZAB1oWA4zhj1YhnyGbiKbNtyyiu3FoaVGB5qAvimFNa-mxM224E3htTJLLF4bPDednEUzS4K HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJtCJlMe6RLZ3feZENT4HcTZAB1oWA4zhj1YhnyGbiKbNtyyiu3FoaVGB5qAvimFNa-mxM224E3htTJLLF4bPDednEUzS4K
Request Chain 421
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEKiDvnsF14ZGzjuFDbVqfIA&google_cver=1&google_push=AYg5qPIUa-FXduiLYYqtVPYpt75FfQiqssazo8p8UvFcheqeVNnRcNu2_YfJQ1Afe7x_SaTRidI_dsr5_mMgZwtIEG54UGmwTbo HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=51V9W-_aTNKYu2BnaH3Bcg&gdpr=1&gdpr_consent=
Request Chain 422
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELriG1tMTjxTAQgl4QXpbk4&google_cver=1&google_push=AYg5qPJyVX_Fcs80Dl517-GTasTsPkyClGzhB-v2XFfVjLiI0I6fBRQkPCsQFweR2w3yrX3andg2xbq0T1xZ40kR0VdRaiLHFZNm HTTP 302
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=a0745daf-a182-4de4-9b85-e78482b0b499&ssp=google HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyVX_Fcs80Dl517-GTasTsPkyClGzhB-v2XFfVjLiI0I6fBRQkPCsQFweR2w3yrX3andg2xbq0T1xZ40kR0VdRaiLHFZNm&google_hm=qj-GvRYsQKO5k7eOhj_0hQ==
Request Chain 424
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOQvgoDIypLywyHHKnOBCDk&google_cver=1&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ2 HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ2&google_gid=CAESEOQvgoDIypLywyHHKnOBCDk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzMyNDg4Nzc5Mjg1Njc4NjYyNjE4Mw%3D%3D&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ2
Request Chain 427
  • https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEGyxtXgRQPRXQYJRlxjjLqk&google_cver=1&google_push=AYg5qPKXME1DkoXlUWOPAHB7CeUJ0o9Z35AYbuhY3qj0bMRn5ezx6lwt4beGlGJ9-MtHSnd3KlxMcAMdX29qm_FGxDW1hBlcgutQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPKXME1DkoXlUWOPAHB7CeUJ0o9Z35AYbuhY3qj0bMRn5ezx6lwt4beGlGJ9-MtHSnd3KlxMcAMdX29qm_FGxDW1hBlcgutQ
Request Chain 428
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D81312610%26google_hm%3D%24DSP_CKID&google_gid=CAESEIT0Kr-qk_B9JeCyeTG4zyc&google_cver=1&google_push=AYg5qPLKl8ByVD0eECBX9DgdIvkw8MjLdV2Ai9fXhoLH7EQ5KvbB5gs4j27KVajvv343DWOW0U6gvUQrkl8BSQBZggpwkNPHyeLk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=81312610&google_hm=OTU2ODQ5ZWEtYmRlZS00NWQwLTg2YzUtMTk4OTIxN2EyM2Zh
Request Chain 430
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELHfgInEFy3a1U3EbkQIGAY&google_cver=1&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jptk6DxDo0zyM HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELHfgInEFy3a1U3EbkQIGAY&google_cver=1&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jptk6DxDo0zyM&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jptk6DxDo0zyM&google_hm=21c5a7800d7c22f06df421af
Request Chain 431
  • https://cs.media.net/cksync?type=g&google_gid=CAESEBcVfyXQbyHYld1LGZbg7WM&google_cver=1&google_push=AYg5qPJpJyl7w4uXG8WLJ2yE13YsbdnLmVdpwe7ZPoy5gFytyb1B0gbUTbRecH5bMe-1NIOjbqUdAI7EyK3y5f5BuFfMGnkbW1k HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&mn_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJpJyl7w4uXG8WLJ2yE13YsbdnLmVdpwe7ZPoy5gFytyb1B0gbUTbRecH5bMe-1NIOjbqUdAI7EyK3y5f5BuFfMGnkbW1k&gdpr=&gdpr_consent=
Request Chain 480
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Request Chain 482
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
Request Chain 483
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
Request Chain 484
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 486
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4 HTTP 302
  • https://a.audrte.com/p
Request Chain 488
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d14c113f-ca15-11ec-9fb5-a51467463951&gdpr=0&gdpr_consent=
Request Chain 491
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
Request Chain 492
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 494
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4 HTTP 302
  • https://a.audrte.com/p
Request Chain 497
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Request Chain 499
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
Request Chain 500
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d15b7aa3-ca15-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
Request Chain 501
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=608B10F9-6255-420B-A2D2-FC2E69A961B4

493 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request emotet-operators-test-new-techniques.html
securityaffairs.co/wordpress/130739/cyber-crime/
99 KB
26 KB
Document
General
Full URL
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
28158e665605376a8ae3e6a546e757953fd8bfeae5d60ba993162629c10ed384

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:51 GMT
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/130739>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=130739>; rel=shortlink
server
Apache
x-pingback
https://securityaffairs.co/wordpress/xmlrpc.php
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/
95 KB
95 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d923ee78c830ba61f65748ff977f348a9b8160f36f05c922b6431428ed693d22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Tue, 05 Apr 2022 21:49:11 GMT
server
Apache
accept-ranges
bytes
etag
"17bff-5dbef371d9676"
content-length
97279
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/
11 KB
11 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073acf500"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/
5 KB
5 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d761a00"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/
3 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Fri, 18 Feb 2022 00:43:34 GMT
server
Apache
accept-ranges
bytes
etag
"c22-5d8402c38291d"
content-length
3106
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/
27 KB
27 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Fri, 18 Feb 2022 00:43:34 GMT
server
Apache
accept-ranges
bytes
etag
"6a71-5d8402c38291d"
content-length
27249
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/
23 KB
6 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.2.4
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
5169735
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
733e37acd0daf33e87865ddb13826614
cf-ray
7050db437f1a994a-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/
19 KB
20 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/
539 B
683 B
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/
6 KB
6 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/
2 KB
2 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/
17 KB
18 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
4 KB
5 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/
334 B
478 B
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/
110 KB
110 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/
12 KB
12 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/
49 KB
50 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/
19 KB
19 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
67289e231e0f7e5160b64d6761481954fbd89cc2f3cd3bf469fca94d7b4d6c87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 06 Apr 2022 21:42:04 GMT
server
Apache
accept-ranges
bytes
etag
"4d01-5dc033b777710"
content-length
19713
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/
12 KB
12 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 06 Apr 2022 21:42:02 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5dc033b613025"
content-length
12591
content-type
text/css
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/
282 KB
282 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0de3c40"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/
25 KB
25 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073acf500"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/
34 KB
34 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c106f968e6dae4cc1049fd8205860cbd57eba3b59803c5688a1f417b57d9b65

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Fri, 18 Feb 2022 00:43:34 GMT
server
Apache
accept-ranges
bytes
etag
"88fd-5d8402c38485d"
content-length
35069
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/
562 B
716 B
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e402b540"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/
26 KB
8 KB
Script
General
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.4
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:ae00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 01:55:51 GMT
content-encoding
gzip
vary
Accept-Encoding
age
39001
x-cache
Hit from cloudfront
content-length
7654
server
nginx/1.20.1
etag
W/"61e1c3a9-6746"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
FRA50-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
nZSALPBY-zyKF0nCbM6i-t3xrcCYTZPK0LAnEzofqk8Lrly_GHNjcg==
expires
Thu, 05 May 2022 01:55:51 GMT
sharethis.js
platform-api.sharethis.com/js/
187 KB
42 KB
Script
General
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-21.fra50.r.cloudfront.net
Software
/
Resource Hash
0cf72ecd5c93398efc9866c99c06bbdcbd021f3ac7592728d970be2a587afe88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:41:55 GMT
content-encoding
gzip
vary
Accept-Encoding
age
237
etag
W/"2ecb3-EnNWPFoUPbSrc7pcI0FHroXDv+c"
x-frame-options
SAMEORIGIN
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
FRA50-C1
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
wMwRVQeKsHZfSg-PfEBkNrjLKKel0OgTcPwsV62yxVNU-snq-yHGag==
dmedianet.js
contextual.media.net/
166 KB
56 KB
Script
General
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3171ff57ba80d27cb237c78e706e174ea01288df7cf6285ea55b9a9ce64bae
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-mnt-h
8-7
content-encoding
gzip
server
Apache
etag
"1492743ae8efed803e9b916f927fd8c2"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Mon, 02 May 2022 12:45:53 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-18
expires
Mon, 02 May 2022 12:50:53 GMT
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/
44 KB
44 KB
Image
General
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/
973 B
1 KB
Script
General
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Wed, 04 May 2022 12:45:53 GMT
Emotet-botnet-new-technique.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/04/
53 KB
53 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/04/Emotet-botnet-new-technique.png?resize=768%2C391&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
1adae561b17dcef78043fd7fcc0d8e01ac56963b2b5a162cdff69d34463c4740
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Sat, 30 Apr 2022 17:30:19 GMT
server
nginx
etag
"f44e4e067f723e79"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/04/Emotet-botnet-new-technique.png>; rel="canonical"
content-length
53832
expires
Tue, 30 Apr 2024 05:30:19 GMT
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/
830 B
1 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/
1 KB
1 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/
1 KB
1 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
Group-IB.jpeg
securityaffairs.co/wordpress/wp-content/uploads/2022/05/
39 KB
39 KB
Image
General
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/05/Group-IB.jpeg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2fdd62d9ae7fd0d59cab3f62ed46932868da38301f25d447bb1e35cb74dc0f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Mon, 02 May 2022 08:09:54 GMT
server
Apache
accept-ranges
bytes
etag
"9c3c-5de02ead732df"
content-length
39996
content-type
image/jpeg
iot.jpg
securityaffairs.co/wordpress/wp-content/uploads/2015/03/
57 KB
57 KB
Image
General
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/iot.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c1eeaadd08ab6cb5b7079483bc9e25bdee84177c5140bcf63123659f06b4a4fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Wed, 16 Dec 2015 11:49:39 GMT
server
Apache
accept-ranges
bytes
etag
"e251-5270280455ac0"
content-length
57937
content-type
image/jpeg
Romania-flag.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/04/
4 KB
4 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/04/Romania-flag.jpg?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
07b73fef44aa5b46ad1c04e15f5ac4b5f98508ed9d0d2048d4dd006fafaeca2b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Sat, 30 Apr 2022 17:30:21 GMT
server
nginx
etag
"11b9840e519d9564"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/04/Romania-flag.jpg>; rel="canonical"
content-length
3778
expires
Tue, 30 Apr 2024 05:30:21 GMT
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/
142 KB
142 KB
Stylesheet
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1646352596
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6071f4e4c890545ad0f59302890def2aebb273acd131ed7ec434b26dfebad1e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Fri, 04 Mar 2022 00:09:56 GMT
server
Apache
accept-ranges
bytes
etag
"237f3-5d95955ab0984"
content-length
145395
content-type
text/css
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/
2 KB
2 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 06 Apr 2022 21:42:04 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5dc033b755435"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/
365 B
519 B
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Tue, 19 Apr 2022 22:00:45 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5dd090240a171"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/
2 KB
2 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1646352596
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Fri, 04 Mar 2022 00:09:56 GMT
server
Apache
accept-ranges
bytes
etag
"7c3-5d95955abe444"
content-length
1987
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
987 B
1 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
4 KB
4 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
8 KB
8 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
3 KB
3 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/
21 KB
21 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
8 KB
8 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/
69 KB
70 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
11 KB
11 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
3 KB
3 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
13 KB
13 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:52 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/
12 KB
13 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/
22 KB
22 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
12c89195053b32c8e6577a5049ef4b5f6aa0a3f38cc0b87a745dd5fb6d9959cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Wed, 06 Apr 2022 21:42:04 GMT
server
Apache
accept-ranges
bytes
etag
"5610-5dc033b777710"
content-length
22032
content-type
application/javascript
e-202218.js
stats.wp.com/
9 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202218.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 23 Apr 2023 19:07:03 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9db128fb434e943a524c45954939a986091362f7619383f46224f1e3f3ec0048
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
O9oLBqiZ4UP+8bwkyYWckQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Mon, 02 May 2022 13:04:26 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
2B+TZ3BwF8vd9ejhe0f3Wq9dnOSkjt/hGcyR+gdDkPSMEwaNV+ijp3yCHpBz+pFsqm8ID9wSFe1+AmbaJrbZTA==
x-fb-trip-id
686109401
x-fb-content-md5
1b8f0ccb3f8163a9653ec14dd704705f
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Mon, 02 May 2022 12:45:53 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"2a235471b715fa27dae50c216c43d44f"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/
31 KB
31 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"7cdc-5c7d1b0de3c40"
content-length
31964
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/
9 KB
9 KB
Script
General
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e60748e80"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/
0
0

css
fonts.googleapis.com/
0
0

css
fonts.googleapis.com/
0
0

css
fonts.googleapis.com/
0
0

pview
l.sharethis.com/
0
405 B
XHR
General
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1651495552461.13988&hostname=securityaffairs.co&location=%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&title=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaignsSecurity%20Affairs&sop=false&description=Emotet%20operators%20are%20testing%20new%20attack%20techniques%20in%20response%20to%20Microsoft%E2%80%99s%20move%20to%20disable%20Visual%20Basic%20for%20Applications%20(VBA)%20macros%20by%20default.%20The%20operators%20of%20the%20infamous%20Emotet%20botnet%20are%20testing%20new%20attack%20techniques%20in%20response%20to%20Microsoft%E2%80%99s%20move%20to%20disable%20Visual%20Basic%20for%20Applications%20(VBA)%20macros%20by%20default.%20The%20threat%20actors%20are%20adopting%20the%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.22.198 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-22-198.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/
30 B
425 B
Script
General
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:9600:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
via
1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
age
41
etag
"e6e1643313740711175f51662a65b42f"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-length
30
x-amz-cf-id
DEJiLcR2UlgSt2MByCsJRxraBgln0Vhsc5-4WPzP8SkmOJFLL-oRnw==
analytics.js
google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
6424
date
Mon, 02 May 2022 10:58:49 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 02 May 2022 12:58:49 GMT
gtm.js
www.googletagmanager.com/
84 KB
33 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c3cc898cfbb6f8e8f6789ba3a35c2ee24397a3d829d6a931d2ba85984f47f33f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33299
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 02 May 2022 12:45:53 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/
43 KB
44 KB
Font
General
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
smtr
contextual.media.net/
86 KB
33 KB
Script
General
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&nse=5&vi=1651495553416628201&lw=1&ugd=4&kttle=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaigns&pgid=p11298862554t202205021245&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0d4048f05cfbe0ec2df0a0c85417d9ec96de70a8d8b12872ba333bd5219ceda7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
expires
Mon, 02 May 2022 12:45:53 GMT
cache-control
max-age=0, no-cache, no-store
x-sc-h
21-htc6
strict-transport-security
max-age=604800
content-length
33015
x-sc-w
21-vfh0
checksync.php
contextual.media.net/ Frame D8BA
15 KB
6 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2c115b4e839413a0d7fc63df34311120c5431cd695ecd5cfb190556494d4dc71
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73824
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:53 GMT
expires
Tue, 03 May 2022 09:16:17 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
bping.php
lg3.media.net/
35 B
189 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=544&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1651495553416628201&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781335&r=1651495552592&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=201011&vgd_rakh=1651495553184082435&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11298862554t202205021245&vgd_pgids=1&vgd_uspa=0&hvsid=00001651495552585013651816963770&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 02 May 2022 12:45:53 GMT
smtr
contextual.media.net/
87 KB
33 KB
Script
General
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&nse=5&vi=1651495553531611832&lw=1&ugd=4&kttle=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaigns&pgid=p11298862554t202205021245&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6003b8d63fd5e4fda897a9833bb4e006311fe2407b386fd84e5daa57753e762e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
expires
Mon, 02 May 2022 12:45:53 GMT
cache-control
max-age=0, no-cache, no-store
x-sc-h
21-jqfj
strict-transport-security
max-age=604800
content-length
33089
x-sc-w
21-2d4z
checksync.php
contextual.media.net/ Frame 54B8
15 KB
6 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2c115b4e839413a0d7fc63df34311120c5431cd695ecd5cfb190556494d4dc71
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73824
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:53 GMT
expires
Tue, 03 May 2022 09:16:17 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
bping.php
lg3.media.net/
35 B
189 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=544&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1651495553531611832&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781335&r=1651495552626&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=201011&vgd_rakh=1651495553184082435&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11298862554t202205021245&vgd_pgids=2&vgd_uspa=0&hvsid=00001651495552585013651816963770&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 02 May 2022 12:45:53 GMT
pview
l.sharethis.com/
0
380 B
Image
General
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1651495552461.13988&hostname=securityaffairs.co&location=%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&title=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaignsSecurity%20Affairs&sop=false&description=Emotet%20operators%20are%20testing%20new%20attack%20techniques%20in%20response%20to%20Microsoft%E2%80%99s%20move%20to%20disable%20Visual%20Basic%20for%20Applications%20(VBA)%20macros%20by%20default.%20The%20operators%20of%20the%20infamous%20Emotet%20botnet%20are%20testing%20new%20attack%20techniques%20in%20response%20to%20Microsoft%E2%80%99s%20move%20to%20disable%20Visual%20Basic%20for%20Applications%20(VBA)%20macros%20by%20default.%20The%20threat%20actors%20are%20adopting%20the%20%5B%E2%80%A6%5D&description=Emotet%20operators%20are%20testing%20new%20attack%20techniques%20in%20response%20to%20Microsoft%E2%80%99s%20move%20to%20disable%20Visual%20Basic%20for%20Applications%20(VBA)%20macros%20by%20default.%20The%20operators%20of%20the%20infamous%20Emotet%20botnet%20are%20testing%20new%20attack%20techniques%20in%20response%20to%20Microsoft%E2%80%99s%20move%20to%20disable%20Visual%20Basic%20for%20Applications%20(VBA)%20macros%20by%20default.%20The%20threat%20actors%20are%20adopting%20the%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.22.198 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-22-198.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:53 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
smtr
contextual.media.net/
88 KB
33 KB
Script
General
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&nse=5&vi=1651495553276459727&lw=1&ugd=4&kttle=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaigns&pgid=p11298862554t202205021245&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
11cd8c3f59b7fe36ac22255e2ddd8cbddeb7667344b5d49d54563fcd85abc546
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
expires
Mon, 02 May 2022 12:45:53 GMT
cache-control
max-age=0, no-cache, no-store
x-sc-h
21-n2t4
strict-transport-security
max-age=604800
content-length
33307
x-sc-w
21-gcnl
checksync.php
contextual.media.net/ Frame 9F4C
15 KB
6 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2c115b4e839413a0d7fc63df34311120c5431cd695ecd5cfb190556494d4dc71
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73824
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:53 GMT
expires
Tue, 03 May 2022 09:16:17 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
bping.php
lg3.media.net/
35 B
189 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=535&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1651495553276459727&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781335&r=1651495552658&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=201011&vgd_rakh=1651495553184082435&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11298862554t202205021245&vgd_pgids=2&vgd_uspa=0&hvsid=00001651495552654013651816967886&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 02 May 2022 12:45:53 GMT
smtr
contextual.media.net/
80 KB
32 KB
Script
General
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&nse=5&vi=1651495553754929675&lw=1&ugd=4&kttle=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaigns&pgid=p11298862554t202205021245&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c25568770c17d6ae6b5163a6c5bd581607615902df7ba19548a04db76792bfa8
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
expires
Mon, 02 May 2022 12:45:53 GMT
cache-control
max-age=0, no-cache, no-store
x-sc-h
21-24d4
strict-transport-security
max-age=604800
content-length
32142
x-sc-w
21-vfh0
checksync.php
contextual.media.net/ Frame 56E6
15 KB
6 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2c115b4e839413a0d7fc63df34311120c5431cd695ecd5cfb190556494d4dc71
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73824
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:53 GMT
expires
Tue, 03 May 2022 09:16:17 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
bping.php
lg3.media.net/
35 B
189 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=544&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1651495553754929675&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781335&r=1651495552743&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=201011&vgd_rakh=1651495553184082435&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11298862554t202205021245&vgd_pgids=2&vgd_uspa=0&hvsid=00001651495552721013651816963836&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 02 May 2022 12:45:53 GMT
smtr
contextual.media.net/
80 KB
32 KB
Script
General
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&nse=5&vi=1651495553427971897&lw=1&ugd=4&kttle=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaigns&pgid=p11298862554t202205021245&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8feae31487f143edd26796d6a8a3d66d26c78cceaffd5ce630850d1426f03c47
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
expires
Mon, 02 May 2022 12:45:53 GMT
cache-control
max-age=0, no-cache, no-store
x-sc-h
21-htc6
strict-transport-security
max-age=604800
content-length
32115
x-sc-w
21-vfh0
checksync.php
contextual.media.net/ Frame A438
15 KB
6 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2c115b4e839413a0d7fc63df34311120c5431cd695ecd5cfb190556494d4dc71
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73824
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:53 GMT
expires
Tue, 03 May 2022 09:16:17 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
bping.php
lg3.media.net/
35 B
189 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=544&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1651495553427971897&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781335&r=1651495552770&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=201011&vgd_rakh=1651495553184082435&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11298862554t202205021245&vgd_pgids=2&vgd_uspa=0&hvsid=00001651495552721013651816963836&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 02 May 2022 12:45:53 GMT
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/
1 KB
1 KB
Image
General
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 02 May 2022 12:45:53 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Mon, 02 May 2022 12:50:53 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/
6 KB
6 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/
7 KB
7 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/
6 KB
6 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
securityaffairs-best-european-blog2.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/
10 KB
10 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
x-bytes-saved
103276
content-length
10314
x-nc
HIT hhn 2
last-modified
Tue, 02 Jun 2020 21:29:55 GMT
server
nginx
etag
"c8c3d7b06b174426"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires
Fri, 03 Jun 2022 09:29:55 GMT
sdk.js
connect.facebook.net/en_US/
283 KB
81 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=b8e86bfe406e76a1146d5556b23c15ae
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6384fc1e61784855178f1d51ae4a1d8449c2269b1e6f8554d6ef3aa2fd7bbf1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
AEGthZO8ediFnQjtEj+ieQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Tue, 02 May 2023 10:45:39 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
82884
x-fb-rlafr
0
x-fb-debug
nxtEWWSDL4tYN3oFUUpcXNOeU1P4SICMoW5+JZ/bU7BuyxZk0RcV0TkpPRC11Pt/umJjOFvywy/S4+lS6naK2Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
6f30cd11a3187edf42602576d5c9e00f
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 02 May 2022 12:45:53 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"85ee6f7fc5f7e984882753d236130ddd"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
collect
www.google-analytics.com/j/
2 B
407 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1728891130&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&ul=en-us&de=UTF-8&dt=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaignsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=492193167&gjid=1245062496&cid=735984151.1651495553&tid=UA-59069958-1&_gid=831215178.1651495553&_r=1&_slc=1&z=871628259
Requested by
Host: google-analytics.com
URL: https://google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
g.gif
pixel.wp.com/
50 B
93 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=29506073&post=130739&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=1891&rand=0.08674502698093223
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 02 May 2022 12:45:53 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
js
www.googletagmanager.com/gtag/
180 KB
66 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f033f680faade0fee749071910078602f26ca3ecde263154007d668e4bd23e03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67731
x-xss-protection
0
expires
Mon, 02 May 2022 12:45:53 GMT
hb_v2.js
cdn.pixfuture.com/
33 KB
34 KB
Script
General
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Sep 2021 15:09:43 GMT
server
cloudflare
age
96840
etag
W/"61533037-84f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSlNpAgy1NsJvWI7eji6miOSd1oiindiW8y8sMRlPwaBPjcB%2BuVY6WOBI%2F3K8LF8WCy%2BgIK7SgUWwaDiZRIbBrQPK7MaQIU0uRFjpRsvixwLQnlm46Pn0mliW%2F66xzaC2RE0nuBc9W7jhtk0pRHM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Mon, 02 May 2022 14:56:46 GMT
cache-control
public, max-age=2678400, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
7050db4b1a1391fc-FRA
cf-bgj
minify
1x1.gif
res-a.akamaihd.net/__media__/pics/800028474/ Frame 5213
42 B
350 B
Image
General
Full URL
https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:53 GMT
Last-Modified
Mon, 04 Jun 2018 10:04:19 GMT
Server
nginx
ETag
"5b150ea3-2a"
Content-Type
image/gif
Cache-Control
public, max-age=361323
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Fri, 06 May 2022 17:07:56 GMT
truncated
/ Frame 5213
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 5213
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
1x1.gif
res-a.akamaihd.net/__media__/pics/800028474/ Frame 15B0
42 B
350 B
Image
General
Full URL
https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:53 GMT
Last-Modified
Mon, 04 Jun 2018 10:04:19 GMT
Server
nginx
ETag
"5b150ea3-2a"
Content-Type
image/gif
Cache-Control
public, max-age=361323
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Fri, 06 May 2022 17:07:56 GMT
truncated
/ Frame 15B0
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 15B0
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
collect
www.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe4r0&_p=1728891130&_z=ccd.NbB&cid=735984151.1651495553&ul=en-us&sr=1600x1200&_s=1&sid=1651495552&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&dt=Emotet%20tests%20new%20attack%20chain%20in%20low%20volume%20campaignsSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bql.php
lg3.media.net/ Frame 5213
15 B
216 B
Script
General
Full URL
https://lg3.media.net/bql.php?vgd_len=4399&&&vgd_l2type=sca&v=1&gdpr=1&geo=49.45%7C11.08&dlper=25&lper=100&lpid=&tsid=1&q=&prv=&type=&ps=&hint=&td=&cc=DE&wsip=170721646&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nfu&vgd_dnquo=01_9&ksu=207&fdkt=467&vgde_kbbh=fuoyxQBuG&kwd[]=How+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=1&kid[]=329969391&kbc2[]=pmb%3D1%7C%7Crps_60%3D0.99%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_62%3D0.73%7C%7Crps_66%3D2.27%7C%7Crps%3D0.95%7C%7Cps%3D0.917%7C%7Crpc%3D1.02%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Common+Types+of+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=2&kid[]=350691205&kbc2[]=pmb%3D1%7C%7Crps_60%3D0.99%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_62%3D0.73%7C%7Crps_66%3D2.27%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Ways+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=3&kid[]=329969436&kbc2[]=pmb%3D1%7C%7Crps_60%3D0.99%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_62%3D0.73%7C%7Crps_66%3D2.27%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Cyber+Security+Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172923&kbc2[]=rps_60%3D0.99%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_62%3D0.73%7C%7Crps_66%3D2.27%7C%7Crps%3D0.97%7C%7Cps%3D0.826%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749888303360&cid=8CU5BD6EW&vwid=1651495553416628201&vi=1651495553416628201&tdAdd[]=ib%3D0&tdAdd[]=asnum%3D201011&vgd_l3_sc=HE&vgd_chost=contextual.media.net&vgd_kalog=HID%3D1%7C%7CUUID%3D338SrklWybSkoTrLZs%7C%7CMPTD%3D656%7C%7CTPTD%3D2748829536772%7C%7CMI%3D2266%7C%7CSI%3D2266%7C%7CCI%3D2689%7C%7CTLID%3D6%7C%7CSID%3D9&vgd_katid=807619818&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_kals=ttype%3D10002%7C%7Cpc%3D18%7C%7Cfat%3D1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170721646&vgd_nrrv=17027&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=nuremberg&&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&vgd_l1rakh=1651495553184082435&sttm=1651495552585&upk=1651495552.22180&hvsid=00001651495552585013651816963770&verid=4121199&vgd_isiolc=1&pid=8PO9OT5EW&&abpl=2&&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D201011&&vgd_vstrid=DefVid&vgd_optout=0&vgd_cfud=220419&vgd_scsver=183&vgd_icat=380&vgd_spcat=500986&vgd_l2ch=0&vgd_rensize=600_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200&&vgd_uspa=0&vgd_sc=HE&vgd_l1rhst=contextual.media.net&hvsid=00001651495552585013651816963770&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRI2-P7SdEO9oLTowtwlxugpWpU1N0OHxkBsVeD-1sA1U84KblbsXyMTeHg5Iddri8bmTBZt0CaOxMIlatsHuxVU%3D&cme=xqy9ryglFCvw3JZMZyfQfQm2nSxTpA2Jz9bkqT-DA5_psTV07X5x_4tUPWIzyrFsWh-_7PdP52jWhCzYllPTtDC05lVqkeM-_k8d4LhOYCoDjqu9c_DYJmjXef8UUIlbYO0jZC_Wr7SEtRWtbU3xGZ6K7kMg8xM4NEXF6tO343GcM9rw4xqKW8voSj6dO3hlbqYrJ2d3IwzM9fg1j6nGLONfV8JPm-uk%7C%7CdjisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4%7CZv9vKTut_OR3ujLEF8kyfURdGC4dd0lNMiaBi92J16WCKBmrAEMpwmuHf22NU2xOwgZOdDDCzpBFMWzIndPyMDCgjQf50sG491J-e6K_1E77zFrcYc8Z5pbzaObAugP3tJ9mfL-d1YSqItadvMJ0PHPjMCI_RiQH4flE_PWCxvZtgYgyo13PbnHND_Y1g8aBInuHy13G_KWROuwQSSgHECgI-clGrFXp_Ow2zaJztk0%3D%7C&rc=0&rand=1651495553092&matm=1651495553092&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_x_pos=325&vgd_y_pos=2843&vgd_ren_page_h=4758&vgd_ltime=619&vgd_ltimesrc=2&vgd_l1hcsd=A7%7C2913&vgd_l1ch=1&vgd_lhl=880&vgd_pgid=p11298862554t202205021245&vgd_adprefflag=11&vgd_sbSup=1&vgd_nrrs=17027&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&oRurl=adomain%3D%26allsc%3DHE%26cb%3Dwindow._mNDetails.initAd%26cc%3DDE%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D816788371%26gdpr%3D1%26https%3D1%26kalog%3D%26kals%3D%26kttle%3DEmotet%2Btests%2Bnew%2Battack%2Bchain%2Bin%2Blow%2Bvolume%2Bcampaigns%26lw%3D1%26matchstring%3D%26nb%3D1%26nse%3D5%26pgid%3Dp11298862554t202205021245%26requrl%3Dhttps%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F130739%252Fcyber-crime%252Femotet-operators-test-new-techniques.html%26size%3D300x250%26ugd%3D4%26vi%3D1651495553416628201%26vif%3D1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:53 GMT
bql.php
lg3.media.net/ Frame 15B0
15 B
216 B
Script
General
Full URL
https://lg3.media.net/bql.php?vgd_len=4405&&&vgd_l2type=sca&v=1&gdpr=1&geo=49.45%7C11.08&dlper=25&lper=100&lpid=&tsid=1&q=&prv=&type=&ps=&hint=&td=&cc=DE&wsip=170721401&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nfu&vgd_dnquo=01_9&ksu=207&fdkt=467&vgde_kbbh=fuoyxQBuG&kwd[]=Common+Types+of+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=1&kid[]=350691205&kbc2[]=pmb%3D1%7C%7Crps_60%3D0.99%7C%7Crps_12%3D0.60%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.39%7C%7Crps_62%3D0.77%7C%7Crps_66%3D2.27%7C%7Crps%3D0.93%7C%7Cps%3D0.917%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=How+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=2&kid[]=329969391&kbc2[]=pmb%3D1%7C%7Crps_60%3D0.99%7C%7Crps_12%3D0.60%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.39%7C%7Crps_62%3D0.77%7C%7Crps_66%3D2.27%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D1.02%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Ways+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=3&kid[]=329969436&kbc2[]=pmb%3D1%7C%7Crps_60%3D0.99%7C%7Crps_12%3D0.60%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.39%7C%7Crps_62%3D0.77%7C%7Crps_66%3D2.27%7C%7Crps%3D0.93%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Cyber+Security+Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172923&kbc2[]=rps_60%3D0.99%7C%7Crps_12%3D0.60%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.39%7C%7Crps_62%3D0.77%7C%7Crps_66%3D2.27%7C%7Crps%3D0.97%7C%7Cps%3D0.826%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749888303360&cid=8CU5BD6EW&vwid=1651495553531611832&vi=1651495553531611832&tdAdd[]=ib%3D0&tdAdd[]=asnum%3D201011&vgd_l3_sc=HE&vgd_chost=contextual.media.net&vgd_katid=806241103&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_kals=ttype%3D10002%7C%7Cpc%3D5%7C%7Cfat%3D1&vgd_kalog=HID%3D1%7C%7CUUID%3D338SrklWybSkp118Hu%7C%7CMPTD%3D656%7C%7CTPTD%3D2473943241220%7C%7CMI%3D2266%7C%7CSI%3D2266%7C%7CCI%3D2689%7C%7CTLID%3D6%7C%7CSID%3D9&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170721401&vgd_nrrv=17027&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=nuremberg&&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&vgd_l1rakh=1651495553184082435&sttm=1651495552623&upk=1651495552.22180&hvsid=00001651495552585013651816963770&verid=4121199&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&&abpl=2&&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D201011&&vgd_vstrid=DefVid&vgd_optout=0&vgd_cfud=220419&vgd_scsver=183&vgd_icat=380&vgd_spcat=500986&vgd_l2ch=0&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200&&vgd_uspa=0&vgd_sc=HE&vgd_l1rhst=contextual.media.net&hvsid=00001651495552585013651816963770&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRI2-P7SdEO9oLTowtwlxugpWpU1N0OHxkBsVeD-1sA1U84KblbsXyMTeHg5Iddri8bmTBZt0CaOxMIlatsHuxVU%3D&cme=5Z94hBTTmUiSxo7EJ7YQCVpWOaVlEEsIHmljzhvxfL1MA3dpiq2jC8LYKJH0FL3GNosoeiQo6C7htVvOYT_LYPEUxRgWFwPtTX4hbIGMSfCP-CpgoL_tuDhhre6tk-NrTPTS_pRGEVab7fvO-cByoMS57eAcMobnpoJDKP7y0pJFaicvrmwi4CwO_CRflFtojruz87szwmHeFboSk5gjW3mubXyoJFzN%7C%7CdjisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4%7CZv9vKTut_OS73A4GJh0BiaaYiGdBmE3qBV89bK0qaBYDrtEfQ9ghfSxfCL65RlsWZrnlWUHAW9y2pEpxArXVrnk24amkIaAJ9Mtszh433LCZGFRfwbG3KXgb9iVvCvd2sjc0mNPtmfAUMOlXYjpslHIeltj186yQyPpDNxvm63d4o5Mhoh3EFDlmUPJg5LdyI3LzbORx3QVGeFkel499viXGdbX6r4216wgdkDv50zw%3D%7C&rc=0&rand=1651495553127&matm=1651495553127&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_x_pos=325&vgd_y_pos=3100&vgd_ren_page_h=4758&vgd_ltime=575&vgd_ltimesrc=2&vgd_l1hcsd=A7%7C2913&vgd_l1ch=1&vgd_lhl=887&vgd_pgid=p11298862554t202205021245&vgd_adprefflag=11&vgd_sbSup=1&vgd_nrrs=17027&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&oRurl=adomain%3D%26allsc%3DHE%26cb%3Dwindow._mNDetails.initAd%26cc%3DDE%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D816788371%26gdpr%3D1%26https%3D1%26kalog%3D%26kals%3D%26kttle%3DEmotet%2Btests%2Bnew%2Battack%2Bchain%2Bin%2Blow%2Bvolume%2Bcampaigns%26lw%3D1%26matchstring%3D%26nb%3D1%26nse%3D5%26pgid%3Dp11298862554t202205021245%26requrl%3Dhttps%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F130739%252Fcyber-crime%252Femotet-operators-test-new-techniques.html%26size%3D300x250%26ugd%3D4%26vi%3D1651495553531611832%26vif%3D1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:53 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:53 GMT
pbix.js
cdn.pixfuture.com/
423 KB
424 KB
Script
General
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
96816
cf-polished
origSize=433266
cf-bgj
minify
last-modified
Mon, 23 Aug 2021 13:19:22 GMT
server
cloudflare
etag
W/"6123a05a-69c72"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64nmMfgHWpb3uBQsHPZdG5kFOF%2FCXgF1M10C6aZqj9RpfkjNbdeXNWvcnp%2B5vU1a0C6qc1W4QVxRNY3KG9ejsgXyofelG0opNAuMKVrhZ2eqD%2FuXmXT%2BKol426gwT5E%2F5zjKCzRS3VLz2Su4RYKO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2678400, no-transform
cf-ray
7050db4c1b8991fc-FRA
expires
Mon, 02 May 2022 14:56:52 GMT
r.js
aa.agkn.com/adscores/
0
185 B
Script
General
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.249.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-249-60.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/
9 KB
9 KB
XHR
General
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=emotet,tests,new,attack,chain,low,volume,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
78f289018bca1b13f8236997068d4df4cdd3a72d2fccc4651ba2bb5fe0c3e1ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:54 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/
9 KB
9 KB
XHR
General
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=emotet,tests,new,attack,chain,low,volume,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a3fcc0905115e4dac559bd970a39935c6a62f5a3d55036f0a8ea752da6b750fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:54 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/
11 KB
12 KB
XHR
General
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=emotet,tests,new,attack,chain,low,volume,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
14462c88d03d0d5dae4d1014ea370b9591dce5c273140fde8afa91f28c622bb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:54 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/
9 KB
9 KB
XHR
General
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=emotet,tests,new,attack,chain,low,volume,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a3fcc0905115e4dac559bd970a39935c6a62f5a3d55036f0a8ea752da6b750fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:54 GMT
truncated
/ Frame 3C91
107 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 3C91
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bullet12.woff
res-a.akamaihd.net/__media__/fonts/bullet12/ Frame 3C91
2 KB
2 KB
Font
General
Full URL
https://res-a.akamaihd.net/__media__/fonts/bullet12/bullet12.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-6b4"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1716
OpenSans_Bold.woff
res-a.akamaihd.net/__media__/fonts/OpenSans_Bold/ Frame 3C91
25 KB
25 KB
Font
General
Full URL
https://res-a.akamaihd.net/__media__/fonts/OpenSans_Bold/OpenSans_Bold.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-6478"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25720
1x1.gif
res-a.akamaihd.net/__media__/pics/800028474/ Frame DA73
42 B
350 B
Image
General
Full URL
https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Last-Modified
Mon, 04 Jun 2018 10:04:19 GMT
Server
nginx
ETag
"5b150ea3-2a"
Content-Type
image/gif
Cache-Control
public, max-age=361322
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Fri, 06 May 2022 17:07:56 GMT
truncated
/ Frame DA73
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame DA73
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bullet8.woff
res-a.akamaihd.net/__media__/fonts/bullet8/ Frame DA73
2 KB
2 KB
Font
General
Full URL
https://res-a.akamaihd.net/__media__/fonts/bullet8/bullet8.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
53270b71935310d01091c385fb610d324d59e3cb15354e98762445f658cb64bb

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-6ac"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1708
bql.php
lg3.media.net/ Frame DA73
15 B
216 B
Script
General
Full URL
https://lg3.media.net/bql.php?vgd_len=4403&&&vgd_l2type=sca&v=1&gdpr=1&geo=49.45%7C11.08&dlper=25&lper=100&lpid=&tsid=1&q=&prv=&type=&ps=&hint=&td=&cc=DE&wsip=170721655&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nfu&vgd_dnquo=01_9&ksu=207&fdkt=467&vgde_kbbh=fuoNWNY&kwd[]=How+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=1&kid[]=329969391&kbc2[]=pmb%3D1%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_12%3D0.68%7C%7Crps_60%3D0.99%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.73%7C%7Crps%3D0.95%7C%7Cps%3D0.917%7C%7Crpc%3D1.02%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Common+Types+of+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=2&kid[]=350691205&kbc2[]=pmb%3D1%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_12%3D0.68%7C%7Crps_60%3D0.99%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.73%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Ways+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=3&kid[]=329969436&kbc2[]=pmb%3D1%7C%7Crps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_12%3D0.68%7C%7Crps_60%3D0.99%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.73%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Cyber+Security+Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172923&kbc2[]=rps_63%3D0.47%7C%7Crps_10%3D3.29%7C%7Crps_12%3D0.68%7C%7Crps_60%3D0.99%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.73%7C%7Crps%3D0.97%7C%7Cps%3D0.826%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749888303360&cid=8CU5BD6EW&vwid=1651495553276459727&vi=1651495553276459727&tdAdd[]=ib%3D0&tdAdd[]=asnum%3D201011&vgd_l3_sc=HE&vgd_chost=contextual.media.net&vgd_katid=801333295&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_kals=ttype%3D10002%7C%7Cpc%3D32%7C%7Cfat%3D1&vgd_kalog=SI%3D2266%7C%7CSID%3D9%7C%7CHID%3D0%7C%7CUUID%3D338Sr4s68LCBfWsNML%7C%7CMPTD%3D656%7C%7CTPTD%3D2748829536772%7C%7CCI%3D2689%7C%7CTLID%3D6%7C%7CMI%3D2266&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170721655&vgd_nrrv=17027&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=nuremberg&&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&vgd_l1rakh=1651495553184082435&sttm=1651495552654&upk=1651495552.22180&hvsid=00001651495552654013651816967886&verid=3121199&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&&abpl=2&&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D201011&&vgd_vstrid=DefVid&vgd_optout=0&vgd_cfud=200218&vgd_scsver=183&vgd_icat=380&vgd_spcat=500986&vgd_l2ch=0&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200&&vgd_uspa=0&vgd_sc=HE&vgd_l1rhst=contextual.media.net&hvsid=00001651495552654013651816967886&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRI2-P7SdEO9oLTowtwlxugpWpU1N0OHxkBsVeD-1sA1U84KblbsXyMT8-HmwjKND8IIob1e-FEDOTiux5inoZoQ%3D&cme=ltNcn0l-I-V1c36fiX9DNkdrLlsYFb8coSQ6Qgl0oj6l1i_vQF767xLcTkYHf9TE8NuG43aBLaGlxvdm24TWNSBi_eMSJkQif9TDVptAtuwIRD9dDD-PPKwfBrFVjGlrk8-sQOK7k5qeKGEVl15jn7uNGsbA5_5ylEQQedJ1OrYLRu9i1pbBXYYNAjhYCoxbL3_HF0Z-Jk2lWBjSrAbeNzZdirXsKEDA%7C%7CdjisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4%7C5XE7dKuggdE_uOeRMGMynx-8ANKnxR9MKG_HahYXkggVvWsEKut-sKNhmXLPkmQL8hXW_t4-5YoBkyOJm1iw8BE6Mc0jPtjCgSHh2esO2aNwYFLVbRBr2_Jm4XjAkiM6JPS18U_Lqx1RQSO-zs5_ewMmJvVrWFZH5y3OsdnBvTavi1YR1X31priudLlHVZXGqcvKrTJcaCcrS-QRAHlgdYgvd8p7BGhbccMnQzeZmw0%3D%7C&rc=0&rand=1651495553266&matm=1651495553266&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_x_pos=980&vgd_y_pos=414&vgd_ren_page_h=5176&vgd_ltime=637&vgd_ltimesrc=2&vgd_l1hcsd=A7%7C2913&vgd_l1ch=1&vgd_lhl=887&vgd_pgid=p11298862554t202205021245&vgd_adprefflag=11&vgd_sbSup=1&vgd_nrrs=17027&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&oRurl=adomain%3D%26allsc%3DHE%26cb%3Dwindow._mNDetails.initAd%26cc%3DDE%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D184323154%26gdpr%3D1%26https%3D1%26kalog%3D%26kals%3D%26kttle%3DEmotet%2Btests%2Bnew%2Battack%2Bchain%2Bin%2Blow%2Bvolume%2Bcampaigns%26lw%3D1%26matchstring%3D%26nb%3D1%26nse%3D5%26pgid%3Dp11298862554t202205021245%26requrl%3Dhttps%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F130739%252Fcyber-crime%252Femotet-operators-test-new-techniques.html%26size%3D300x250%26ugd%3D4%26vi%3D1651495553276459727%26vif%3D1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:54 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:54 GMT
truncated
/ Frame BA12
107 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame BA12
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bullet12.woff
res-a.akamaihd.net/__media__/fonts/bullet12/ Frame BA12
2 KB
2 KB
Font
General
Full URL
https://res-a.akamaihd.net/__media__/fonts/bullet12/bullet12.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-6b4"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1716
OpenSans_Bold.woff
res-a.akamaihd.net/__media__/fonts/OpenSans_Bold/ Frame BA12
25 KB
25 KB
Font
General
Full URL
https://res-a.akamaihd.net/__media__/fonts/OpenSans_Bold/OpenSans_Bold.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
92.123.224.108 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-224-108.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Last-Modified
Mon, 16 May 2016 10:39:41 GMT
Server
nginx
ETag
"5739a36d-6478"
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25720
bql.php
lg3.media.net/ Frame 3C91
15 B
216 B
Script
General
Full URL
https://lg3.media.net/bql.php?vgd_len=4812&&&vgd_l2type=sca&v=1&gdpr=1&geo=49.45%7C11.08&dlper=25&lper=100&lpid=&tsid=1&q=&prv=&type=&ps=&hint=&td=&cc=DE&wsip=170721646&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nfu&vgd_dnquo=01_9&ksu=207&fdkt=467&vgde_kbbh=fuoyxQBuG&kwd[]=How+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=1&kid[]=329969391&kbc2[]=pmb%3D1%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.77%7C%7Crps_60%3D0.99%7C%7Crps_10%3D3.39%7C%7Crps_63%3D0.47%7C%7Crps_12%3D0.60%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D1.02%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Ways+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=2&kid[]=329969436&kbc2[]=pmb%3D1%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.77%7C%7Crps_60%3D0.99%7C%7Crps_10%3D3.39%7C%7Crps_63%3D0.47%7C%7Crps_12%3D0.60%7C%7Crps%3D0.93%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Common+Types+of+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=3&kid[]=350691205&kbc2[]=pmb%3D1%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.77%7C%7Crps_60%3D0.99%7C%7Crps_10%3D3.39%7C%7Crps_63%3D0.47%7C%7Crps_12%3D0.60%7C%7Crps%3D0.93%7C%7Cps%3D0.917%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Cyber+Security+Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172923&kbc2[]=rps_66%3D2.27%7C%7Crps_62%3D0.77%7C%7Crps_60%3D0.99%7C%7Crps_10%3D3.39%7C%7Crps_63%3D0.47%7C%7Crps_12%3D0.60%7C%7Crps%3D0.97%7C%7Cps%3D0.826%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749888303360&kwd[]=Online+Cyber+Crime+Portal&kwt[]=439&kbc[]=1202993920&kwp[]=5&kid[]=330029445&kbc2[]=clust%3D-1%7C%7Claw+%26+government+%3E+public+safety+%3E+crime+%26+justice%7C%7Cdiff%3D1%7C%7Csetid%3D7%7C%7Ct%3D1%7C%7Crps_66%3D2.27%7C%7Crps_62%3D0.73%7C%7Crps_60%3D0.59%7C%7Crps_10%3D3.39%7C%7Crps_63%3D0.47%7C%7Crps_12%3D0.60%7C%7Crps%3D0.65%7C%7Cps%3D0.826%7C%7Crpc%3D0.14%7C%7Clvl%3D1.00&ktd[]=2017894932689588480&cid=8CU5BD6EW&vwid=1651495553427971897&vi=1651495553427971897&tdAdd[]=ib%3D0&tdAdd[]=asnum%3D201011&vgd_l3_sc=HE&vgd_chost=contextual.media.net&vgd_kals=ttype%3D10002%7C%7Cpc%3D8%7C%7Cfat%3D1&vgd_kalog=MPTD%3D656%7C%7CTLID%3D6%7C%7CCI%3D2689%7C%7CSI%3D2266%7C%7CTPTD%3D2748821148164%7C%7CHID%3D0%7C%7CMI%3D2266%7C%7CSID%3D9%7C%7CUUID%3D338SrcpYV2hlWVTJ6A&vgd_katid=806241096&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170721646&vgd_nrrv=17027&vgd_nrrmf=480a&vgd_nrrsf=scrr&vgd_cty=nuremberg&&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&vgd_l1rakh=1651495553184082435&sttm=1651495552759&upk=1651495552.22180&hvsid=00001651495552721013651816963836&verid=3121199&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&&abpl=2&&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D201011&&vgd_vstrid=DefVid&vgd_optout=0&vgd_cfud=220405&vgd_scsver=183&vgd_icat=380&vgd_spcat=500986&vgd_l2ch=0&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200&&vgd_uspa=0&vgd_sc=HE&vgd_l1rhst=contextual.media.net&hvsid=00001651495552721013651816963836&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRI2-P7SdEO9oLTowtwlxugpWpU1N0OHxkBsVeD-1sA1U84KblbsXyMQmCO3B85gsK1ubLN_3x7gW4kYxHTmN94c%3D&cme=CAdsLPfBAomQ7XnVskJHSmC0r2RxvFYbes961NunXL-lu_2hn2U71bgXkMjaD4SkE28fp1Tdd9OXvXi2qOqhljgBcdsri8jsabOEJWtrkYCxd62MzneAeJdRau56me8xThUX-yPcLU99okI_xU4Gx_yodg2FoisYZ_rmloizbyM2DJ_0JUVjCpPGGbuhYz6wOZJYqgIzKTKMzE1upEDGU-yEOAEAjOGl%7C%7CbrWezIJPWpD3AED0X3LENj7J_PfmtbY3o0qbBj730J8i_ClyyoCFABKBUa7pkow9JFEQAP1seauwRJ9EbFaVrZeByZIKBClkGmSbKUt41PULkqUWz8ssDww2jPLo614dXcDsHg6lEoE74oJM46IM-kSGTLTaa8w8EH4umkEcoqsXLZ1Ms9emQTAR8OSxbKhZzCMC-C8nyoinohjh15r8MIdK_hdypVmZNtH-leMlL2E%3D%7CdjisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4%7C&rc=0&rand=1651495553218&matm=1651495553218&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_x_pos=980&vgd_y_pos=725&vgd_ren_page_h=5176&vgd_ltime=572&vgd_ltimesrc=2&vgd_l1hcsd=A7%7C2913&vgd_l1ch=1&vgd_lhl=887&vgd_pgid=p11298862554t202205021245&vgd_adprefflag=10&vgd_sbSup=1&vgd_nrrs=17027&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&oRurl=adomain%3D%26allsc%3DHE%26cb%3Dwindow._mNDetails.initAd%26cc%3DDE%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D647633027%26gdpr%3D1%26https%3D1%26kalog%3D%26kals%3D%26kttle%3DEmotet%2Btests%2Bnew%2Battack%2Bchain%2Bin%2Blow%2Bvolume%2Bcampaigns%26lw%3D1%26matchstring%3D%26nb%3D1%26nse%3D5%26pgid%3Dp11298862554t202205021245%26requrl%3Dhttps%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F130739%252Fcyber-crime%252Femotet-operators-test-new-techniques.html%26size%3D300x250%26ugd%3D4%26vi%3D1651495553427971897%26vif%3D1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:54 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:54 GMT
bql.php
lg3.media.net/ Frame BA12
15 B
216 B
Script
General
Full URL
https://lg3.media.net/bql.php?vgd_len=4826&&&vgd_l2type=sca&v=1&gdpr=1&geo=49.45%7C11.08&dlper=25&lper=100&lpid=&tsid=1&q=&prv=&type=&ps=&hint=&td=&cc=DE&wsip=170721646&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nfu&vgd_dnquo=01_9&ksu=207&fdkt=467&vgde_kbbh=fuoNWNY&kwd[]=How+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=1&kid[]=329969391&kbc2[]=pmb%3D1%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_66%3D2.27%7C%7Crps_60%3D0.99%7C%7Crps_62%3D0.73%7C%7Crps_10%3D3.29%7C%7Crps%3D0.95%7C%7Cps%3D0.917%7C%7Crpc%3D1.02%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Common+Types+of+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=2&kid[]=350691205&kbc2[]=pmb%3D1%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_66%3D2.27%7C%7Crps_60%3D0.99%7C%7Crps_62%3D0.73%7C%7Crps_10%3D3.29%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D0.09%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Ways+to+Prevent+Cyber+Attacks&kwt[]=467&kbc[]=1262282632&kwp[]=3&kid[]=329969436&kbc2[]=pmb%3D1%7C%7Crps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_66%3D2.27%7C%7Crps_60%3D0.99%7C%7Crps_62%3D0.73%7C%7Crps_10%3D3.29%7C%7Crps%3D0.94%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Cyber+Security+Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172923&kbc2[]=rps_12%3D0.68%7C%7Crps_63%3D0.47%7C%7Crps_66%3D2.27%7C%7Crps_60%3D0.99%7C%7Crps_62%3D0.73%7C%7Crps_10%3D3.29%7C%7Crps%3D0.97%7C%7Cps%3D0.826%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749888303360&kwd[]=Online+Cyber+Crime+Portal&kwt[]=439&kbc[]=1202993920&kwp[]=5&kid[]=330029445&kbc2[]=clust%3D-1%7C%7Claw+%26+government+%3E+public+safety+%3E+crime+%26+justice%7C%7Cdiff%3D1%7C%7Csetid%3D7%7C%7Ct%3D1%7C%7Crps_12%3D0.85%7C%7Crps_63%3D0.47%7C%7Crps_66%3D2.27%7C%7Crps_60%3D0.59%7C%7Crps_62%3D0.70%7C%7Crps_10%3D3.29%7C%7Crps%3D0.70%7C%7Cps%3D0.826%7C%7Crpc%3D0.14%7C%7Clvl%3D1.00&ktd[]=2017894932689588480&cid=8CU5BD6EW&vwid=1651495553754929675&vi=1651495553754929675&tdAdd[]=ib%3D0&tdAdd[]=asnum%3D201011&vgd_l3_sc=HE&vgd_chost=contextual.media.net&vgd_katid=807619810&vgd_katbid=-21&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_kals=ttype%3D10002%7C%7Cpc%3D54%7C%7Cfat%3D2%7C%7Ctbft%3D2&vgd_kalog=MPTD%3D656%7C%7CCI%3D2689%7C%7CMI%3D2266%7C%7CSID%3D9%7C%7CSI%3D2266%7C%7CTLID%3D6%7C%7CUUID%3D338SqyKaLgitxak8nk%7C%7CTPTD%3D75316588646916%7C%7CHID%3D3&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170721646&vgd_nrrv=17027&vgd_nrrmf=480a&vgd_nrrsf=scrr&vgd_cty=nuremberg&&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&vgd_l1rakh=1651495553184082435&sttm=1651495552721&upk=1651495552.22180&hvsid=00001651495552721013651816963836&verid=3121199&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&&abpl=2&&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D201011&&vgd_vstrid=DefVid&vgd_optout=0&vgd_cfud=220405&vgd_scsver=183&vgd_icat=380&vgd_spcat=500986&vgd_l2ch=0&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200&&vgd_uspa=0&vgd_sc=HE&vgd_l1rhst=contextual.media.net&hvsid=00001651495552721013651816963836&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRI2-P7SdEO9oLTowtwlxugpWpU1N0OHxkBsVeD-1sA1U84KblbsXyMQmCO3B85gsK1ubLN_3x7gW4kYxHTmN94c%3D&cme=vhRIQjanSg2cgtJJD4nAF4-fcxLXLqdjLbkuN8KMc5djOoGxwUYmefXt5pi_NFUdeQzRnRXk3UX-DwaeHidRp9COB1Uj4xggI9VTiRxCrA3s33rM-3yMXgEOK0HpJPe4tGjSQDyWpkP_gTMNhqIWRsmhXmvx8BxUBFIAwMPirD8g-ndbPHYHqCu9TwAjkITWrkSdVv5cPYFF4fIDr50a-H34YJkA1u0d%7C%7CdjisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4%7Cl65MZBzI4biE8JSnDDQe4gnSLTgdmv7BC4wMzqii5b9Fy6X0Eu4R6hTs-HcsleGJbnU2t2loq0fRb_OFTQou2t0t9j29lM0k7QAosY3NAfqxF0BUGoE8UT96d6Xu60mvZOJeY7gHGQiCqidvZKv0vq5t6tpg9R74Iig6YB0K9fspqzZW2gKRjESRMkND8i3mUg0mdKXUi9DZeCMJjhYGsNoHUK5ggToRAy_hQa3rHw8%3D%7C&rc=0&rand=1651495553316&matm=1651495553316&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vgd_x_pos=980&vgd_y_pos=982&vgd_ren_page_h=5176&vgd_ltime=658&vgd_ltimesrc=2&vgd_l1hcsd=A7%7C2913&vgd_l1ch=1&vgd_lhl=887&vgd_pgid=p11298862554t202205021245&vgd_adprefflag=10&vgd_sbSup=1&vgd_nrrs=17027&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&oRurl=adomain%3D%26allsc%3DHE%26cb%3Dwindow._mNDetails.initAd%26cc%3DDE%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D647633027%26gdpr%3D1%26https%3D1%26kalog%3D%26kals%3D%26kttle%3DEmotet%2Btests%2Bnew%2Battack%2Bchain%2Bin%2Blow%2Bvolume%2Bcampaigns%26lw%3D1%26matchstring%3D%26nb%3D1%26nse%3D5%26pgid%3Dp11298862554t202205021245%26requrl%3Dhttps%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F130739%252Fcyber-crime%252Femotet-operators-test-new-techniques.html%26size%3D300x250%26ugd%3D4%26vi%3D1651495553754929675%26vif%3D1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:54 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:54 GMT
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 02 May 2022 12:45:54 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1156
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=2KAnNHxvVTBDWEFRQXNiSkd3K09zZklhVU1tTmU3YU51ZzVXODlhS01HT01kMkM2NFlBL2hMcFk0NUFTNnhzdUFIN2EyTDYrTjh0SWl0enVMMTF0bXU2c2JXMGZvb0tKMXFISE95ZjRiVWxrdW4yWGZNNWx4VWdWWDR0VV...
352 B
621 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=2KAnNHxvVTBDWEFRQXNiSkd3K09zZklhVU1tTmU3YU51ZzVXODlhS01HT01kMkM2NFlBL2hMcFk0NUFTNnhzdUFIN2EyTDYrTjh0SWl0enVMMTF0bXU2c2JXMGZvb0tKMXFISE95ZjRiVWxrdW4yWGZNNWx4VWdWWDR0VVQrditIZ0I4QVcvMVg0ZzV2UFBlTHM2TjVEbVVNZkxFYlk5VTEwc2JzKzROZWxLOHR1cnVhL0trMUxMME9BR3BhdTFraGFzV3E2S0drT3BQSE5xejFtKy9ndXJGeC9RQ2pVV0NjOU9uSjcvMTk2cDlnMFRnPXw&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
97be370c4064459ef2cb7846a2e3b97d470d5cd5f51521fdee735660f45222ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2474
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
location
https://mug.criteo.com/sid?cpp=2KAnNHxvVTBDWEFRQXNiSkd3K09zZklhVU1tTmU3YU51ZzVXODlhS01HT01kMkM2NFlBL2hMcFk0NUFTNnhzdUFIN2EyTDYrTjh0SWl0enVMMTF0bXU2c2JXMGZvb0tKMXFISE95ZjRiVWxrdW4yWGZNNWx4VWdWWDR0VVQrditIZ0I4QVcvMVg0ZzV2UFBlTHM2TjVEbVVNZkxFYlk5VTEwc2JzKzROZWxLOHR1cnVhL0trMUxMME9BR3BhdTFraGFzV3E2S0drT3BQSE5xejFtKy9ndXJGeC9RQ2pVV0NjOU9uSjcvMTk2cDlnMFRnPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1327
content-length
482
expires
0
529.json
id5-sync.com/g/v2/
213 B
625 B
XHR
General
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.195.5.234 , France, ASN16276 (OVH, FR),
Reverse DNS
p36.id5-sync.com
Software
/
Resource Hash
c938e918b826c6448940186b9e9423ca3482c4f0a00d8ccb30d7c85b99d25647
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Mon, 02 May 2022 12:45:53 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/
0
0

rid
match.adsrvr.org/track/
63 B
391 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
a4555b9e12b099a95e7c489a85e25f436723ddd9589fd2537888a6afe7c18754

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Wed, 01 Jun 2022 12:45:54 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1011 B
Script
General
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
ff95e2af-777f-4277-ae75-9c56452965db
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
178890ad-8707-4c8e-a7a5-2c008dc6cf35
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1011 B
Script
General
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
94c22594-5256-4914-ad2a-df172197ae0e
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
782b4582-1d42-47c5-904c-95910c9e829d
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookie_sync
prebidserver.pixfuture.com/
288 B
660 B
XHR
General
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
288
Expires
0
auction
prebidserver.pixfuture.com/openrtb2/
154 B
511 B
XHR
General
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4651534e586ec35cafa0c654f782671b5e3478709aefa7b54700bf6ad58c2ba0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
154
Expires
0
prebid
ib.adnxs.com/ut/v3/
144 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
30e44b945235fcd2d0c4b99df1f5716098d122155ed312f82c4ba0144fc2ddbb
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
cf31b8b9-112a-4747-b191-20ff47044069
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
61 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:53 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/
65 B
330 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
041d0030f762791ed6783e648082f64426c03a3cc9a3ace7b6808cea57b2e581

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
v1
btlr.sharethrough.com/WYu2BXv1/
0
115 B
XHR
General
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.226.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-226-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
access-control-allow-credentials
true
vary
Origin
/
hb.emxdgt.com/
0
160 B
XHR
General
Full URL
https://hb.emxdgt.com/?t=3000&ts=1651495553583&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
arj
pixfuture2-d.openx.net/w/1.0/
73 B
380 B
XHR
General
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=0eedb263-cd44-444e-b3a9-30261a8a6f13&nocache=1651495553586&pubcid=5e8ac2b7-e616-4785-b78c-c8e13b088842&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWVtb3RldCx0ZXN0cyxuZXcsYXR0YWNrLGNoYWluLGxvdyx2b2x1bWUsY2FtcGFpZ25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1lbW90ZXQsdGVzdHMsbmV3LGF0dGFjayxjaGFpbixsb3csdm9sdW1lLGNhbXBhaWduc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4529ee8d8b3f45a695c0213ba3dfefb8e6259b6d86d8a8ba51e195ed92b54187

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/
1 KB
942 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
f6ad9149a2b57c72b8cad43d5d1b6191728f99c7a2e0efe777209514f8630617

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
v1
prg.smartadserver.com/prebid/
171 B
560 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
br
vary
Accept-Encoding, Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
transfer-encoding
chunked
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
bid
ap.lijit.com/rtb/
94 B
748 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
037eb88de36a2f41d388f15cf6df810451c0c05a62454e989e1545d72b6b7210

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
fastlane.json
fastlane.rubiconproject.com/a/api/
284 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=0eedb263-cd44-444e-b3a9-30261a8a6f13&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.26407233125014473
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
748e230e7d5855a387ef9a5aaefbc6a73085f1c1e3bd2ecb65f33ec4df8db417

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
trinity.json
apex.go.sonobi.com/
95 B
733 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22241a6980fcaf7e8%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&s=dfa6c036-c59c-4028-a827-313de3e87bc9&pv=5cf05012-4981-46de-baa2-9a617ead6c5d&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=emotet%2Ctests%2Cnew%2Cattack%2Cchain%2Clow%2Cvolume%2Ccampaignssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
8b9d4bc69f45474e0b789ab2cb1b80afbf15cf4ef5f0c65ecd2b889bfc7545c8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
auction
prebidserver.pixfuture.com/openrtb2/
153 B
510 B
XHR
General
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a150a10b2f776e9ddbdf7c6e8e4da2c8fc6adcb203f9063884eca835db32a8dc

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
153
Expires
0
arj
pixfuture2-d.openx.net/w/1.0/
73 B
145 B
XHR
General
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=dcf389ad-7786-4976-aed9-a8416822200d&nocache=1651495553602&pubcid=5e8ac2b7-e616-4785-b78c-c8e13b088842&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWVtb3RldCx0ZXN0cyxuZXcsYXR0YWNrLGNoYWluLGxvdyx2b2x1bWUsY2FtcGFpZ25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1lbW90ZXQsdGVzdHMsbmV3LGF0dGFjayxjaGFpbixsb3csdm9sdW1lLGNhbXBhaWduc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
027279286c6ec7f8189b0fb49d9eaa06dc483120f09710ce240571221f85790b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
hb
ssc.33across.com/api/v1/
66 B
149 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
985fd507807f6d3951b1d8d4180f7f79fecb63216d624993a2e7cff42245cccd

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
/
hb.emxdgt.com/
0
159 B
XHR
General
Full URL
https://hb.emxdgt.com/?t=3000&ts=1651495553604&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
v1
prg.smartadserver.com/prebid/
0
340 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
v1
btlr.sharethrough.com/WYu2BXv1/
0
114 B
XHR
General
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.226.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-226-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
access-control-allow-credentials
true
vary
Origin
translator
hbopenbid.pubmatic.com/
0
117 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/
284 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=dcf389ad-7786-4976-aed9-a8416822200d&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.528894792163205
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
d60372805f90092f1f0bc6c94ee31ac355bf29064d971faff3f392d037cc32a4

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
trinity.json
apex.go.sonobi.com/
95 B
737 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22431938b353949ed%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&s=523f3a25-16f9-49fd-bb93-7ce47f7499ec&pv=5cf05012-4981-46de-baa2-9a617ead6c5d&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=emotet%2Ctests%2Cnew%2Cattack%2Cchain%2Clow%2Cvolume%2Ccampaignssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
1c79dc210f80d435fe9770fe4f1ee51ebdbf95739d2cfdb192891bbebc0f6e0f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/
1 KB
772 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7793c3da957b0a05dc720efbebff2d21cde700fdf009a2f78b1747450c0c6b6f

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
prebid
ib.adnxs.com/ut/v3/
145 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
430b4ca1c22aaa4fe9657ee42d3396a150f409d9624a0d18665e152aa09ca236
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
64fd1bbe-c462-4872-9af0-b7fb4958a42b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
ap.lijit.com/rtb/
94 B
747 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
3191e9fb6e972eb75ac4c29e708d461e939a7a30b6cde1723a16ca8904490d7b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
97
auction
prebidserver.pixfuture.com/openrtb2/
153 B
510 B
XHR
General
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
3286acdd1028ded7e69051306ea25c7ea0708f3db1bdc4d5889ca1f9e8763f9e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
153
Expires
0
prebid
ib.adnxs.com/ut/v3/
145 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
01f28a637db2f1f18e444d18fc3b7a9449b4fdf89f6808aeb6c1c9763be5c6d6
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
9f7c9e33-45aa-460d-91d6-906a55ec6063
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
ap.lijit.com/rtb/
94 B
749 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
43c9311ada7b7ae6fc857cd58e37f25b56653ba28185de2f505ebda5eb965510

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
arj
pixfuture2-d.openx.net/w/1.0/
73 B
145 B
XHR
General
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=064b3884-151c-4ca5-8db1-f39fe2954e20&nocache=1651495553644&id5id=0&pubcid=5e8ac2b7-e616-4785-b78c-c8e13b088842&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWVtb3RldCx0ZXN0cyxuZXcsYXR0YWNrLGNoYWluLGxvdyx2b2x1bWUsY2FtcGFpZ25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1lbW90ZXQsdGVzdHMsbmV3LGF0dGFjayxjaGFpbixsb3csdm9sdW1lLGNhbXBhaWduc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
b7c6ca90e908363ec46bf60890e3e132d483d7bf041b0959d39cbe75019ad1d2

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
trinity.json
apex.go.sonobi.com/
95 B
733 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2260e15240c43b231%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&s=eeee667b-af27-4231-bfc8-5319d590f7f4&pv=5cf05012-4981-46de-baa2-9a617ead6c5d&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=emotet%2Ctests%2Cnew%2Cattack%2Cchain%2Clow%2Cvolume%2Ccampaignssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
2062009d7238beb2615145261705d49c8424517d357f437be0eec8468686b8b8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
v1
prg.smartadserver.com/prebid/
171 B
560 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
br
vary
Accept-Encoding, Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
transfer-encoding
chunked
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
d11d86a9fb8a6eb351f3dc837adf24e74de3f457660fd0e56f56359ca30dd2db

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
/
hb.emxdgt.com/
0
159 B
XHR
General
Full URL
https://hb.emxdgt.com/?t=3000&ts=1651495553648&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
hb
ssc.33across.com/api/v1/
66 B
158 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
24da0eff77d1376a2ee38876356abc5c06f92ebbfe472bfb98d917258a1c8938

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
fastlane.json
fastlane.rubiconproject.com/a/api/
283 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=064b3884-151c-4ca5-8db1-f39fe2954e20&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5341882605241126
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
138afbeda764a9866782ed50b1586ace79a6a8b06c5159419671a18aa611d36f

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/
0
61 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:53 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
prebid.media.net/rtb/
1 KB
770 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
079812fb83b44e742139694b85f120d6a0a3ee2b41eb3e32cbac68ff80d72c17

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
auction
prebidserver.pixfuture.com/openrtb2/
153 B
510 B
XHR
General
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ebd72bfc28397f0ce35395adece048cdefc3e53322f901fd9e7de19976d44dd4

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
153
Expires
0
prebid
prebid.media.net/rtb/
1 KB
727 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
f88a9b1762e6d3aed3c70e6e7bd510c19d38a0f6e92c846ea5b449da5f9def64

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
prebid
ib.adnxs.com/ut/v3/
145 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
a64ffc3335bfec1a296b166a280c0c1cb1e9cf1b3075d0af8f1d1ef1d02d9547
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e69fd92d-7455-4306-9330-f771b9ac8ada
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/
73 B
101 B
XHR
General
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b24fe33e-2737-42a9-bd23-982f3fc5071c&nocache=1651495553679&id5id=0&pubcid=5e8ac2b7-e616-4785-b78c-c8e13b088842&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPWVtb3RldCx0ZXN0cyxuZXcsYXR0YWNrLGNoYWluLGxvdyx2b2x1bWUsY2FtcGFpZ25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1lbW90ZXQsdGVzdHMsbmV3LGF0dGFjayxjaGFpbixsb3csdm9sdW1lLGNhbXBhaWduc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
5a5a8fbe049af1fec5633ed79eb182bb20c17df0e3c7b09044aa9a7ea74dc8f6

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/
94 B
748 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
a811225206e0fb1ab4910cf5a511535cc571c711f6f0da3108baed7009acbde1

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
bidRequest
c2shb.ssp.yahoo.com/
62 B
293 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
3483723575438de69ab9e861b7d03c8e9b74e1db246eccbc173a9a30afe56fd4

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
hb
ssc.33across.com/api/v1/
65 B
157 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
3a1a8c5bf5d6a14e99d24eaea5aaa2143b69a73d33f19862fbdf83c70be409d2

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
v1
prg.smartadserver.com/prebid/
171 B
560 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.16 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
content-encoding
br
vary
Accept-Encoding, Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
transfer-encoding
chunked
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
trinity.json
apex.go.sonobi.com/
95 B
735 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22930cb10a8f39e46%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&s=6548b615-d095-4eee-ba89-c6a57c4b879d&pv=5cf05012-4981-46de-baa2-9a617ead6c5d&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=emotet%2Ctests%2Cnew%2Cattack%2Cchain%2Clow%2Cvolume%2Ccampaignssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
83417ce3b0da990df59126bb7bcf68d22158bf5778ac605d4cfe17f8c455019d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
61 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:53 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
hb.emxdgt.com/
0
159 B
XHR
General
Full URL
https://hb.emxdgt.com/?t=3000&ts=1651495553685&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.0.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-0-245.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
fastlane.json
fastlane.rubiconproject.com/a/api/
284 B
743 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=b24fe33e-2737-42a9-bd23-982f3fc5071c&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.014098646506513823
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
ed2af13f96bfc49da457ae1378827ab0c1b26557ea5ffa4c253f66fdf796ca24

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
btlr.sharethrough.com/WYu2BXv1/
0
114 B
XHR
General
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.226.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-226-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 02 May 2022 12:45:54 GMT
access-control-allow-credentials
true
vary
Origin
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=2KAnNHxvVTBDWEFRQXNiSkd3K09zZklhVU1tTmU3YU51ZzVXODlhS01HT01kMkM2NFlBL2hMcFk0NUFTNnhzdUFIN2EyTDYrTjh0SWl0enVMMTF0bXU2c2JXMGZvb0tKMXFISE95ZjRiVWxrdW4yWGZNNWx4VWdWWDR0VVQrditIZ0I4QVcvMVg0ZzV2UFBlTHM2TjVEbVVNZkxFYlk5VTEwc2JzKzROZWxLOHR1cnVhL0trMUxMME9BR3BhdTFraGFzV3E2S0drT3BQSE5xejFtKy9ndXJGeC9RQ2pVV0NjOU9uSjcvMTk2cDlnMFRnPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 02 May 2022 12:45:53 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1129
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
ads.us.e-planning.net/uspd/1/ Frame 55FF
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB
Document
General
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
b41322e0e5089783deb202f04293115865f3c0fb08c57d7ab47d1875284c1129

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Mon, 02 May 2022 12:45:54 GMT
expires
Mon, 02 May 2022 12:45:54 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-740

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Mon, 02 May 2022 12:45:54 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-740
pixelSync
pixel.sitescout.com/dmp/ Frame 55FF
0
191 B
Image
General
Full URL
https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D258da93cfb81e596
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
prebid
rtb.openx.net/sync/ Frame 55FF
43 B
351 B
Image
General
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D258da93cfb81e596%26uid%3D%24%7BUID%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:53 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
ft6r7bedrt6n483d7e1gl72go5dq8l19
ptag
a.audrte.com/ Frame 55FF
5 KB
2 KB
Script
General
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.109.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-109-120.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
03db6100f177b8f6227cdb665be487e65b772ac51d7613b5fc3b41d8f75f4715

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:55 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1679
lotame.js
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 55FF
266 B
416 B
Script
General
Full URL
https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.253 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 16:18:03 GMT
server
openresty
etag
W/"5fb69abb-10a"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 01 May 2027 12:45:54 GMT
/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 55FF
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D258da93cfb81e596
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
95 B
222 B
Image
General
Full URL
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
138.201.8.249 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.249.8.201.138.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png

Redirect headers

location
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.14.2
content-type
text/html; charset=UTF-8
um
u-ams02.e-planning.net/ Frame 55FF
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D258da93cfb81e596%26uid%3D%24UID
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=258da93cfb81e596&uid=1783418094771575678
42 B
104 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=258da93cfb81e596&uid=1783418094771575678
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
425aff09-41ec-4a10-87bf-27fd617e9481
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=258da93cfb81e596&uid=1783418094771575678
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 6EE0
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 May 2022 12:45:54 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 02 May 2022 12:45:54 GMT
location
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
server
AkamaiGHost
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 20BB
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=65216
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:54 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 03 May 2022 06:52:50 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usermatch
ssum.casalemedia.com/ Frame 2253
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
2 KB
3 KB
Document
General
Full URL
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2710e2a787684bf15ed427077dc932a4949c55ca801fd4ca332aa0dc9cbbf95d

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1749
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:54 GMT
Dropped-Udsids
230|241|45|39|190|8|13|17
Expires
Mon, 02 May 2022 12:45:54 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync

Redirect headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
345
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 02 May 2022 12:45:54 GMT
Expires
Mon, 02 May 2022 12:45:54 GMT
Location
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame E9EB
1 KB
963 B
Document
General
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Leesburg, United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
0
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Mon, 02 May 2022 12:45:54 GMT
etag
W/"61ddbb71-5f5"
expires
Sun, 10 Jan 2027 17:30:27 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-tsc
1641922228
x-cf1
29080:fB.cdg1:co:1585621119:cacheB.cdg1-01:H
x-cf2
H
x-cf3
M
x-cff
B
/
onetag-sys.com/usync/ Frame 3129
2 KB
814 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 21F2
7 KB
2 KB
Document
General
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b807de09f266b5de07a67aed880f9d203de45a734340dd624834d0d9de4e201b

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
7050db50fae79261-FRA
content-encoding
br
content-type
text/html
date
Mon, 02 May 2022 12:45:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
getuid
ib.adnxs.com/ Frame 21F2
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame 21F2
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=f396b4f3-51ad-4547-9516-f2ad9a15194c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=f396b4f3-51ad-4547-9516-f2ad9a15194c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db51cc2e9261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=f396b4f3-51ad-4547-9516-f2ad9a15194c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 21F2
0
331 B
Image
General
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 21F2
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cm
trc.taboola.com/sg/zeotap/1/ Frame 21F2
0
56 B
Image
General
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-vcl-time-ms
187
date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 varnish
server
nginx
x-timer
S1651495555.413187,VS0,VE187
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-icn1450085-ICN
u
dmp.v.fwmrm.net/ad/ Frame 21F2
0
361 B
Image
General
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2607:ae80:5::49 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Cache-Control
no-store
Expires
0
Content-Type
text/html
Content-Length
0
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 21F2
0
166 B
Image
General
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=e7557d5b-efda-4cd2-98bb-6067687dc172&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=e7557d5b-efda-4cd2-98bb-6067687dc172&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db541f8d9261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
Apache-Coyote/1.1
location
https://mwzeom.zeotap.com/mw?cid=e7557d5b-efda-4cd2-98bb-6067687dc172&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=1c296382-82fa-461d-7b1d-19466cc1d151&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=1c296382-82fa-461d-7b1d-19466cc1d151&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=87933219208043071631663835005271550173&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-...
95 B
176 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=87933219208043071631663835005271550173&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db52cde29261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-2-v031-0e26d5ed9.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
zXTWYiN4RD4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=87933219208043071631663835005271550173&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame 21F2
0
324 B
Image
General
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=1c296382-82fa-461d-7b1d-19466cc1d151&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022050214-46949-0.091988001651495554-477fe408d375003a8b846bfade245391&zdid=533&env=mWeb
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022050214-46949-0.091988001651495554-477fe408d375003a8b846bfade245391&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db522ce19261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022050214-46949-0.091988001651495554-477fe408d375003a8b846bfade245391&zdid=533&env=mWeb
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7093119393942796438&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=7093119393942796438&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db520caa9261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7093119393942796438&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Date
Mon, 02 May 2022 12:45:54 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
receive
pixel.tapad.com/idsync/ex/ Frame 21F2
95 B
113 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=1c296382-82fa-461d-7b1d-19466cc1d151
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=1c296382-82fa-461d-7b1d-19466cc1d151&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=1c296382-82fa-461d-7b1d-19466cc1d151&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=tnPmu8VFoq7ubfcwtlt8Y.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4c...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?webouuid=tnPmu8VFoq7ubfcwtlt8Y.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db526d579261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
last-modified
Mon, 02 May 2022 12:45:54 GMT
server
Weborama Collect Frontend
location
https://mwzeom.zeotap.com/mw?webouuid=tnPmu8VFoq7ubfcwtlt8Y.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame 21F2
36 B
272 B
Image
General
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=1c296382-82fa-461d-7b1d-19466cc1d151&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.80 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, must-revalidate
expires
0
content-length
36
content-type
image/gif
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=1c296382-82fa-461d-7b1d-19466cc1d151?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=1c296382-82fa-461d-7b1d-19466cc1d151?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db5488379261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
expires
0
cache-control
no-cache
x-server
10.45.25.143
content-length
0
x-consent
absent
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-VYrpCYZE2ooDsVCgPpv1LZ9.vw68Hv.EXA--~A&zpartnerid=570&env=mWeb
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=y-VYrpCYZE2ooDsVCgPpv1LZ9.vw68Hv.EXA--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db540f849261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

date
Mon, 02 May 2022 12:45:55 GMT
via
http/1.1 spdc0109.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-VYrpCYZE2ooDsVCgPpv1LZ9.vw68Hv.EXA--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnED65TMRGpJnG%2BkGbjfrLt%2B%2BS41iYitP1U%3D
95 B
164 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnED65TMRGpJnG%2BkGbjfrLt%2B%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db518be09261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnED65TMRGpJnG%2BkGbjfrLt%2B%2BS41iYitP1U%3D
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
usermatch.gif
beacon.krxd.net/ Frame 21F2
0
338 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.15.137 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-15-137.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
private, no-cache, no-store
x-request-time
D=42 t=1651495555
x-served-by
beacon-n008-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 21F2
95 B
360 B
Image
General
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.201.8.249 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.249.8.201.138.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
cQZGoH6Q
sync-tm.everesttech.net/ct/upi/pid/ Frame 21F2
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
85 B
161 B
Image
General
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361&_test=Ym-SgwAMy4HAswA-
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
2151
x-served-by
cache-hhn4054-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1651495555.267433,VS0,VE0
content-length
85
x-cache-hits
28585

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1651495555.122225,VS0,VE93
x-served-by
cache-hhn4054-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c296382-82fa-461d-7b1d-19466cc1d151%26reqId%3Def7a99a4-f32a-4cc6-7043-30be2970b83d%26zdid%3D1361&_test=Ym-SgwAMy4HAswA-
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=91ac626f-d283-4600-b3fa-2e612d8fdf77&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=91ac626f-d283-4600-b3fa-2e612d8fdf77&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db540f859261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Mon, 02 May 2022 12:45:55 GMT
Server
MT3 4281 354de82 master cdg-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=91ac626f-d283-4600-b3fa-2e612d8fdf77&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Mon, 02 May 2022 12:45:54 GMT
usermatch.gif
beacon.krxd.net/ Frame 21F2
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970...
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
54.76.15.137 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-15-137.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
private, no-cache, no-store
x-request-time
D=78 t=1651495555
x-served-by
beacon-n021-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
date
Mon, 02 May 2022 12:45:55 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a004-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame 21F2
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1...
43 B
645 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Q1FZW2SS9K9DYRA94GF6
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1WAJPCJQXTZFDVZGEZSN
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=1c296382-82fa-461d-7b1d-19466cc1d151&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame 21F2
0
225 B
Image
General
Full URL
https://tags.bluekai.com/site/87734?id=1c296382-82fa-461d-7b1d-19466cc1d151&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.42.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-42-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:55 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame 21F2
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D1c2...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
7050db5519269261-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
date
Mon, 02 May 2022 12:45:55 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame 21F2
557 B
471 B
Script
General
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f06f0c46b31497a3bb7c4b51fcd1f246df7af7d3bb5aef9bcf9f5155f67611ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

cf-ray
7050db515b6c9261-FRA
date
Mon, 02 May 2022 12:45:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
usync.js
eus.rubiconproject.com/ Frame 6EE0
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:54 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=49787
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Tue, 03 May 2022 02:35:41 GMT
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 6EE0
0
239 B
Image
General
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=12186&khaos=L2OPT9BU-20-6TJR
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Content-Type
image/gif
pixel
cm.g.doubleclick.net/ Frame 2253
170 B
502 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 2253
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB&dcc=t
43 B
645 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
3NSTKSX7ZK4NNEN9CXCS
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
6H5QHG799BZNA319MVFW
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ym_SgrHXjm-VFp_THVFdOgAABGEAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 2253
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Ym-SgrHXjm.VFp-THVFdOgAA
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=Ym-SgrHXjm.VFp-THVFdOgAA&google_tc=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBC5wIlL7lXBVPq3GpOdc2M&google_cver=1&gdpr=1&google_hm=2
43 B
985 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBC5wIlL7lXBVPq3GpOdc2M&google_cver=1&gdpr=1&google_hm=2
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 02 May 2022 12:45:54 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBC5wIlL7lXBVPq3GpOdc2M&google_cver=1&gdpr=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
341
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 2253
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
getuid
ib.adnxs.com/ Frame 2253
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

crum
dsum-sec.casalemedia.com/ Frame 2253
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/ix.gif
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c796c5c5-08f2-4f3c-8ba6-16af90fd412e&expiration=1683031555
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c796c5c5-08f2-4f3c-8ba6-16af90fd412e&expiration=1683031555
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 02 May 2022 12:45:55 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c796c5c5-08f2-4f3c-8ba6-16af90fd412e&expiration=1683031555
date
Mon, 02 May 2022 12:45:55 GMT
server
Kestrel
content-length
0
crum
dsum-sec.casalemedia.com/ Frame 2253
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
43 B
991 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:54 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 02 May 2022 12:45:54 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date
Mon, 02 May 2022 12:45:54 GMT
access-control-allow-credentials
true
x-powered-by
Express
content-length
0
vary
Origin
keep-alive
timeout=5
crum
dsum-sec.casalemedia.com/ Frame 2253
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
43 B
315 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Mon, 02 May 2022 12:45:55 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
106
Content-Type
text/html; charset=utf-8
um
u-ams02.e-planning.net/ Frame 2253
42 B
103 B
Image
General
Full URL
https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=258da93cfb81e596&uid=Ym-SgrHXjm.VFp-THVFdOgAA%261121
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D258da93cfb81e596%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
server
openresty
content-type
image/gif
cmp
spl.zeotap.com/ Frame 21F2
0
0
Document
General
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
7050db518bcf9261-FRA
date
Mon, 02 May 2022 12:45:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
pixel
cm.g.doubleclick.net/ Frame 6EE0
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODdiZGYyMzZlNGJlYjU0YmE2NGI2YjIzZTQ0OWQxNjQxYWJhZDJkNA
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODdiZGYyMzZlNGJlYjU0YmE2NGI2YjIzZTQ0OWQxNjQxYWJhZDJkNA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODdiZGYyMzZlNGJlYjU0YmE2NGI2YjIzZTQ0OWQxNjQxYWJhZDJkNA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 6EE0
0
0
Image
General
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

ecm3
s.amazon-adsystem.com/ Frame 6EE0
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=tV2ymTNURIiJAk5-bGALhg&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=tV2ymTNURIiJAk5-bGALhg
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=tV2ymTNURIiJAk5-bGALhg
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KAK1B6QPJ4TAZAY70PF2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=tV2ymTNURIiJAk5-bGALhg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
66ef90d06496cfd000aab8206f2b6221
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 6EE0
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 6EE0
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=shwyo2CqTvm-iDX5JIBCcw&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=shwyo2CqTvm-iDX5JIBCcw
43 B
556 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=shwyo2CqTvm-iDX5JIBCcw
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Server
52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
FNXVZ9WHM6ZB5HJKYYFH
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=shwyo2CqTvm-iDX5JIBCcw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
66ef90d06496cfd000aab8206f2b6221
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 6EE0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEF9WVpVeqpJ3Mpw1nwohPL0&google_cver=1
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEF9WVpVeqpJ3Mpw1nwohPL0&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
66ef90d06496cfd000aab8206f2b6221
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEF9WVpVeqpJ3Mpw1nwohPL0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 6EE0
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/ToDRhRB3JLHlHQ1iL5dZcMn5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1131202488703340910
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1131202488703340910
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
66ef90d06496cfd000aab8206f2b6221
Content-Type
image/gif

Redirect headers

date
Mon, 02 May 2022 12:45:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1131202488703340910
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
setuid
px.ads.linkedin.com/ Frame 6EE0
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2OPT9BU-20-6TJR
0
707 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2OPT9BU-20-6TJR
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 78559959661A4A62B13C989B5CF964BD Ref B: VIEEDGE1114 Ref C: 2022-05-02T12:45:55Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeBsXrbuMXPCC5W45JDQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2OPT9BU-20-6TJR
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 2DF7
0
0

tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/
0
309 B
XHR
General
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:54 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 0DB7
116 KB
40 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6cf6b164daeac39893218993ecee1b0d54859977c2a3f622c59aa1fa038cafd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40077
x-xss-protection
0
server
cafe
etag
11257217775970107796
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 02 May 2022 12:45:55 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/
0
309 B
XHR
General
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:55 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 64E9
116 KB
39 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
021c7c06257349b394a1685e80711ff965d06d8e47ed5a4a829acb7fab4ed9fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40080
x-xss-protection
0
server
cafe
etag
5991422802996808661
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 02 May 2022 12:45:55 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/
0
309 B
XHR
General
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:55 GMT
bqi.php
lg3.media.net/
15 B
15 B
Image
General
Full URL
https://lg3.media.net/bqi.php?vgd_len=1606&lf=3&&vgd_l2type=sca&pid=8PO9OT5EW&kalog=SI=2266||SID=9||HID=0||UUID=338Sr4s68LCBfWsNML||MPTD=656||TPTD=2748829536772||CI=2689||TLID=6||MI=2266&kals=ttype=10002||pc=32||fat=1&kasts=tstype=-10408||gbid=-1&kata=aton&katbid=-21&katen=1&katid=801333295&pc=32&cme=ltNcn0l-I-V1c36fiX9DNkdrLlsYFb8coSQ6Qgl0oj6l1i_vQF767xLcTkYHf9TE8NuG43aBLaGlxvdm24TWNSBi_eMSJkQif9TDVptAtuwIRD9dDD-PPKwfBrFVjGlrk8-sQOK7k5qeKGEVl15jn7uNGsbA5_5ylEQQedJ1OrYLRu9i1pbBXYYNAjhYCoxbL3_HF0Z-Jk2lWBjSrAbeNzZdirXsKEDA||djisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4|5XE7dKuggdE_uOeRMGMynx-8ANKnxR9MKG_HahYXkggVvWsEKut-sKNhmXLPkmQL8hXW_t4-5YoBkyOJm1iw8BE6Mc0jPtjCgSHh2esO2aNwYFLVbRBr2_Jm4XjAkiM6JPS18U_Lqx1RQSO-zs5_ewMmJvVrWFZH5y3OsdnBvTavi1YR1X31priudLlHVZXGqcvKrTJcaCcrS-QRAHlgdYgvd8p7BGhbccMnQzeZmw0=|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vi=1651495553276459727&ugd=4&cc=DE&sc=HE&startTime=1651495552652&l2type=sca&vgd_l1rakh=1651495553184082435&l1ch=1&sttm=1651495552654&upk=1651495552.22180&hvsid=00001651495552654013651816967886&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A7|2913&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&pvl=%7B%22mbr%22%3A1%2C%22l1rpth%22%3A%22%2Fdmedianet.js%22%2C%22pgids%22%3A2%7D&l2ch=0&vgd_pgid=p11298862554t202205021245&vgd_pgids=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:55 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:55 GMT
bqi.php
lg3.media.net/
15 B
15 B
Image
General
Full URL
https://lg3.media.net/bqi.php?vgd_len=1604&lf=3&&vgd_l2type=sca&pid=8PO9OT5EW&kalog=MPTD=656||TLID=6||CI=2689||SI=2266||TPTD=2748821148164||HID=0||MI=2266||SID=9||UUID=338SrcpYV2hlWVTJ6A&kals=ttype=10002||pc=8||fat=1&kasts=tstype=-10408||gbid=-1&kata=aton&katbid=-21&katen=1&katid=806241096&pc=8&cme=CAdsLPfBAomQ7XnVskJHSmC0r2RxvFYbes961NunXL-lu_2hn2U71bgXkMjaD4SkE28fp1Tdd9OXvXi2qOqhljgBcdsri8jsabOEJWtrkYCxd62MzneAeJdRau56me8xThUX-yPcLU99okI_xU4Gx_yodg2FoisYZ_rmloizbyM2DJ_0JUVjCpPGGbuhYz6wOZJYqgIzKTKMzE1upEDGU-yEOAEAjOGl||brWezIJPWpD3AED0X3LENj7J_PfmtbY3o0qbBj730J8i_ClyyoCFABKBUa7pkow9JFEQAP1seauwRJ9EbFaVrZeByZIKBClkGmSbKUt41PULkqUWz8ssDww2jPLo614dXcDsHg6lEoE74oJM46IM-kSGTLTaa8w8EH4umkEcoqsXLZ1Ms9emQTAR8OSxbKhZzCMC-C8nyoinohjh15r8MIdK_hdypVmZNtH-leMlL2E=|djisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vi=1651495553427971897&ugd=4&cc=DE&sc=HE&startTime=1651495552757&l2type=sca&vgd_l1rakh=1651495553184082435&l1ch=1&sttm=1651495552759&upk=1651495552.22180&hvsid=00001651495552721013651816963836&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1&l1hcsd=l1!A7|2913&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&pvl=%7B%22mbr%22%3A1%2C%22l1rpth%22%3A%22%2Fdmedianet.js%22%2C%22pgids%22%3A2%7D&l2ch=0&vgd_pgid=p11298862554t202205021245&vgd_pgids=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:55 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:55 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame EAC9
116 KB
39 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
987994bcfb57a1a039584465fc9573980c20877f228b1efcf227f50ffc55e657
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40077
x-xss-protection
0
server
cafe
etag
11348945096496334986
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 02 May 2022 12:45:55 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/
0
309 B
XHR
General
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:55 GMT
cc.js
tags.crwdcntrl.net/c/15238/ Frame 55FF
38 KB
11 KB
Script
General
Full URL
https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-109.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 07:35:07 GMT
content-encoding
gzip
etag
W/"2b2f816f40499d384e118ce88a266e02"
last-modified
Thu, 02 Jul 2020 15:35:12 GMT
server
AmazonS3
age
18648
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA56-P2
x-amz-cf-id
Y5dGm4Hox3_nnQboh06Nbw7n6yZVOEtUBlNqwi6G4W5vWQOrCsfu2w==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 8F2A
636 B
577 B
Document
General
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.253 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Mon, 02 May 2022 12:45:54 GMT
etag
W/"601b131c-27c"
expires
Sat, 01 May 2027 12:45:54 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
setuid
prebidserver.pixfuture.com/ Frame 80E7
0
524 B
Document
General
Full URL
https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AK4o9WcCOab6gbaA
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
0
Pragma
no-cache
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
PugMaster
image6.pubmatic.com/AdServer/ Frame 20BB
5 KB
6 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=57468633&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
4aeb829e435e8fe202c348e01b0a48052c030522d82dd49ab3b4d1160a7fdce5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
bqi.php
lg3.media.net/
15 B
15 B
Image
General
Full URL
https://lg3.media.net/bqi.php?vgd_len=1615&lf=3&&vgd_l2type=sca&pid=8PO9OT5EW&kalog=MPTD=656||CI=2689||MI=2266||SID=9||SI=2266||TLID=6||UUID=338SqyKaLgitxak8nk||TPTD=75316588646916||HID=3&kals=ttype=10002||pc=54||fat=2||tbft=2&kasts=tstype=-10408||gbid=-1&kata=aton&katbid=-21&katen=1&katid=807619810&pc=54&cme=vhRIQjanSg2cgtJJD4nAF4-fcxLXLqdjLbkuN8KMc5djOoGxwUYmefXt5pi_NFUdeQzRnRXk3UX-DwaeHidRp9COB1Uj4xggI9VTiRxCrA3s33rM-3yMXgEOK0HpJPe4tGjSQDyWpkP_gTMNhqIWRsmhXmvx8BxUBFIAwMPirD8g-ndbPHYHqCu9TwAjkITWrkSdVv5cPYFF4fIDr50a-H34YJkA1u0d||djisoO0zeD_uZ5fNdl-FZ301m_4YqvtCi6H8WeoC7ARBDlekGhBYjdKnrxldaaeU9O8I3n3fonJ09GtW75eMV84m8KeMFYQtv0Dhod8W2WgcaAW64c9-NaBMtgcez-x4|l65MZBzI4biE8JSnDDQe4gnSLTgdmv7BC4wMzqii5b9Fy6X0Eu4R6hTs-HcsleGJbnU2t2loq0fRb_OFTQou2t0t9j29lM0k7QAosY3NAfqxF0BUGoE8UT96d6Xu60mvZOJeY7gHGQiCqidvZKv0vq5t6tpg9R74Iig6YB0K9fspqzZW2gKRjESRMkND8i3mUg0mdKXUi9DZeCMJjhYGsNoHUK5ggToRAy_hQa3rHw8=|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&vi=1651495553754929675&ugd=4&cc=DE&sc=HE&startTime=1651495552719&l2type=sca&vgd_l1rakh=1651495553184082435&l1ch=1&sttm=1651495552721&upk=1651495552.22180&hvsid=00001651495552721013651816963836&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A7|2913&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&pvl=%7B%22mbr%22%3A1%2C%22l1rpth%22%3A%22%2Fdmedianet.js%22%2C%22pgids%22%3A2%7D&l2ch=0&vgd_pgid=p11298862554t202205021245&vgd_pgids=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Mon, 02 May 2022 12:45:55 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Mon, 02 May 2022 12:45:55 GMT
GS.d
js.cookieless-data.com/ Frame 8F2A
0
535 B
Script
General
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1651495554395
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.15.145.116 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-15-145-116.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame 8060
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
35 B
468 B
Document
General
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Mon, 02 May 2022 12:45:55 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Mon, 02 May 2022 12:45:55 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 13EA
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&gdpr=0&gdpr_consent=
42 B
341 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sv3pug013:0:501

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
Mon, 02 May 2022 12:45:54 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4379 fe37bbe master pao-pixel-x13 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&gdpr=0&gdpr_consent=
Pug
image2.pubmatic.com/AdServer/ Frame D261
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7970472423113245867
42 B
210 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7970472423113245867
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug005:0:617

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7970472423113245867
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame 0787
43 B
363 B
Document
General
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:54 GMT
expires
Mon, 02 May 2022 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
580474
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
Pug
simage2.pubmatic.com/AdServer/ Frame C35C
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7093119393942796438
42 B
206 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7093119393942796438
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
10:0:488

Redirect headers

Connection
keep-alive
Date
Mon, 02 May 2022 12:45:55 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7093119393942796438
Server
nginx
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Pug
simage2.pubmatic.com/AdServer/ Frame C0D5
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ym-SgwAMyeLBGgA-&gdpr=0&gdpr_consent=&_test=Ym-SgwAMyeLBGgA-
1 B
231 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ym-SgwAMyeLBGgA-&gdpr=0&gdpr_consent=&_test=Ym-SgwAMyeLBGgA-
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
10:0:480

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Mon, 02 May 2022 12:45:55 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ym-SgwAMyeLBGgA-&gdpr=0&gdpr_consent=&_test=Ym-SgwAMyeLBGgA-
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4054-HHN
x-timer
S1651495555.257003,VS0,VE0
Pug
simage2.pubmatic.com/AdServer/ Frame 6A41
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1aIjRSFXS3R-FgmWfxGLHVFfBSw
42 B
215 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1aIjRSFXS3R-FgmWfxGLHVFfBSw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
10:0:543

Redirect headers

Connection
keep-alive
Content-Length
159
Content-Type
text/html; charset=utf-8
Date
Mon, 02 May 2022 12:45:55 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1aIjRSFXS3R-FgmWfxGLHVFfBSw
bridge
cm.adgrx.com/ Frame 311A
43 B
408 B
Document
General
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.206 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Pragma
no-cache
X-RealServer-NX
ams-delivery-4
server
Cowboy
adx
match.prod.bidr.io/cookie-sync/ Frame 5567
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEMnAwN0UzNlVBQUQwZldNWTlLZw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
43 B
430 B
Document
General
Full URL
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.103.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-103-233.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
43
Date
Mon, 02 May 2022 12:45:55 GMT
Server
nginx
cache-control
no-cache, must-revalidate
content-type
image/gif
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma
no-cache
strict-transport-security
max-age=2592000; includeSubDomains

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
355
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:55 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
pub
matching.truffle.bid/sync/ Frame 4DC2
0
0
Document
General
Full URL
https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.161.47.120 , Germany, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS
static.120.47.161.5.clients.your-server.de
Software
nginx/1.21.4 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Date
Mon, 02 May 2022 12:45:55 GMT
Server
nginx/1.21.4
Strict-Transport-Security
max-age=15768000
Pug
simage2.pubmatic.com/AdServer/ Frame 17F4
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
238 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
10:2:346

Redirect headers

content-length
0
date
Mon, 02 May 2022 12:45:55 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
server
_
i.match
s.tribalfusion.com/z/ Frame 6745
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
418 B
Document
General
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:230b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
7050db555b029265-FRA
content-length
43
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
302

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
7050db5418f69265-FRA
content-type
text/html
date
Mon, 02 May 2022 12:45:55 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
206
x-reuse-index
29288
cookiesync
core.iprom.net/ Frame D668
43 B
277 B
Document
General
Full URL
https://core.iprom.net/cookiesync
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
43
Content-Type
image/gif
Date
Mon, 02 May 2022 12:45:55 GMT
Vary
Accept-Encoding
X-adserver-worker
komodo-9564d405a404@version_1.419
X-core-time
0ms
X-server-arch
v2
Pug
image2.pubmatic.com/AdServer/ Frame AC17
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2...
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D%26redirect%3Dhttps%253A%252F%252Fimage2...
  • https://pixel-eu.onaudience.com/?partner=161&icm&cver&mapped=21ef3b07a71746f0d0dc1e96b0298943&gdpr=&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQ...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=Ecv7Kmx8QgRnUYUhbggaabSV
42 B
527 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=Ecv7Kmx8QgRnUYUhbggaabSV
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug024:0:393

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=Ecv7Kmx8QgRnUYUhbggaabSV
Pug
simage2.pubmatic.com/AdServer/ Frame 82D9
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1651495555238
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
42 B
386 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
10:0:482

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Mon, 02 May 2022 12:45:55 GMT
etag
OPTOUT
expires
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
pragma
no-cache
server
Tengine
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 5C83
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=64ca9e21-3b37-48da-bbd7-8cf2d3db292f-tuct9695803&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
148 B
Document
General
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=64ca9e21-3b37-48da-bbd7-8cf2d3db292f-tuct9695803&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
0
date
Mon, 02 May 2022 12:45:55 GMT
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4043-HHN
x-timer
S1651495556.779286,VS0,VE9

Redirect headers

accept-ranges
bytes
content-length
0
date
Mon, 02 May 2022 12:45:55 GMT
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=64ca9e21-3b37-48da-bbd7-8cf2d3db292f-tuct9695803&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-icn1450085-ICN
x-timer
S1651495555.413140,VS0,VE187
x-vcl-time-ms
187
um
u-ams02.e-planning.net/ Frame C819
42 B
103 B
Document
General
Full URL
https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=258da93cfb81e596&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Mon, 02 May 2022 12:45:55 GMT
server
openresty
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 20BB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YIsQ-WJVQgui0vwuaalhtA%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=65215
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Tue, 03 May 2022 06:52:50 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=91ac626f-d283-4600-b3fa-2e612d8fdf77
0
128 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=91ac626f-d283-4600-b3fa-2e612d8fdf77
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:53 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 02 May 2022 12:45:55 GMT
Server
MT3 4379 fe37bbe master pao-pixel-x26 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=91ac626f-d283-4600-b3fa-2e612d8fdf77
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 02 May 2022 12:45:54 GMT
pixel
ps.eyeota.net/ Frame 20BB
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=608B10F9-6255-420B-A2D2-FC2E69A961B4
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1&xl8blockcheck=1
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=5d9b65e5c082ffda80f3f05fe1c2e4c0&gdpr=1
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=da9e636b1aa00185/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1&gdpr_consent=${gdpr_consent}
  • https://pixel.onaudience.com/?partner=162&icm&cver&gdpr=1&gdpr_consent=${gdpr_consent}&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3D${gdpr_consent}%26pid%3Ddn5h51u%26t%3Dgi...
  • https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=2ea1ec544be08a1e
0
344 B
Image
General
Full URL
https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=2ea1ec544be08a1e
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
HTTP/1.1
Server
3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:55 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

location
https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=2ea1ec544be08a1e
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjA4QjEwRjktNjI1NS00MjBCLUEyRDItRkMyRTY5QTk2MUI0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
111 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug025:0:468
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC64OCEK-U1_HfkqrvbEUoI&google_cver=1
42 B
301 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC64OCEK-U1_HfkqrvbEUoI&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug017:0:390
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC64OCEK-U1_HfkqrvbEUoI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 20BB
43 B
612 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Sun, 01 May 2022 12:45:55 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3935973953595647647
42 B
230 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3935973953595647647
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:516
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3935973953595647647
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 20BB
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pug
image2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1783418094771575678&gdpr=0&gdpr_consent=
42 B
234 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1783418094771575678&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug020:0:504
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
afd02fe9-72aa-4f96-9695-926977947726
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1783418094771575678&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ
42 B
310 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug029:0:612
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
608B10F9-6255-420B-A2D2-FC2E69A961B4
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 20BB
43 B
984 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/608B10F9-6255-420B-A2D2-FC2E69A961B4?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:ceb4:b945:274f:b273 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-521GKzZE2uVQsHNvivglpF1uKNzrsbY-~A&gdpr=0&gdpr_consent=
0
260 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-521GKzZE2uVQsHNvivglpF1uKNzrsbY-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:54 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-521GKzZE2uVQsHNvivglpF1uKNzrsbY-~A&gdpr=0&gdpr_consent=
date
Mon, 02 May 2022 12:45:55 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=pubmatic
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=5131077721300240214&expires=30&ssp=pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aa3f86bd-162c-40a3-b993-b78e863ff485&gdpr=&gdpr_consent=&gdpr_pd=
1 B
176 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aa3f86bd-162c-40a3-b993-b78e863ff485&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:488
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aa3f86bd-162c-40a3-b993-b78e863ff485&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 02 May 2022 12:45:55 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:03140866-f51c-446d-a756-5bef95e81a5d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
110 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:03140866-f51c-446d-a756-5bef95e81a5d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-store, no-cache, private
x-lat
sv3pug010:0:350
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:03140866-f51c-446d-a756-5bef95e81a5d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Mon, 02 May 2022 12:45:55 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
current
pubmatic-match.dotomi.com/match/bounce/ Frame 20BB
0
104 B
Image
General
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8138885220535409139&gdpr=0&gdpr_consent=&us_privacy=
1 B
241 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8138885220535409139&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:474
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8138885220535409139&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 02 May 2022 12:45:54 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 20BB
0
191 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 20BB
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1783418094771575678
42 B
182 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1783418094771575678
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:314
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b99d5c21-99f8-4c6a-9d21-32e5cf8c718a
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1783418094771575678
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/ Frame EAC9
308 KB
110 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7b1561b99b8fd52fada048d453ed90f8efdcde805d41c5420c23812def24dcfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112581
x-xss-protection
0
server
cafe
etag
12130719123994294188
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 02 May 2022 12:45:55 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/ Frame 0DB7
308 KB
110 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54b2cb5b05581281dd33ba1aec21d5cb1b149b03ab55d267547a3c745900a208
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112587
x-xss-protection
0
server
cafe
etag
15719817643595450803
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 02 May 2022 12:45:55 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/ Frame 64E9
308 KB
110 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a8b411acfdde1ff190ca897323d49b9121de73b66dbeb30bf22ef014f0644fde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112581
x-xss-protection
0
server
cafe
etag
10433488140296296015
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 02 May 2022 12:45:55 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame EAC9
222 B
650 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
9363888aa93dd0c7f301af6f822f44d9ee6179e21db2b58cf63d945b5fefabc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
206
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame EAC9
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame EAC9
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 4D3D
17 KB
9 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
46630edfeeb815edea51c1bb0cbdb1ef1eaffd783dd176b4313e65a2aced341c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9503
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 0DB7
222 B
230 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
900ee1ce380f79145f6a899d3a238d2e478f21453317a926b0824df93c33966e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
208
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 0DB7
107 B
165 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 0DB7
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 708F
17 KB
9 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
d941799a1897b188046f428413d02a6bb6f38f8309fd29f2f46b75f58eb3b3c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9426
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 64E9
222 B
227 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
84df3475fdbee3373ede344a0ff931ef8038c0c574fd90c97dc9a1c04fa6d632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 64E9
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 64E9
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7281
17 KB
9 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
ba2357e5bb7386b4cab051dd8128f99fde703f8a45825a1bd4b4bc7d3a6cadd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9469
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 708F
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DrvdHJVBEM7ZCMg6WBsJ6v64nDG9SAyboqS2QyJTRg_47EGSsYraNh6wJXqyMn8rX0K8Gb1P4hKBFazo1uNMowZNJeJeivFy3UT00z1Goe2GAsWB4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 708F
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:37:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:37:50 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 708F
120 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1651059573277210"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 02 May 2022 12:45:55 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 708F
15 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:43:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
170
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:43:05 GMT
l
www.google.com/ads/measurement/ Frame 708F
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDY1NDua7t4lexIJYyTGyYxCyS3TcCRtzsNVcaMsr1gQTgXTtcrGNuI-bj9yMNbJUFhlT20i5Cz8mggvSvBoSx3M2N8g
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pixel
googleads.g.doubleclick.net/xbbe/ Frame 9A95
624 B
297 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY_o_uyAEwAQ&v=APEucNWpF12ONQf4F6mWs8urW_HkpvUTXpe88NFbdu-mbpuFk1FFk8Jhq4Rn-xlIKsXsWntDqjccaXOaR6f9KKbV8m3KCELHajkIE74nKokqKFfl4qVBasCE1Ra7_0HxGIGP_-KUyPkQ6lHjbBcs6Ik2XZPKqq8uZ2Y3j0-2mAOM3MvMLyAnBQ1cgWZaOr1IegqsJRKpPm5hZdmCxVvghSUv4mbqeXjnqw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 708F
76 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKglUukYJMfK5Xd3FNRYlO9KTBZKgmM7Uk7TrNio34XQfPXwvHSO70bWuMx5MDS9vDj89rsQFdw-XykWBcTx_6KF1UvBmcOJH9cyBn0q2gaZV1dTdNK9nTPbAu3MsnFVlZN5bwAV8nK6HgohjtBT1b5i0PqA&dbm_d=AKAmf-AqpXjt_ByWIWDHSPcdsDUmwUnJemBKDQGCThCZLdh9jZL-nnJdrWEf1K_bWGou6YZmiaNf-dnH7cKZKHu2lNIrdnB21iAXRMdqjkjaRtCjsApfMd8wXFc6RsI7aQY0VQAlDBxxK6WFK6ECL_hwLP1oRd5T_2VOh9T0HJ5UKGVLlAvx6EJXMcDDl4CDk05Vd4ulvn4BfL_7lXtzvxYOD8C9YdIaKwf_WC5K4KfMrtZW8trkt9lhO6Ze8MliMPlSU9-3km4g3cYmun_JAgXYywXYyQEvwA08m_um0mrLQt4PV1Vzm1UE6cunmb7xuwVk2Ug6V2II7KF-QaOkdkCvyeCvejIl4J2ktPSBKJOh3HlQI3PG4ksWqxTB2Cce4RbTfbZ5JmieQp96ON38xFXfFt9ngIcZaiZJOseEyL1OIYYDNUV4KYe6s0qr1hbzs58RhnTu4f0tvhC-sAU1eXB8r00_DDnhKXq32DbVCh13-WgQCHcjVHevYiYoIcKTBO44Ve69stg_sawBRpk8RSn-tigeXf6EoZFjP2wjWR4AQhN6zY-A4KA4FccN8ELOCRcOfsqwcNoYUjERHz7ZBWwgmbcLED_g4Qux5tGgPzNz2QINVunP_vuDOfe-yi7vRLb-LHusJoagOBHFWs7ZHFvASH7Qv-VPN997AXkbxfEbBEVNpw5myQsrWI_IzfVNEGqKZ-xAOLlJvH28U38mgnF01qimeTgmjMxnmiP9juL2o3LyAPbSPAv3FX1-q6dURimda5Nr_jCrq4XhFO1ppBA3cYS1BFAYFy8GAsQKn0jVeTKyTgWbNVN49ElBeU8_C8c73lsGLx1tARm7IsogSyFuZKK6PRHJ0hL-AYFNYDA4rKfO4LgAOfAr6erCUL1XpkT2lET37HmlF0QrB2vnX812UdXYjxiEUWorOfEGrUW-N1QYvNIKipeABXVm7OyhdBeh8E3hMblY7U9CAuOQXV0R-KEjoSM0jZaNCyhn6xalqI0qnB17o_K9AisePZ3wKS4tiS1MVyIiu2yprF3oePufe6WTQ9OAMrWgqP_urAEGPaK9YLEzxrV3PXq34KI1QNgTbRUEKtbXgTJbWyrSF0BktRmNVVm3xGPm77MjjmoEZH1pIJanfnhhwXEzj8HEmBn_bZ9DoG6UAoAqaEvGjLhXJAnluzpZvijq0d9HLnnSZiESWLiPtI2K9MFDsCekZNn8LEGLX1d2rtj7-w6RT0wN9BpTLxqw4C-a8s_DnwQNVSu-C8208rIEF8K8nFp57bWjb5Q9Q_PtXkxiTkieV2BRUhr2QvQ559yrR9OwUvsDFAEKT7q8BByQU5Hed2hV-4xZnTx5zAl3PDSWxNtXW7oCJVGlql7-tH0M7lBrNxfJC2x4huGIYxY-sgNoBDTLaB_HeCRL9PXcOwTJWBOi0TQ8Opf5Yzwvyt16NQhTeNPF10_BoGZ-wXk2pqkCCfJP7T6DVXfOQHKawjne-T5OUe0d7ESfhusfUyLTH26dFfyX9PyCstkDXCwmEBdajgKa0r78S_wnZr_DIQzmkIN0oe2AFtwx0cWBnx-zsjYPB_6lOi68nR1nM3UWnlJH2dd09mL-LiAjD_uCaMYmMntPWAUgX3pUH0p2q2Fe7_-_qX7mqq7OimxaGdyJK1NApIMsOHVFuKQYgLsdiEsXCAZGvrOKWgINtnx4qDPGt8wf-0iiTmKFXPeKpgtDWA7wf2CDEBpTKWMDWAkFyOpZjkgknOZDM5A9EfdfuYr6GadkFAlBz2MOVUbNv5cuXSW9nMgczaFwqbZSFvDZHsYdmQBGC74fNuWlQ2bb-FHA_eypzfL8EszwO4gaWZgTNnzpEl4y4XMOb_4KHoaBqtV4klX6TnJZyXa9u1PHCjN06_5IMUeVQ9rjjQ3bnqqvTl1WCAVmksm_oX5D9PsAGknEOYXzp-wO2FGPJGHO0iguF__8Lu9wrcK-iKiDZCX8VHISBVT0pOABU7VXP95vbHKMh2itw_gFHnSO2bWEfvjFlzc_29bj1qcm2pYxHvGwALiZgssN-fksEzBaYEu1LWiY70CSPm9OqPdzeY4yLZa4bdRiFQpm-6DnCrfBVSZRZcQAXrph8q-7NTsrm3OtVchKUXyy4429BcQwQcRDmmrQfDjIxv7zs-vRK4w2fVXVhhWWOu2DZYQQ1YWElxc5O14UutJrH1y5buNawZJ0lTMYy1aNTNQGCEp3itDJ1QTPtNnO3Y7NXaCG2cDkQFO0Eh-K7M77cFnCWH5PZ2rogbzEgUFigNAoRufvUpG5amFbO5lft6Cm32qRjGYcyjh2Iwes0S_j7qHk7IhFdT9_STCPZx480yY9Sa2spG54nTYzanz0K5zJkxhQavFnyitjhy2Dkdxf7yMOI8ld591gb6_GPllyC1ovZtHGHOh7WJDX3bfQdKwhCIE5ddMkY6Gr7_EcUiVlkC8Gw6OqAFmz-9ky-vw_iG_d4gvkgiNEY-U0SKjU0ZhZYwMIp1-gSRwOl3-dv8WoOLHWkNWci3f-CDokewsInaJRCtva8Vm1roF5rhSrTFYkDqkaSJp0yflpOZqI7nC5E4KfG_3hNyB7xPDkH6pqlR99TsOYJyvPZyKH5ODScytSFEmxO6hlg6iSlmsat_Q8SnuotwZtgHvQflP01py2doIKuOT3bHmqBysNdj3yRWDMibSyBjrWdd-sUVnqBuwv5_BVJXjFi444mUdUUYcN3iaml2IYlZbWSCnfplo0HEQO-zBjEHKoi7D5Ti7ZVH6Rpxev0Li_cOboz5Un8vFnX23VQT6_lzIVo7YEX8HRdXK7KtkUIziIN9wey52T3TkqCcEc6v6SfNadpl0XMIfUNqHB_Y2JMGjMM6pcOmnt_Atcr98puheaUCogAF0ZCXHvOVcIBd6z5aRWj9JJ3kDUIRPQlfVhpS4wfFSBE-cxnMXtvGL3xo5AETYZZqd7oXHuBvubIXLk1igjZDSkHhfy2mpZ9zlgb4cpxNMwaPuDg06YaOgXln3gGWB0gKaP6f6f_eGfaWczUDwnIDbfeK7sPJg1xaj9AhqGyt5xcV6vxhfck7_gDHk_vXN6&cid=CAASEuRodJI3CiCwfekf93MHuUwhlQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
2f0bb8350afd1e6af98bf0b5cfc6e077bc4252c5768efd79e73d7cfb1a5bbd86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32646
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 9A95
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1
43 B
1020 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY_o_uyAEwAQ&v=APEucNWpF12ONQf4F6mWs8urW_HkpvUTXpe88NFbdu-mbpuFk1FFk8Jhq4Rn-xlIKsXsWntDqjccaXOaR6f9KKbV8m3KCELHajkIE74nKokqKFfl4qVBasCE1Ra7_0HxGIGP_-KUyPkQ6lHjbBcs6Ik2XZPKqq8uZ2Y3j0-2mAOM3MvMLyAnBQ1cgWZaOr1IegqsJRKpPm5hZdmCxVvghSUv4mbqeXjnqw
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 02 May 2022 12:45:55 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 9A95
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ym-SgrHXjm.VFp-THVFdOgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1&google_hm=2
43 B
1020 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY_o_uyAEwAQ&v=APEucNWpF12ONQf4F6mWs8urW_HkpvUTXpe88NFbdu-mbpuFk1FFk8Jhq4Rn-xlIKsXsWntDqjccaXOaR6f9KKbV8m3KCELHajkIE74nKokqKFfl4qVBasCE1Ra7_0HxGIGP_-KUyPkQ6lHjbBcs6Ik2XZPKqq8uZ2Y3j0-2mAOM3MvMLyAnBQ1cgWZaOr1IegqsJRKpPm5hZdmCxVvghSUv4mbqeXjnqw
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 02 May 2022 12:45:55 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOlDdGL3M__Ll-EuXZds-aw&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 9A95
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEAyPwaasCBKEd6wDGJZODh4&google_cver=1
43 B
1010 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEAyPwaasCBKEd6wDGJZODh4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY_o_uyAEwAQ&v=APEucNWpF12ONQf4F6mWs8urW_HkpvUTXpe88NFbdu-mbpuFk1FFk8Jhq4Rn-xlIKsXsWntDqjccaXOaR6f9KKbV8m3KCELHajkIE74nKokqKFfl4qVBasCE1Ra7_0HxGIGP_-KUyPkQ6lHjbBcs6Ik2XZPKqq8uZ2Y3j0-2mAOM3MvMLyAnBQ1cgWZaOr1IegqsJRKpPm5hZdmCxVvghSUv4mbqeXjnqw
Protocol
HTTP/1.1
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
35c1714d-ba60-40f5-b8be-c8e3ac9572f3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEAyPwaasCBKEd6wDGJZODh4&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 9A95
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzQxODA5NDc3MTU3NTY3OA%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzQxODA5NDc3MTU3NTY3OA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY_o_uyAEwAQ&v=APEucNWpF12ONQf4F6mWs8urW_HkpvUTXpe88NFbdu-mbpuFk1FFk8Jhq4Rn-xlIKsXsWntDqjccaXOaR6f9KKbV8m3KCELHajkIE74nKokqKFfl4qVBasCE1Ra7_0HxGIGP_-KUyPkQ6lHjbBcs6Ik2XZPKqq8uZ2Y3j0-2mAOM3MvMLyAnBQ1cgWZaOr1IegqsJRKpPm5hZdmCxVvghSUv4mbqeXjnqw
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:55 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
fa4bd102-ea6b-4d3d-b460-11fa3507b2b3
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc4MzQxODA5NDc3MTU3NTY3OA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 708F
106 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 13:26:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83950
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 02 May 2022 13:26:45 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/ Frame 708F
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKglUukYJMfK5Xd3FNRYlO9KTBZKgmM7Uk7TrNio34XQfPXwvHSO70bWuMx5MDS9vDj89rsQFdw-XykWBcTx_6KF1UvBmcOJH9cyBn0q2gaZV1dTdNK9nTPbAu3MsnFVlZN5bwAV8nK6HgohjtBT1b5i0PqA&dbm_d=AKAmf-AqpXjt_ByWIWDHSPcdsDUmwUnJemBKDQGCThCZLdh9jZL-nnJdrWEf1K_bWGou6YZmiaNf-dnH7cKZKHu2lNIrdnB21iAXRMdqjkjaRtCjsApfMd8wXFc6RsI7aQY0VQAlDBxxK6WFK6ECL_hwLP1oRd5T_2VOh9T0HJ5UKGVLlAvx6EJXMcDDl4CDk05Vd4ulvn4BfL_7lXtzvxYOD8C9YdIaKwf_WC5K4KfMrtZW8trkt9lhO6Ze8MliMPlSU9-3km4g3cYmun_JAgXYywXYyQEvwA08m_um0mrLQt4PV1Vzm1UE6cunmb7xuwVk2Ug6V2II7KF-QaOkdkCvyeCvejIl4J2ktPSBKJOh3HlQI3PG4ksWqxTB2Cce4RbTfbZ5JmieQp96ON38xFXfFt9ngIcZaiZJOseEyL1OIYYDNUV4KYe6s0qr1hbzs58RhnTu4f0tvhC-sAU1eXB8r00_DDnhKXq32DbVCh13-WgQCHcjVHevYiYoIcKTBO44Ve69stg_sawBRpk8RSn-tigeXf6EoZFjP2wjWR4AQhN6zY-A4KA4FccN8ELOCRcOfsqwcNoYUjERHz7ZBWwgmbcLED_g4Qux5tGgPzNz2QINVunP_vuDOfe-yi7vRLb-LHusJoagOBHFWs7ZHFvASH7Qv-VPN997AXkbxfEbBEVNpw5myQsrWI_IzfVNEGqKZ-xAOLlJvH28U38mgnF01qimeTgmjMxnmiP9juL2o3LyAPbSPAv3FX1-q6dURimda5Nr_jCrq4XhFO1ppBA3cYS1BFAYFy8GAsQKn0jVeTKyTgWbNVN49ElBeU8_C8c73lsGLx1tARm7IsogSyFuZKK6PRHJ0hL-AYFNYDA4rKfO4LgAOfAr6erCUL1XpkT2lET37HmlF0QrB2vnX812UdXYjxiEUWorOfEGrUW-N1QYvNIKipeABXVm7OyhdBeh8E3hMblY7U9CAuOQXV0R-KEjoSM0jZaNCyhn6xalqI0qnB17o_K9AisePZ3wKS4tiS1MVyIiu2yprF3oePufe6WTQ9OAMrWgqP_urAEGPaK9YLEzxrV3PXq34KI1QNgTbRUEKtbXgTJbWyrSF0BktRmNVVm3xGPm77MjjmoEZH1pIJanfnhhwXEzj8HEmBn_bZ9DoG6UAoAqaEvGjLhXJAnluzpZvijq0d9HLnnSZiESWLiPtI2K9MFDsCekZNn8LEGLX1d2rtj7-w6RT0wN9BpTLxqw4C-a8s_DnwQNVSu-C8208rIEF8K8nFp57bWjb5Q9Q_PtXkxiTkieV2BRUhr2QvQ559yrR9OwUvsDFAEKT7q8BByQU5Hed2hV-4xZnTx5zAl3PDSWxNtXW7oCJVGlql7-tH0M7lBrNxfJC2x4huGIYxY-sgNoBDTLaB_HeCRL9PXcOwTJWBOi0TQ8Opf5Yzwvyt16NQhTeNPF10_BoGZ-wXk2pqkCCfJP7T6DVXfOQHKawjne-T5OUe0d7ESfhusfUyLTH26dFfyX9PyCstkDXCwmEBdajgKa0r78S_wnZr_DIQzmkIN0oe2AFtwx0cWBnx-zsjYPB_6lOi68nR1nM3UWnlJH2dd09mL-LiAjD_uCaMYmMntPWAUgX3pUH0p2q2Fe7_-_qX7mqq7OimxaGdyJK1NApIMsOHVFuKQYgLsdiEsXCAZGvrOKWgINtnx4qDPGt8wf-0iiTmKFXPeKpgtDWA7wf2CDEBpTKWMDWAkFyOpZjkgknOZDM5A9EfdfuYr6GadkFAlBz2MOVUbNv5cuXSW9nMgczaFwqbZSFvDZHsYdmQBGC74fNuWlQ2bb-FHA_eypzfL8EszwO4gaWZgTNnzpEl4y4XMOb_4KHoaBqtV4klX6TnJZyXa9u1PHCjN06_5IMUeVQ9rjjQ3bnqqvTl1WCAVmksm_oX5D9PsAGknEOYXzp-wO2FGPJGHO0iguF__8Lu9wrcK-iKiDZCX8VHISBVT0pOABU7VXP95vbHKMh2itw_gFHnSO2bWEfvjFlzc_29bj1qcm2pYxHvGwALiZgssN-fksEzBaYEu1LWiY70CSPm9OqPdzeY4yLZa4bdRiFQpm-6DnCrfBVSZRZcQAXrph8q-7NTsrm3OtVchKUXyy4429BcQwQcRDmmrQfDjIxv7zs-vRK4w2fVXVhhWWOu2DZYQQ1YWElxc5O14UutJrH1y5buNawZJ0lTMYy1aNTNQGCEp3itDJ1QTPtNnO3Y7NXaCG2cDkQFO0Eh-K7M77cFnCWH5PZ2rogbzEgUFigNAoRufvUpG5amFbO5lft6Cm32qRjGYcyjh2Iwes0S_j7qHk7IhFdT9_STCPZx480yY9Sa2spG54nTYzanz0K5zJkxhQavFnyitjhy2Dkdxf7yMOI8ld591gb6_GPllyC1ovZtHGHOh7WJDX3bfQdKwhCIE5ddMkY6Gr7_EcUiVlkC8Gw6OqAFmz-9ky-vw_iG_d4gvkgiNEY-U0SKjU0ZhZYwMIp1-gSRwOl3-dv8WoOLHWkNWci3f-CDokewsInaJRCtva8Vm1roF5rhSrTFYkDqkaSJp0yflpOZqI7nC5E4KfG_3hNyB7xPDkH6pqlR99TsOYJyvPZyKH5ODScytSFEmxO6hlg6iSlmsat_Q8SnuotwZtgHvQflP01py2doIKuOT3bHmqBysNdj3yRWDMibSyBjrWdd-sUVnqBuwv5_BVJXjFi444mUdUUYcN3iaml2IYlZbWSCnfplo0HEQO-zBjEHKoi7D5Ti7ZVH6Rpxev0Li_cOboz5Un8vFnX23VQT6_lzIVo7YEX8HRdXK7KtkUIziIN9wey52T3TkqCcEc6v6SfNadpl0XMIfUNqHB_Y2JMGjMM6pcOmnt_Atcr98puheaUCogAF0ZCXHvOVcIBd6z5aRWj9JJ3kDUIRPQlfVhpS4wfFSBE-cxnMXtvGL3xo5AETYZZqd7oXHuBvubIXLk1igjZDSkHhfy2mpZ9zlgb4cpxNMwaPuDg06YaOgXln3gGWB0gKaP6f6f_eGfaWczUDwnIDbfeK7sPJg1xaj9AhqGyt5xcV6vxhfck7_gDHk_vXN6&cid=CAASEuRodJI3CiCwfekf93MHuUwhlQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:29:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
960
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:29:55 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/ Frame 708F
25 KB
10 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKglUukYJMfK5Xd3FNRYlO9KTBZKgmM7Uk7TrNio34XQfPXwvHSO70bWuMx5MDS9vDj89rsQFdw-XykWBcTx_6KF1UvBmcOJH9cyBn0q2gaZV1dTdNK9nTPbAu3MsnFVlZN5bwAV8nK6HgohjtBT1b5i0PqA&dbm_d=AKAmf-AqpXjt_ByWIWDHSPcdsDUmwUnJemBKDQGCThCZLdh9jZL-nnJdrWEf1K_bWGou6YZmiaNf-dnH7cKZKHu2lNIrdnB21iAXRMdqjkjaRtCjsApfMd8wXFc6RsI7aQY0VQAlDBxxK6WFK6ECL_hwLP1oRd5T_2VOh9T0HJ5UKGVLlAvx6EJXMcDDl4CDk05Vd4ulvn4BfL_7lXtzvxYOD8C9YdIaKwf_WC5K4KfMrtZW8trkt9lhO6Ze8MliMPlSU9-3km4g3cYmun_JAgXYywXYyQEvwA08m_um0mrLQt4PV1Vzm1UE6cunmb7xuwVk2Ug6V2II7KF-QaOkdkCvyeCvejIl4J2ktPSBKJOh3HlQI3PG4ksWqxTB2Cce4RbTfbZ5JmieQp96ON38xFXfFt9ngIcZaiZJOseEyL1OIYYDNUV4KYe6s0qr1hbzs58RhnTu4f0tvhC-sAU1eXB8r00_DDnhKXq32DbVCh13-WgQCHcjVHevYiYoIcKTBO44Ve69stg_sawBRpk8RSn-tigeXf6EoZFjP2wjWR4AQhN6zY-A4KA4FccN8ELOCRcOfsqwcNoYUjERHz7ZBWwgmbcLED_g4Qux5tGgPzNz2QINVunP_vuDOfe-yi7vRLb-LHusJoagOBHFWs7ZHFvASH7Qv-VPN997AXkbxfEbBEVNpw5myQsrWI_IzfVNEGqKZ-xAOLlJvH28U38mgnF01qimeTgmjMxnmiP9juL2o3LyAPbSPAv3FX1-q6dURimda5Nr_jCrq4XhFO1ppBA3cYS1BFAYFy8GAsQKn0jVeTKyTgWbNVN49ElBeU8_C8c73lsGLx1tARm7IsogSyFuZKK6PRHJ0hL-AYFNYDA4rKfO4LgAOfAr6erCUL1XpkT2lET37HmlF0QrB2vnX812UdXYjxiEUWorOfEGrUW-N1QYvNIKipeABXVm7OyhdBeh8E3hMblY7U9CAuOQXV0R-KEjoSM0jZaNCyhn6xalqI0qnB17o_K9AisePZ3wKS4tiS1MVyIiu2yprF3oePufe6WTQ9OAMrWgqP_urAEGPaK9YLEzxrV3PXq34KI1QNgTbRUEKtbXgTJbWyrSF0BktRmNVVm3xGPm77MjjmoEZH1pIJanfnhhwXEzj8HEmBn_bZ9DoG6UAoAqaEvGjLhXJAnluzpZvijq0d9HLnnSZiESWLiPtI2K9MFDsCekZNn8LEGLX1d2rtj7-w6RT0wN9BpTLxqw4C-a8s_DnwQNVSu-C8208rIEF8K8nFp57bWjb5Q9Q_PtXkxiTkieV2BRUhr2QvQ559yrR9OwUvsDFAEKT7q8BByQU5Hed2hV-4xZnTx5zAl3PDSWxNtXW7oCJVGlql7-tH0M7lBrNxfJC2x4huGIYxY-sgNoBDTLaB_HeCRL9PXcOwTJWBOi0TQ8Opf5Yzwvyt16NQhTeNPF10_BoGZ-wXk2pqkCCfJP7T6DVXfOQHKawjne-T5OUe0d7ESfhusfUyLTH26dFfyX9PyCstkDXCwmEBdajgKa0r78S_wnZr_DIQzmkIN0oe2AFtwx0cWBnx-zsjYPB_6lOi68nR1nM3UWnlJH2dd09mL-LiAjD_uCaMYmMntPWAUgX3pUH0p2q2Fe7_-_qX7mqq7OimxaGdyJK1NApIMsOHVFuKQYgLsdiEsXCAZGvrOKWgINtnx4qDPGt8wf-0iiTmKFXPeKpgtDWA7wf2CDEBpTKWMDWAkFyOpZjkgknOZDM5A9EfdfuYr6GadkFAlBz2MOVUbNv5cuXSW9nMgczaFwqbZSFvDZHsYdmQBGC74fNuWlQ2bb-FHA_eypzfL8EszwO4gaWZgTNnzpEl4y4XMOb_4KHoaBqtV4klX6TnJZyXa9u1PHCjN06_5IMUeVQ9rjjQ3bnqqvTl1WCAVmksm_oX5D9PsAGknEOYXzp-wO2FGPJGHO0iguF__8Lu9wrcK-iKiDZCX8VHISBVT0pOABU7VXP95vbHKMh2itw_gFHnSO2bWEfvjFlzc_29bj1qcm2pYxHvGwALiZgssN-fksEzBaYEu1LWiY70CSPm9OqPdzeY4yLZa4bdRiFQpm-6DnCrfBVSZRZcQAXrph8q-7NTsrm3OtVchKUXyy4429BcQwQcRDmmrQfDjIxv7zs-vRK4w2fVXVhhWWOu2DZYQQ1YWElxc5O14UutJrH1y5buNawZJ0lTMYy1aNTNQGCEp3itDJ1QTPtNnO3Y7NXaCG2cDkQFO0Eh-K7M77cFnCWH5PZ2rogbzEgUFigNAoRufvUpG5amFbO5lft6Cm32qRjGYcyjh2Iwes0S_j7qHk7IhFdT9_STCPZx480yY9Sa2spG54nTYzanz0K5zJkxhQavFnyitjhy2Dkdxf7yMOI8ld591gb6_GPllyC1ovZtHGHOh7WJDX3bfQdKwhCIE5ddMkY6Gr7_EcUiVlkC8Gw6OqAFmz-9ky-vw_iG_d4gvkgiNEY-U0SKjU0ZhZYwMIp1-gSRwOl3-dv8WoOLHWkNWci3f-CDokewsInaJRCtva8Vm1roF5rhSrTFYkDqkaSJp0yflpOZqI7nC5E4KfG_3hNyB7xPDkH6pqlR99TsOYJyvPZyKH5ODScytSFEmxO6hlg6iSlmsat_Q8SnuotwZtgHvQflP01py2doIKuOT3bHmqBysNdj3yRWDMibSyBjrWdd-sUVnqBuwv5_BVJXjFi444mUdUUYcN3iaml2IYlZbWSCnfplo0HEQO-zBjEHKoi7D5Ti7ZVH6Rpxev0Li_cOboz5Un8vFnX23VQT6_lzIVo7YEX8HRdXK7KtkUIziIN9wey52T3TkqCcEc6v6SfNadpl0XMIfUNqHB_Y2JMGjMM6pcOmnt_Atcr98puheaUCogAF0ZCXHvOVcIBd6z5aRWj9JJ3kDUIRPQlfVhpS4wfFSBE-cxnMXtvGL3xo5AETYZZqd7oXHuBvubIXLk1igjZDSkHhfy2mpZ9zlgb4cpxNMwaPuDg06YaOgXln3gGWB0gKaP6f6f_eGfaWczUDwnIDbfeK7sPJg1xaj9AhqGyt5xcV6vxhfck7_gDHk_vXN6&cid=CAASEuRodJI3CiCwfekf93MHuUwhlQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:42:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
189
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:42:46 GMT
beacon
ap.lijit.com/ Frame E5F1
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap3ams1
check.html
biddr.brealtime.com/ Frame C608
926 B
1 KB
Document
General
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
673
CF-Cache-Status
HIT
CF-RAY
7050db590f7c5c20-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 02 May 2022 13:45:56 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
beacon
ap.lijit.com/ Frame DE4F
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap3ams1
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9D84
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=65215
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 03 May 2022 06:52:50 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame B51B
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-239.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
ETag
"623de86a-cf34"
Expires
Tue, 03 May 2022 12:45:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 4BBE
23 KB
8 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0e3acaace5bfdd10b40e45ea6111c8d148bce299e0519ae3e00a1b38d4af9659
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73822
content-encoding
gzip
content-length
8260
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:56 GMT
expires
Tue, 03 May 2022 09:16:18 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame DB6F
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-239.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
ETag
"623de86a-cf34"
Expires
Tue, 03 May 2022 12:45:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 0A4D
926 B
1 KB
Document
General
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
673
CF-Cache-Status
HIT
CF-RAY
7050db590b6e5c62-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 02 May 2022 13:45:56 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5F89
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=65215
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 03 May 2022 06:52:50 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame FC92
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=65215
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 03 May 2022 06:52:50 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F8E5
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-254.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=65215
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:55 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 03 May 2022 06:52:50 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 42BB
0
80 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 02 May 2022 12:45:55 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
/
ssc-cms.33across.com/ps/ Frame B1DC
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP003 /
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
server
33XP003
x-33x-status
2000208
check.html
biddr.brealtime.com/ Frame 98EC
926 B
1 KB
Document
General
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
673
CF-Cache-Status
HIT
CF-RAY
7050db590e729b45-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 02 May 2022 13:45:56 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
pd
u.openx.net/w/1.0/ Frame A6E0
0
91 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 02 May 2022 12:45:55 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
pd
u.openx.net/w/1.0/ Frame A2AC
0
80 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 02 May 2022 12:45:55 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 15FD
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-239.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
ETag
"623de86a-cf34"
Expires
Tue, 03 May 2022 12:45:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame B51F
23 KB
8 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0e3acaace5bfdd10b40e45ea6111c8d148bce299e0519ae3e00a1b38d4af9659
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73822
content-encoding
gzip
content-length
8260
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:56 GMT
expires
Tue, 03 May 2022 09:16:18 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame 5C17
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-102-28-239.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
ETag
"623de86a-cf34"
Expires
Tue, 03 May 2022 12:45:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame C17B
23 KB
8 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0e3acaace5bfdd10b40e45ea6111c8d148bce299e0519ae3e00a1b38d4af9659
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73822
content-encoding
gzip
content-length
8260
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:56 GMT
expires
Tue, 03 May 2022 09:16:18 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
beacon
ap.lijit.com/ Frame D5BB
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap3ams1
pd
u.openx.net/w/1.0/ Frame 36AA
0
80 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 02 May 2022 12:45:55 GMT
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
checksync.php
contextual.media.net/ Frame 3937
23 KB
8 KB
Document
General
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0e3acaace5bfdd10b40e45ea6111c8d148bce299e0519ae3e00a1b38d4af9659
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=73822
content-encoding
gzip
content-length
8260
content-type
text/html; charset=UTF-8
date
Mon, 02 May 2022 12:45:56 GMT
expires
Tue, 03 May 2022 09:16:18 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
check.html
biddr.brealtime.com/ Frame 20E9
926 B
1 KB
Document
General
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
3709
CF-Cache-Status
HIT
CF-RAY
7050db5908a48fee-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 02 May 2022 12:45:56 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 02 May 2022 13:45:56 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
TZDfxO4uwORNUA/4irnRs9qqp9lI3eH+ruz8qqqAX5jBwgQ1rzgBbhsPKs2FgAnYzrbwWSW5JnM=
x-amz-request-id
15DYQDFYDGXZWWWF
beacon
ap.lijit.com/ Frame 1E4B
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Mon, 02 May 2022 12:45:55 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap3ams1
usync.html
eus.rubiconproject.com/ Frame 7A2E
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 May 2022 12:45:56 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/
0
309 B
XHR
General
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:56 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 708F
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 12:32:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87224
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 01 May 2023 12:32:12 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 7EE2
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
83984
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 01 May 2022 13:26:12 GMT
etag
48472445140208031
expires
Mon, 02 May 2022 13:26:12 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 708F
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3328beeff094245f649a189b6f989a7839d25e6724360daaf69cebf2b1e7b4a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/
0
309 B
XHR
General
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 04 May 2022 12:45:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4D3D
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CVP2vkMpy2lVMzBuf8XM-tGRsPVjKqj63S6oqGx9YRu6a9DgTn6s0pY283TXBNOg4pUxs6n-rObw9Rh2sUkVO-rY0GF0vB3fpzxceNdEW0iO8859E
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 4D3D
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:44:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:44:31 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4D3D
120 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1651059573277210"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 02 May 2022 12:45:56 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 4D3D
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:43:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:43:05 GMT
l
www.google.com/ads/measurement/ Frame 4D3D
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ2dZ1d6GlV0FTNuGtyjVmjavKGCiYqaoOvnN2Fl1rFlObf_LPvzkV8WFpgDsJ1_-RWhPZh6qEEpVGEm21SqqIohrhB9w
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

usync.js
eus.rubiconproject.com/ Frame 7A2E
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=49785
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Tue, 03 May 2022 02:35:41 GMT
index.html
s0.2mdn.net/sadbundle/16224771542101161438/ Frame E7F8
64 KB
18 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/16224771542101161438/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bad563ad601410593004428dd0a47d07964db2aa62712afca6633e5d0b8b6196
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
346172
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
17980
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 12:36:24 GMT
expires
Fri, 28 Apr 2023 12:36:24 GMT
last-modified
Mon, 25 Apr 2022 08:42:58 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 708F
0
622 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssCcG2bnU6r3d5swYgY1aAfU_UNB9nHfm9xXbJgUDnf6UR7EdKBO8kb2lQ6vnVCMRtlV5QB9lztSK46FONxnD8Vc-kGG6oRdrcKhQgenZatBvXeqwn0h10PjujFYPuritQfkFk4HZaO5LoeKU8VkmsEPlgxGPEdoYUocyqnRKPoJK6311qy5_ZYm7JAOBp445bRCcBmX35f48caEBID-WvEbszSAu12bp5-0pwTX5_1AsOUD79pFwpKtNCa_bMtHssfm7Cy6qIEckwWF-DuX9OOETjn40gh9Bbr1n2ZAIkbgw-ff84MVbNWEH6MNsze_a9_F07TBdyIjdwhCCRqtAj6GkXWQHp-FVaxiRppsqlabeY4ZeNhckSAHA0-w_TQBL-QVezKJyJDjw7noRX8b_WSgbU5M9r5zMklai1QK1GK2UDMgcVI3cORDhq4XUJwt230gd1eJqnwo0lqq86eekrlgFOs1J0iu6dSkCK9qgtjxjgTUPZ1O_9la71TMFWELOz5Ut29IkOQ1Bl24uDUB6blWfS9eSWsJyZD61NTHVmZBJJOrqOeG0cXgEoLTlE7dffhHHbqMIzP-gq0lknqLfzmDKawHNY_OUyNKwktXhh1LkLdfP7GYHkkwVlKps2YuQAVHiuURTBsN5tATIVkZveXXO2-N1anbC3-R8gXsD3pXC_9DDtc0ed0oRftknuC8b9MC_YsnGHDGZ127zgnvUoJhbLAnxLPSnX0QmMOTyIilq6lzY15NcIpphAGg_jlIq-DM190dRWQKTX6U_qC1GG3j7SKgE1Ht9vkS1sDO8RlShOdL0mvNRIUr9PchTq9WoeqKuED3zrqQXjUtl6DaHw8J8XkdB88p5mPNLHKK9rtGUzYj4awieL57LMv3tUv4d18Wr4cGSQpowZcI48m7-xsHWWexmWuvv6UbdclB8aBu4WC0-uwHWaXGqbWmTzcR9qEHKLWhVOlVe971vnGFkcv3oVRtg9Q4jyY-J6hBp7Ke16J1sdvgniir463J1J97smqPGvAUcTtvWIUw7LdpHb6PIguLbD_whRi7zf2_EdWenLdf9PvDrJMGaD_g1z8ZIFCPsKsOCdnRJdlDzOAnb9-FG6obVmLCrDTkF6qLnf8NYTqsc8FuEc5IVISW3gRJQUzuUL-F7RXQy1jR1UbWUEHiJG8PA4z4Q&sai=AMfl-YTH7Xz_TaLnqEkbZfX2lu4fdRYWJ1U6tbF2d9O5ZlQtaDlFlwOjBwpyGk4WueCYz9awJwdzmztWPQj1-wGl25WC1YGLaK2KNo6tLXFQBQMnWcH8IkUwIzdbv1iI9og3_u430ucGMzhI4hSxu0MZfkZfj_oemA&sig=Cg0ArKJSzK7L19ssh8xQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=319&cbvp=1&cstd=316&cisv=r20220427.20258&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.36.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Mon, 02 May 2022 12:45:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7281
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DSyMCFHTgNkfe7hLfVT6G4fmgB5UiHo-A-0pJFFlBIF1Fky5NXryzZXOCCXkqeiSWrR-yrLJ9_j9DNV5JNU7wmY3pCvjO6dsWwsHgtPd_cyee9B9M
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 7281
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:44:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:44:31 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7281
120 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1651059573277210"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 02 May 2022 12:45:56 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 7281
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:43:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:43:05 GMT
l
www.google.com/ads/measurement/ Frame 7281
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRi7xVp8MSBaAlYbQuBRHF_S0ts5InbpTfkOdkt4E4bCCXuN2h2LZVTivkIx5deSa7kLjtkKzmIWl9RjSiDvhASQEm7Lg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pixel
googleads.g.doubleclick.net/xbbe/ Frame F1FC
640 B
316 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY14ruyAEwAQ&v=APEucNWaCbSt8l7yY6gNGV4vKYwBPLwzRHsiamddEWTnRtBhK4QdyOTfWDn9LNGD3XmWDbXQiWTBnfjROO9y39HYpU3cJXhSS4rXKLA_BkMPW7cFe0rgO7pd2phXLAf1QwhtlSHjNNGOl7EAG2IMMQ6RvRH8o60jS38hktxWrWdw7QV5AtJoQvb3-YJh0rftusAz-hR-CJIwvdBy1XCeYkKEEiwwPkTudA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 4D3D
76 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AF-3gkTCnXOlUd3XtS6sW6sK0VUs-dR6H01iZVT91sOiwlxT3t-NGFN9n7JlgQJyY_KllmEFeNAqeU5c1-Bqrlv49sZfBViFeydDK0wa23yFr9x4seCUMuU4Y95C2yOxz4z9Es4L9NWgG3i_iNYGxrNh1iKw&dbm_d=AKAmf-DC0KzH001gk5A7rwRegxmZcu5xm7ERu_prxq5ssbvrzn3nxCgRZqlqJ0yiNhYd4ti1URnEmiMObEQeKLU68YSSKyrtE57I93XqJOtyNqRqXDtax6dhFR33gHy4g4b-5ZdlPMDByHW-rUxpyRZKGn2pa2LKNlvAUBOj05mX6bjqeupIBHZFsMpmGskF-TNYcLB9uUCuSRLqCr5bELF2PonznhpVzUhOd1nrDf1UCSEuHCBFgB2zmhOfG6MIUKjFYSTHvU8KlhI-CMYVAYWbUUCY_T9EgRCFoOVrMedHML4fmwAOp4qVWlbspqL1A4tt_FBIuOoInFxEbNbRC14Z2Q5euYpJMASdZjfdsTAY_f-w5QOCd1QkaTalazfF6WPpy3AcMQF8Xur_D84H5RumsrTSCD_HXiqMN22aG8o52-YkrO_tPClILPXyuTJ3VrxcVD0sbsQQCah7zeaPgxsQwIP3O_GE-r2fLqF-c4ChLxpBkdNKahynC2vNb31mTo_Zy9ImRjckGe3tJjX6pUDRzY3n_wH_cZb81nNoarpRzjAKt-XLC5SAoEQFExwu8WFyX9bcwKqpXlaOwrb-ySBgOP_pG-HnlLAf4C-DrOYFhjpIsNbbzwEUug4Lt7N3LM5J9vLk16LZ1eUFVDNSBBYs8AZibr_rUhIx31MtsVj7J2urY4YOmAaHSiXWCtJrLaYFTj5uBuu7_g1BRCSpjzMJtv1qBxBN7CtbUb2LjuGNnfL11A4ud9ju325ih29H-E9OTMBmpAOcRrkcdh4OeCfuU7xVyMK8ljm0Jjiydo6gV6uUQVEaKumpavSoiW57gsEbcWxpH_Ww23D9Br5tSRg3Vh-IrqJQhikxm7lfLwxCF0tGSTuKggc93DgsXY3WXzZbDBI-gPwadXp-ECQmhpgIkvzt56RNAVY9Hci4S9Q2DxM0FYlTl4ILP4mSny8KHm3XDMiTisdBcebo_QqTpRK6tkgZ2ktBm78rX-3LIZw1krlGeR_Wza9C2bt4srsdHFIRWMaGyL3Amo0IlxsayCcYex4_C7Qxu48G-q4B9PKkivmGDbmkKnvmYRNpExIsPbUnG7Fv9vwhtA7BaiweGrztt8a9nbJae-xS4z6UmYLLZY5CyhmP-s-CHZ1bbQ5DWmS4-sEY7182PTYH1ZJ6Z9EY7Szux6Sh7q2M5RvNfRrAjqZ02GzRcjn5VQtdiZDtClSX8gotnAU5CuwrtOtVfNSHADj8rJBpOXV8_wyebCzRT3rZj5s_1-kp9Zd2M_jTNqIxBDhhkS4nUMNiksEOpvUocTGYpacXioKBX4iGgp-cIC9l3I8AjdcejluUWpjq9Cf2C4idiXRycwdNbFzULDKf3Q8ePofxg3lWv68sYVs4w4JgrPPmtZkDUfw2H71MKvgcbO-CTU_fB3VYzemzN1wOGaboCnkdqOnAGnu_PSQCQ_MZ1hRM6ErO-X8Avvu8TcfYdyB4emvrqvbScjuy4mUvf3fdpHZq6zuEllQtF_6tIcuD02DtisYjDvyqkXdPuE-EwVHi4HPTDKFCzpRCcys83sTHvr4w4_b0rS-b_oY9hiUTX9SaRblWHSQGhhSHrjQWezseeuk6zQoB6w-gVRpi7HAypzxvFgsLDL7mz9QL8lJ5yH6j1gZUPUz_tWkCx558qaUQvrYJGSyZmkTn0l9G7En5qJkgnmH44I01n43CRRih_rhD6Cu_vC3Otl_Roc5uJSIiyD91AXjrdqDEJP8qGHHtV4a90cEtj0Q3iL38yo8i0hl9b6Ow0gkMQ-uAvIL51ulEumRQb_GbNflgXFyS2fwTxmVfc-MJ_khMGLI3_hjv-gzqD0ngR9C7BNhA7K65edjnzW8f14_y7O0foyhZQJ4cxExFsdBaXkLfgUXLb6yb44uopEtwbgUyjIGkUaEslQW-Uw_UcZxjBER4XGUFeRy-SDH_I31hx7Fjk8iWUSoP3TwCyh2IKJqibOHgmd8D4huJU4NMp1EsDjJ4Nn4dP18091TlPYTrLwu_TE7MhH8w2xgXswZxbRDAUyqOEOxBud2686hAGBZSCSlFgxBRixCDKO2bfYiIrBIDjQKsm-e9UGY4oAlDy85q4EumTtnkz4ial0r32nl3XWIb4mwP1wx7CrNgmNu6t5ZVZHHDpaNMlCUKaNbhq3jI3xbymH_s-tvv2uSdg03mtYTVwqwo7WyVA1ZWWUuaLBeyeDrJGth9EiBQqO-S7OnueTUrMLj-WfSCKLmzgsuOA44NRiy8_dI7HFLd78GVj0Tpv-R-6Xb0iWSEzj2LDNNqIefZJE3iUS2otwP5cxyg-Z7OrE8A8EBv40EuF3qawNnzFumwtCb17-qJOP7lXXYmQ7e4ti1717ZKO6g2PuK7w4xjC1rui-stA9nzn1oZl24PFTLW7Mlf0nFsSNRmMuTF9YgY4IikQ3ee07mrS9o2onyHbTFrH6z_9HFAYd7zRWZmnuMzKEVpn58gOQQXrsG0KdQ-FxSTBiyF9OS_9Sxn4JMHojoBUSq1g9Y32rpYE0b1mYdB0ud7pfKxbob9tr1ZZC-Hd5pqblXiYb03ijDqaUUQXAct-0Y91atWxlXclThM2NhsN6nN-RioIx4x9Rw0xIpPPFNQkTDG84yz-QwLGBtCmj2-PHhN6A-G1AB6O07f0Q6lUpOqFW9yl9f81a2-VGLxaOPe5XWDHjYvwI3PZkHmlab1yGTb-m7VxZLlDRTwONE5INJqctKBHbFZy_eLFOKIL_G5ROk5naJ5BnRpQc0oTh6tBPWDKi5JnOaarE5pfaZYgAZrYfA-hUvy8TNz5R0rBx4QVxhO-10UjTC6UvHcp2ep_HwkmBpx_UgVa9sdBUR3vitU4U-9Y5E4ZwRaSPlKF7yzxhv4IdyIWgpRYqYjJUIGC0ZGuuNwrp5wHC2cVAH--MtKfPE-splWEh5K8UjqtpfRw4tTcXXzCFN0zaNYJuqrhxWdfRlvVvcN_vUvTAE9NQrmKbRpV0dgFL6U1okbL-UK2c2WSy26Nk-69wKK43D6OPsasyXWfukL99SL7lZ9wK1IgWapFiitNxdeQsq5j1hX3yhfuIC0ja7sLw2zqICYwHaMDnU-Wg&cid=CAASEuRoScdbSH6oKJpM-22WcrM-JQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
d9fee4dab2ec131f16a57d9e9e72d2cb469626607c24f19f931008a52c71e385
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32655
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 872A
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
87224
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 01 May 2022 12:32:12 GMT
expires
Mon, 01 May 2023 12:32:12 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
async_usersync
ib.adnxs.com/ Frame B51B
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:56 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
1d9103ca-b87a-4af2-926b-2c10326e04b2
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 15FD
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:56 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8ee1f631-1494-4b80-9bd4-569079a8d09c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame DB6F
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:56 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
72e332d4-d08d-4af3-a7c3-eb662446f932
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 5C17
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:56 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
1e00ce13-d582-415b-8e29-f3a67b6ca83b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 1B62
586 B
315 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY3ZGNyQEwAQ&v=APEucNXNXecZTPhqKaJm4XEstBBM93dmI2lOVCAwX0-p-QQVhj3bY20WycHRIkOWP5TTPCr11Yuhtj9r7Fbq5DPOOH9-PF0kD6WGsyb09q1qZjKaytQnWDaQ9bw7i0cGS8tWymvUJb-iyvOL3fuXkrN5ALlfSkb42M3yHMrWEzSGJY638XobOMwqCttZ9A0rpbjUXrWMSBzZeuT7GimXTG6vVUh8SQ17sw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
f12c6133a12eead81c368fe146cb489bdb7331b5e3b5ceb9ea52eac1e3feb815
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
294
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 7281
76 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BJd5_T1c4q9SWOkKtAZqu7_g7qLSR_y18lICm5Lj0hkExyQX-2HpRwH4-uPLpOAcU2qgrpeYsryRqZ_4YT2GL7IkjF_1T4jJf1z095Fn3T9W-uaL6ti7wyihoX_Bw4YFFGCgZ1aljhafY-fp2hY7mvRZCPsg&dbm_d=AKAmf-DohR9cyRHJPm75Tr2MivONGfkQDE5aYDJVbDKwuzmZ6wzsEmg3LJW6wbPHe7csVLEJUluBpXSEIMgC8zx_7jChnDLDHXBasrLBVu4BiMZR9SeI7Cnbl2SyfOBFQz9fKAhXiT1OWqg7BdqKt4UFepw5aobDTbQFUj5RmsBMlH0I58hzvOlLZWsxOOb-URqQCXWvE62SG0OAjnijNqYKId9QpsZNmBqZbD9bwzyRgev3YoIh8zafsdwF4mA-Fo_aKCIZcDT-964rpEO0AyZYgwDjfKkGr0HRBAVxutasyCTlHR-qXQwTGpiBtTPl8qrOE7l1PFcXNf2YMq4pZSF3atHrmIMyMkz72C2o-UgrAPYJG93jqF_LuafWRNTSLou3MLqld_R6pd-_I0RuKZifnVowIwFeflIk9_bWdZ5U6wPxLi4joUS-WOOD_Lp850Y_daHsij4ChiVSy_uRG7vJbmUI8Zaz9_DRhQMgy1bIgHANTunSUp4bsdY9eMPQAbx0a8QedSr8aM5Lok-Ydk23OaQnR9rPCNrexs4bz4SEaZSmZdYimOCUTBMlqUIuXq4abTi3WkoW4KrTQ5nBeLuPxPAyscn_4ojuUdJwjjaIeexz_CKa3Mig3eAPG5M__wLszMqzgGZ902Wr0VKBLSmCyOXrgVg_r4vYQftsPm0DOrL7n0gIeQ6m6FNlGHVhtQqH8s-uaxILbmG9dq8W5LghFns_5FFhh3Bn93P-VGiT-kfl9XkJqAW_wmwUUxT0_424MEuopS2vzOwmcxW1LvcDJ49NBzlgSeyW9NOafiJWbFw1qNs_gs1Y07e3HYzRJi9KEf92vUPTagBYIKsBKzoBbbUH1OrAyPihaqQAYULNDe5hwlh0FdxvO5rS3lSqol_XiLdEwAf3jCb_92YVmMuEW7xbd_PdEHTQz8DhdHjbcUJgOt-eh5-lVMblUTPP3OFVhdBhDyRr7O2Vfvy3K3UreHK0ik73uCMLAN6Nh6omVZt_ineCxM5bMGQZ-KeoDDIZVC693WjlZwQiqvCMivXdjJ79_h6WMnbq5kueB68-eX5UgLW81fzxxOhIS9-TNdd1hyymfxGG23Dr_YpdsrclLb5mh5-DJmRnAa1x-JC80SsuDTI3zcBk1rSO1k207di0gNrgWbdro0ePxBiqnefx8JUUhXELZuoH-uGlf72fq5IpDSd3ewOJC7VwwnvGoxi8bDsZKXQa_Xor80QKseXeOpqjHgOTrVlnL65Wnpp54vrFRzVBJShhwRVYGIN4YgSQFjhTHJbG5dMGJRayM7ns3TWq6xknrWk4rrhrabyLO1_6Gt2Uub7T80fZkmT-aWf5z8hAWaO109gs9RmCuY8bjFr1lI0yd-WfCe0mqOR0KZOlsK6whR4NQ9MYT21_-beCUOcVKxupUsvLAocRBxRkKGAJvJ0ODz_KnoujsDPuGg8Bdfb8X5rhPvLKIva4XO_bIJFzj1SHOotTRH4ykAEI_9xm_PUKGneT8JT0vMWwCFcaP2ET7_9mmIp4U8-4cV3h6pnS4kBvMRk7toF6oS6_JN-PLfSzPmxvf3PFGRHQQzblhahFF-lFLdnc-D250Tfs5_QTqy1kQC2oGpS6sCUkCEP9GSfxtwjOkObuWVSkpaZG-jWtdyEiRK5OfO7zcGeacjsb6UvV6ik6iuxmki8xgg2GoDCfNZ3_rXwnhUUFs-tDskgWrmo2FjAhwIxEwFpJIKf2hDj0AZytMJrHtt9hwQJIIHf8kx5xqFGMJYFhMd9uAk-ah7V3fsIko2PYfqomHNzWd9zUkKBkXIWsiRvrXbUPRjGJ6xcXtrw7NXkEilrsmxKChflb19fDkZSRRKXnqKSPjn1TudJ23uZfu0jjW7Oapdn3EvTPAKmNbcf64HPJYZll5qUIAT6ZwM49r-IWF7pnbByySv9TnL99JaGUSgFox_8ZliqSuLTpoTLYiz7fNILoKNAwySVNiqd2OLxbG64CHh7TiZHpuJSfIGk0ip6uPJLlIXNbNk0pk87JpxEDB4_kFQk163Imjppa3JFtS8CO0AH5jXJNUhpwxqp7kA8XzczfUWqBU88-K1zsQ1qhBvFD0RZJ4x6smFyZaWxETYkK8jMW_NtPNyW-1SXlPZHlP20Na24TkG5FK2yGz8Xou6K4DUaFzhP0jzGngejgDh3JADC9a4qJ-Uva59_FCGAXtZzMIGJXvqe87__IJzN84OdIxj_1pkoQXmht3xJIDvZ6RyA9kqHn389PaoEXSWKoEyBoaNA03_LkyUTW3C0a4WWuGf2fmfYTxP-jYp-Y9YuAMhbP-4sQmrvm3K3fqICxjMOYHnISeLbGw91OdEsLO1t8BHFmX469jCzxKjoZuaDD7lLAgSryJI2OkkniPEOD7V2-_AX4zDaVOF_G-IxaRCkCJz8uunEXA0p5p3wgjbJttOogVgJY_eLEposKH2llArMKrUAotu5tJX7gqzv5FkNR8z9LOqNhvZodMAac6rs46TMdaL16WGRea7MSk_u7TwXqAZxh472tS2nOuQD63_vn-Kp4yLxVvTGRCNFPk155wHQu8jvfppaggyFjjZWE5ciOs37L0hqh_SFSMP_nSWcHxwp8XWzor8Yej-SrOPhAmSrbYoJW4VdXs_TJx-NO5luy1urFscdaiGS92WQf5VXMPGpSsIKAcpfnfbHo4STNCmp0a153f9qdTC4R62SNCCEQPuSFaVaHAlc__OZ2GXc8DmlCSkuq48nMqx-2ZdTl09qLUaIDsG_YNqjkatuZ-9p6ARqLvrSlpcE8EOaOp30vqwDhpH1kOK0NqtII3dEqbb_SylZIDTCCy9uJgj0pl4Mb1wxgPHYhWUhTBPlb3KYGeD_EHdMlN3y_M0NetXAkluUxLsyvlAwo5giJ6Nrfppv2bgywMAv0YHsIIRYyf8iOR9licKMeny8XHzAcRsb-HebtYjxa2ywjcOoRqS442Q78GFrVsMGqLZzK_1zIVENQG6a1c-x5ha1FsNjmsNc71gmwVpNLXsPNKcISJL6VtWtEcEOWBCqNDejnXYy6r-Tvd-JcwMEZvNea6P-3yopncQxw&cid=CAASEuRoZDAIj1Dzzbtt5sM-EPTe8Q&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
1f81479b9ff928b0be2275ec290f76762d46db26f9c35969e68c419a4057943b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32633
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 7EE2
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEOY5l-wY66CZ9AqWbcBi81g&google_cver=1&google_push=AYg5qPIz2zJXrjlObyFnBLCaH1IiTtvGZWVyTn6eqgd5YuiwE5YDiD8MvKKrC8osB7f3bROxThP2ijGU-fG7bsr7XW9a5j_7_U4
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODEzODg4NTIyMDUzNTQwOTEzOQ==&gdpr=&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOY5l-wY66CZ9AqWbcBi81g&google_cver=1
43 B
398 B
Image
General
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOY5l-wY66CZ9AqWbcBi81g&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H2
Server
2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEOY5l-wY66CZ9AqWbcBi81g&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7EE2
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJPIFFv7SKbPtPtk3WzQ-GWOWmTMU...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJPIFFv7SKbPtPtk3WzQ-GWOWmTMUMMElppN6mEpemhii_SRevQSCzCFyvNAl7be0sZtTCKmvfX6cWBzYmS-UtAJ4Ysps3y
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651495556.347136,VS0,VE0
x-served-by
cache-hhn4054-HHN
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJPIFFv7SKbPtPtk3WzQ-GWOWmTMUMMElppN6mEpemhii_SRevQSCzCFyvNAl7be0sZtTCKmvfX6cWBzYmS-UtAJ4Ysps3y
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 7EE2
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEKIwGMYctALPf1NvRXwPyr0&google_cver=1&google_push=AYg5qPLH4_rrMywHI6ezQbFWREIgMoAfwLVOVGTS0RAHz76YeJ4TZj5kb8Tn9SXDa-gQmxRmxzzadXWtJGt7jXvsEaJCDQ4fnsvp
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C6CDCCE70F8246B185FE1D2B153F3554&google_push=AYg5qPLH4_rrMywHI6ezQbFWREIgMoAfwLVOVGTS0RAHz76YeJ4TZj5kb8Tn9SXDa-gQmxRmxzzadXWtJGt7jXv...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C6CDCCE70F8246B185FE1D2B153F3554&google_push=AYg5qPLH4_rrMywHI6ezQbFWREIgMoAfwLVOVGTS0RAHz76YeJ4TZj5kb8Tn9SXDa-gQmxRmxzzadXWtJGt7jXvsEaJCDQ4fnsvp
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C6CDCCE70F8246B185FE1D2B153F3554&google_push=AYg5qPLH4_rrMywHI6ezQbFWREIgMoAfwLVOVGTS0RAHz76YeJ4TZj5kb8Tn9SXDa-gQmxRmxzzadXWtJGt7jXvsEaJCDQ4fnsvp
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 01 May 2022 12:45:56 GMT
pixel
cm.g.doubleclick.net/ Frame 7EE2
Redirect Chain
  • https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEGyxtXgRQPRXQYJRlxjjLqk&google_cver=1&google_push=AYg5qPJUdicetqf3CmCpk3pI3bTatKku3-c9Dd8-KI1ejza_uv_fb04LhjrC50960vqJFzfmmbS2X...
  • https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJUdicetqf3CmCpk3pI3bTatKku3-c9Dd8-KI1ejza_uv_fb04LhjrC50960vqJFzfmmbS2XN9N4zPISeRnNUzghYXr-fY
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJUdicetqf3CmCpk3pI3bTatKku3-c9Dd8-KI1ejza_uv_fb04LhjrC50960vqJFzfmmbS2XN9N4zPISeRnNUzghYXr-fY
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 02 May 2022 12:45:55 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 7A085D62844B41229B75B9B27C88DAA2 Ref B: VIEEDGE1114 Ref C: 2022-05-02T12:45:56Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJUdicetqf3CmCpk3pI3bTatKku3-c9Dd8-KI1ejza_uv_fb04LhjrC50960vqJFzfmmbS2XN9N4zPISeRnNUzghYXr-fY
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeBsX805k93j9OR124iA==
pixel
cm.g.doubleclick.net/ Frame 7EE2
Redirect Chain
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENLRVB_DkvLyfgZuxOnnXCQ&google_cver=1&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx...
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENLRVB_DkvLyfgZuxOnnXCQ&google_cver=1&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx...
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx02rzkwSZ2A7APjzu4t&google_hm=
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx02rzkwSZ2A7APjzu4t&google_hm=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 02 May 2022 12:45:56 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPLvfohmXpkEexyGOnXZgij6npluNulTM9SdHBIY6hpg2zHX7a-TUPHAGkjXhmWhtQiKQ9Mp24sWLx02rzkwSZ2A7APjzu4t&google_hm=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
pixel
cm.g.doubleclick.net/ Frame 7EE2
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEKIM1bBiO_YhcI_1bCnIWLc&google_cver=1&google_push=AYg5qPIXln5tZWWgK2Xl9MgYaxthOz-u5JzKQFSncNLtpdOdRCNGW9WohZTi-7hvQIxu5M1OfAOJoM8mhI-8FhW...
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=1aIjRSFXS3R-FgmWfxGLHVFfBSw&google_push=AYg5qPIXln5tZWWgK2Xl9MgYaxthOz-u5JzKQFSncNLtpdOdRCNGW9WohZTi-7hvQIxu5M1OfAOJoM8mhI-8Fh...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=1aIjRSFXS3R-FgmWfxGLHVFfBSw&google_push=AYg5qPIXln5tZWWgK2Xl9MgYaxthOz-u5JzKQFSncNLtpdOdRCNGW9WohZTi-7hvQIxu5M1OfAOJoM8mhI-8FhWIvyzx0L7SVOg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=1aIjRSFXS3R-FgmWfxGLHVFfBSw&google_push=AYg5qPIXln5tZWWgK2Xl9MgYaxthOz-u5JzKQFSncNLtpdOdRCNGW9WohZTi-7hvQIxu5M1OfAOJoM8mhI-8FhWIvyzx0L7SVOg
Date
Mon, 02 May 2022 12:45:56 GMT
Connection
keep-alive
Content-Length
241
Content-Type
text/html; charset=utf-8
exptsync
ads.yieldmo.com/ Frame 7EE2
0
35 B
Image
General
Full URL
https://ads.yieldmo.com/exptsync?google_gid=CAESEJ4b942bPFmBPQWRpdwkABM&google_cver=1&google_push=AYg5qPIFl46b5apc6AKKRmZVa7zd1_y6_NFrmUnwlIMch8FqpzMyHYwz_B8RwB5rvE2bxgXEvRQFrc5Z-Cor7hFhJd_RgzgFL6D1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.86.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-86-86.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 7EE2
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ISLpFQ48_0aPLomhPNbQxzymo1WAbipUxpWnKe3OutgWUyuheYcchauDUeMBTi6UNNJN1X
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745092&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554496&bpp=15&bdt=265&idt=171&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=748031376&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=801&biw=1600&bih=1200&isw=320&ish=50&ifk=1637598535&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=2173063773847037&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6dksgxeuyh17&fsb=1&xpc=AwqPWx0vrZ&p=https%3A//securityaffairs.co&dtd=195
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
ptrack
a.audrte.com/ Frame 55FF
368 B
878 B
XHR
General
Full URL
https://a.audrte.com/ptrack?arlocation=81.95.5.44&p=M1353665098&artime=2022-05-02T12:45:55.638Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lM0E4MDAwJTJGc2V0dWlkJTNGYmlkZGVyJTNEZXBsYW5uaW5nJTI2Z2RwciUzRCUyNmdkcHJfY29uc2VudCUzRCUyNmYlM0RiJTI2dWlkJTNEJTI0VUlE&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.109.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-109-120.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
f80b1190aac6184fef6d24944ce9d30c89cfa34f20b0b5cf8a11454cced84d12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:56 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
261
DcmEnabler_01_247.js
s0.2mdn.net/879366/ Frame E7F8
29 KB
10 KB
Script
General
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16224771542101161438/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16224771542101161438/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 12:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10136
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 02 May 2022 12:47:42 GMT
sd
us-u.openx.net/w/1.0/ Frame F1FC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOj6Vg6yAAGOmQFBIwfccpM&google_cver=1
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOj6Vg6yAAGOmQFBIwfccpM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY14ruyAEwAQ&v=APEucNWaCbSt8l7yY6gNGV4vKYwBPLwzRHsiamddEWTnRtBhK4QdyOTfWDn9LNGD3XmWDbXQiWTBnfjROO9y39HYpU3cJXhSS4rXKLA_BkMPW7cFe0rgO7pd2phXLAf1QwhtlSHjNNGOl7EAG2IMMQ6RvRH8o60jS38hktxWrWdw7QV5AtJoQvb3-YJh0rftusAz-hR-CJIwvdBy1XCeYkKEEiwwPkTudA
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOj6Vg6yAAGOmQFBIwfccpM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame F1FC
43 B
131 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY14ruyAEwAQ&v=APEucNWaCbSt8l7yY6gNGV4vKYwBPLwzRHsiamddEWTnRtBhK4QdyOTfWDn9LNGD3XmWDbXQiWTBnfjROO9y39HYpU3cJXhSS4rXKLA_BkMPW7cFe0rgO7pd2phXLAf1QwhtlSHjNNGOl7EAG2IMMQ6RvRH8o60jS38hktxWrWdw7QV5AtJoQvb3-YJh0rftusAz-hR-CJIwvdBy1XCeYkKEEiwwPkTudA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame F1FC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEJ8ierA7QwOqV4o4u1yQf0M&google_cver=1
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEJ8ierA7QwOqV4o4u1yQf0M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY14ruyAEwAQ&v=APEucNWaCbSt8l7yY6gNGV4vKYwBPLwzRHsiamddEWTnRtBhK4QdyOTfWDn9LNGD3XmWDbXQiWTBnfjROO9y39HYpU3cJXhSS4rXKLA_BkMPW7cFe0rgO7pd2phXLAf1QwhtlSHjNNGOl7EAG2IMMQ6RvRH8o60jS38hktxWrWdw7QV5AtJoQvb3-YJh0rftusAz-hR-CJIwvdBy1XCeYkKEEiwwPkTudA
Protocol
H2
Server
104.89.28.165 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-28-165.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
max-age=0, no-cache, no-store
expires
Mon, 02 May 2022 12:45:56 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEJ8ierA7QwOqV4o4u1yQf0M&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame F1FC
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY14ruyAEwAQ&v=APEucNWaCbSt8l7yY6gNGV4vKYwBPLwzRHsiamddEWTnRtBhK4QdyOTfWDn9LNGD3XmWDbXQiWTBnfjROO9y39HYpU3cJXhSS4rXKLA_BkMPW7cFe0rgO7pd2phXLAf1QwhtlSHjNNGOl7EAG2IMMQ6RvRH8o60jS38hktxWrWdw7QV5AtJoQvb3-YJh0rftusAz-hR-CJIwvdBy1XCeYkKEEiwwPkTudA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.28.165 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-28-165.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
max-age=0, no-cache, no-store
expires
Mon, 02 May 2022 12:45:56 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 4D3D
106 KB
37 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 13:26:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83951
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 02 May 2022 13:26:45 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/ Frame 4D3D
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AF-3gkTCnXOlUd3XtS6sW6sK0VUs-dR6H01iZVT91sOiwlxT3t-NGFN9n7JlgQJyY_KllmEFeNAqeU5c1-Bqrlv49sZfBViFeydDK0wa23yFr9x4seCUMuU4Y95C2yOxz4z9Es4L9NWgG3i_iNYGxrNh1iKw&dbm_d=AKAmf-DC0KzH001gk5A7rwRegxmZcu5xm7ERu_prxq5ssbvrzn3nxCgRZqlqJ0yiNhYd4ti1URnEmiMObEQeKLU68YSSKyrtE57I93XqJOtyNqRqXDtax6dhFR33gHy4g4b-5ZdlPMDByHW-rUxpyRZKGn2pa2LKNlvAUBOj05mX6bjqeupIBHZFsMpmGskF-TNYcLB9uUCuSRLqCr5bELF2PonznhpVzUhOd1nrDf1UCSEuHCBFgB2zmhOfG6MIUKjFYSTHvU8KlhI-CMYVAYWbUUCY_T9EgRCFoOVrMedHML4fmwAOp4qVWlbspqL1A4tt_FBIuOoInFxEbNbRC14Z2Q5euYpJMASdZjfdsTAY_f-w5QOCd1QkaTalazfF6WPpy3AcMQF8Xur_D84H5RumsrTSCD_HXiqMN22aG8o52-YkrO_tPClILPXyuTJ3VrxcVD0sbsQQCah7zeaPgxsQwIP3O_GE-r2fLqF-c4ChLxpBkdNKahynC2vNb31mTo_Zy9ImRjckGe3tJjX6pUDRzY3n_wH_cZb81nNoarpRzjAKt-XLC5SAoEQFExwu8WFyX9bcwKqpXlaOwrb-ySBgOP_pG-HnlLAf4C-DrOYFhjpIsNbbzwEUug4Lt7N3LM5J9vLk16LZ1eUFVDNSBBYs8AZibr_rUhIx31MtsVj7J2urY4YOmAaHSiXWCtJrLaYFTj5uBuu7_g1BRCSpjzMJtv1qBxBN7CtbUb2LjuGNnfL11A4ud9ju325ih29H-E9OTMBmpAOcRrkcdh4OeCfuU7xVyMK8ljm0Jjiydo6gV6uUQVEaKumpavSoiW57gsEbcWxpH_Ww23D9Br5tSRg3Vh-IrqJQhikxm7lfLwxCF0tGSTuKggc93DgsXY3WXzZbDBI-gPwadXp-ECQmhpgIkvzt56RNAVY9Hci4S9Q2DxM0FYlTl4ILP4mSny8KHm3XDMiTisdBcebo_QqTpRK6tkgZ2ktBm78rX-3LIZw1krlGeR_Wza9C2bt4srsdHFIRWMaGyL3Amo0IlxsayCcYex4_C7Qxu48G-q4B9PKkivmGDbmkKnvmYRNpExIsPbUnG7Fv9vwhtA7BaiweGrztt8a9nbJae-xS4z6UmYLLZY5CyhmP-s-CHZ1bbQ5DWmS4-sEY7182PTYH1ZJ6Z9EY7Szux6Sh7q2M5RvNfRrAjqZ02GzRcjn5VQtdiZDtClSX8gotnAU5CuwrtOtVfNSHADj8rJBpOXV8_wyebCzRT3rZj5s_1-kp9Zd2M_jTNqIxBDhhkS4nUMNiksEOpvUocTGYpacXioKBX4iGgp-cIC9l3I8AjdcejluUWpjq9Cf2C4idiXRycwdNbFzULDKf3Q8ePofxg3lWv68sYVs4w4JgrPPmtZkDUfw2H71MKvgcbO-CTU_fB3VYzemzN1wOGaboCnkdqOnAGnu_PSQCQ_MZ1hRM6ErO-X8Avvu8TcfYdyB4emvrqvbScjuy4mUvf3fdpHZq6zuEllQtF_6tIcuD02DtisYjDvyqkXdPuE-EwVHi4HPTDKFCzpRCcys83sTHvr4w4_b0rS-b_oY9hiUTX9SaRblWHSQGhhSHrjQWezseeuk6zQoB6w-gVRpi7HAypzxvFgsLDL7mz9QL8lJ5yH6j1gZUPUz_tWkCx558qaUQvrYJGSyZmkTn0l9G7En5qJkgnmH44I01n43CRRih_rhD6Cu_vC3Otl_Roc5uJSIiyD91AXjrdqDEJP8qGHHtV4a90cEtj0Q3iL38yo8i0hl9b6Ow0gkMQ-uAvIL51ulEumRQb_GbNflgXFyS2fwTxmVfc-MJ_khMGLI3_hjv-gzqD0ngR9C7BNhA7K65edjnzW8f14_y7O0foyhZQJ4cxExFsdBaXkLfgUXLb6yb44uopEtwbgUyjIGkUaEslQW-Uw_UcZxjBER4XGUFeRy-SDH_I31hx7Fjk8iWUSoP3TwCyh2IKJqibOHgmd8D4huJU4NMp1EsDjJ4Nn4dP18091TlPYTrLwu_TE7MhH8w2xgXswZxbRDAUyqOEOxBud2686hAGBZSCSlFgxBRixCDKO2bfYiIrBIDjQKsm-e9UGY4oAlDy85q4EumTtnkz4ial0r32nl3XWIb4mwP1wx7CrNgmNu6t5ZVZHHDpaNMlCUKaNbhq3jI3xbymH_s-tvv2uSdg03mtYTVwqwo7WyVA1ZWWUuaLBeyeDrJGth9EiBQqO-S7OnueTUrMLj-WfSCKLmzgsuOA44NRiy8_dI7HFLd78GVj0Tpv-R-6Xb0iWSEzj2LDNNqIefZJE3iUS2otwP5cxyg-Z7OrE8A8EBv40EuF3qawNnzFumwtCb17-qJOP7lXXYmQ7e4ti1717ZKO6g2PuK7w4xjC1rui-stA9nzn1oZl24PFTLW7Mlf0nFsSNRmMuTF9YgY4IikQ3ee07mrS9o2onyHbTFrH6z_9HFAYd7zRWZmnuMzKEVpn58gOQQXrsG0KdQ-FxSTBiyF9OS_9Sxn4JMHojoBUSq1g9Y32rpYE0b1mYdB0ud7pfKxbob9tr1ZZC-Hd5pqblXiYb03ijDqaUUQXAct-0Y91atWxlXclThM2NhsN6nN-RioIx4x9Rw0xIpPPFNQkTDG84yz-QwLGBtCmj2-PHhN6A-G1AB6O07f0Q6lUpOqFW9yl9f81a2-VGLxaOPe5XWDHjYvwI3PZkHmlab1yGTb-m7VxZLlDRTwONE5INJqctKBHbFZy_eLFOKIL_G5ROk5naJ5BnRpQc0oTh6tBPWDKi5JnOaarE5pfaZYgAZrYfA-hUvy8TNz5R0rBx4QVxhO-10UjTC6UvHcp2ep_HwkmBpx_UgVa9sdBUR3vitU4U-9Y5E4ZwRaSPlKF7yzxhv4IdyIWgpRYqYjJUIGC0ZGuuNwrp5wHC2cVAH--MtKfPE-splWEh5K8UjqtpfRw4tTcXXzCFN0zaNYJuqrhxWdfRlvVvcN_vUvTAE9NQrmKbRpV0dgFL6U1okbL-UK2c2WSy26Nk-69wKK43D6OPsasyXWfukL99SL7lZ9wK1IgWapFiitNxdeQsq5j1hX3yhfuIC0ja7sLw2zqICYwHaMDnU-Wg&cid=CAASEuRoScdbSH6oKJpM-22WcrM-JQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:29:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
961
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:29:55 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/ Frame 4D3D
25 KB
10 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AF-3gkTCnXOlUd3XtS6sW6sK0VUs-dR6H01iZVT91sOiwlxT3t-NGFN9n7JlgQJyY_KllmEFeNAqeU5c1-Bqrlv49sZfBViFeydDK0wa23yFr9x4seCUMuU4Y95C2yOxz4z9Es4L9NWgG3i_iNYGxrNh1iKw&dbm_d=AKAmf-DC0KzH001gk5A7rwRegxmZcu5xm7ERu_prxq5ssbvrzn3nxCgRZqlqJ0yiNhYd4ti1URnEmiMObEQeKLU68YSSKyrtE57I93XqJOtyNqRqXDtax6dhFR33gHy4g4b-5ZdlPMDByHW-rUxpyRZKGn2pa2LKNlvAUBOj05mX6bjqeupIBHZFsMpmGskF-TNYcLB9uUCuSRLqCr5bELF2PonznhpVzUhOd1nrDf1UCSEuHCBFgB2zmhOfG6MIUKjFYSTHvU8KlhI-CMYVAYWbUUCY_T9EgRCFoOVrMedHML4fmwAOp4qVWlbspqL1A4tt_FBIuOoInFxEbNbRC14Z2Q5euYpJMASdZjfdsTAY_f-w5QOCd1QkaTalazfF6WPpy3AcMQF8Xur_D84H5RumsrTSCD_HXiqMN22aG8o52-YkrO_tPClILPXyuTJ3VrxcVD0sbsQQCah7zeaPgxsQwIP3O_GE-r2fLqF-c4ChLxpBkdNKahynC2vNb31mTo_Zy9ImRjckGe3tJjX6pUDRzY3n_wH_cZb81nNoarpRzjAKt-XLC5SAoEQFExwu8WFyX9bcwKqpXlaOwrb-ySBgOP_pG-HnlLAf4C-DrOYFhjpIsNbbzwEUug4Lt7N3LM5J9vLk16LZ1eUFVDNSBBYs8AZibr_rUhIx31MtsVj7J2urY4YOmAaHSiXWCtJrLaYFTj5uBuu7_g1BRCSpjzMJtv1qBxBN7CtbUb2LjuGNnfL11A4ud9ju325ih29H-E9OTMBmpAOcRrkcdh4OeCfuU7xVyMK8ljm0Jjiydo6gV6uUQVEaKumpavSoiW57gsEbcWxpH_Ww23D9Br5tSRg3Vh-IrqJQhikxm7lfLwxCF0tGSTuKggc93DgsXY3WXzZbDBI-gPwadXp-ECQmhpgIkvzt56RNAVY9Hci4S9Q2DxM0FYlTl4ILP4mSny8KHm3XDMiTisdBcebo_QqTpRK6tkgZ2ktBm78rX-3LIZw1krlGeR_Wza9C2bt4srsdHFIRWMaGyL3Amo0IlxsayCcYex4_C7Qxu48G-q4B9PKkivmGDbmkKnvmYRNpExIsPbUnG7Fv9vwhtA7BaiweGrztt8a9nbJae-xS4z6UmYLLZY5CyhmP-s-CHZ1bbQ5DWmS4-sEY7182PTYH1ZJ6Z9EY7Szux6Sh7q2M5RvNfRrAjqZ02GzRcjn5VQtdiZDtClSX8gotnAU5CuwrtOtVfNSHADj8rJBpOXV8_wyebCzRT3rZj5s_1-kp9Zd2M_jTNqIxBDhhkS4nUMNiksEOpvUocTGYpacXioKBX4iGgp-cIC9l3I8AjdcejluUWpjq9Cf2C4idiXRycwdNbFzULDKf3Q8ePofxg3lWv68sYVs4w4JgrPPmtZkDUfw2H71MKvgcbO-CTU_fB3VYzemzN1wOGaboCnkdqOnAGnu_PSQCQ_MZ1hRM6ErO-X8Avvu8TcfYdyB4emvrqvbScjuy4mUvf3fdpHZq6zuEllQtF_6tIcuD02DtisYjDvyqkXdPuE-EwVHi4HPTDKFCzpRCcys83sTHvr4w4_b0rS-b_oY9hiUTX9SaRblWHSQGhhSHrjQWezseeuk6zQoB6w-gVRpi7HAypzxvFgsLDL7mz9QL8lJ5yH6j1gZUPUz_tWkCx558qaUQvrYJGSyZmkTn0l9G7En5qJkgnmH44I01n43CRRih_rhD6Cu_vC3Otl_Roc5uJSIiyD91AXjrdqDEJP8qGHHtV4a90cEtj0Q3iL38yo8i0hl9b6Ow0gkMQ-uAvIL51ulEumRQb_GbNflgXFyS2fwTxmVfc-MJ_khMGLI3_hjv-gzqD0ngR9C7BNhA7K65edjnzW8f14_y7O0foyhZQJ4cxExFsdBaXkLfgUXLb6yb44uopEtwbgUyjIGkUaEslQW-Uw_UcZxjBER4XGUFeRy-SDH_I31hx7Fjk8iWUSoP3TwCyh2IKJqibOHgmd8D4huJU4NMp1EsDjJ4Nn4dP18091TlPYTrLwu_TE7MhH8w2xgXswZxbRDAUyqOEOxBud2686hAGBZSCSlFgxBRixCDKO2bfYiIrBIDjQKsm-e9UGY4oAlDy85q4EumTtnkz4ial0r32nl3XWIb4mwP1wx7CrNgmNu6t5ZVZHHDpaNMlCUKaNbhq3jI3xbymH_s-tvv2uSdg03mtYTVwqwo7WyVA1ZWWUuaLBeyeDrJGth9EiBQqO-S7OnueTUrMLj-WfSCKLmzgsuOA44NRiy8_dI7HFLd78GVj0Tpv-R-6Xb0iWSEzj2LDNNqIefZJE3iUS2otwP5cxyg-Z7OrE8A8EBv40EuF3qawNnzFumwtCb17-qJOP7lXXYmQ7e4ti1717ZKO6g2PuK7w4xjC1rui-stA9nzn1oZl24PFTLW7Mlf0nFsSNRmMuTF9YgY4IikQ3ee07mrS9o2onyHbTFrH6z_9HFAYd7zRWZmnuMzKEVpn58gOQQXrsG0KdQ-FxSTBiyF9OS_9Sxn4JMHojoBUSq1g9Y32rpYE0b1mYdB0ud7pfKxbob9tr1ZZC-Hd5pqblXiYb03ijDqaUUQXAct-0Y91atWxlXclThM2NhsN6nN-RioIx4x9Rw0xIpPPFNQkTDG84yz-QwLGBtCmj2-PHhN6A-G1AB6O07f0Q6lUpOqFW9yl9f81a2-VGLxaOPe5XWDHjYvwI3PZkHmlab1yGTb-m7VxZLlDRTwONE5INJqctKBHbFZy_eLFOKIL_G5ROk5naJ5BnRpQc0oTh6tBPWDKi5JnOaarE5pfaZYgAZrYfA-hUvy8TNz5R0rBx4QVxhO-10UjTC6UvHcp2ep_HwkmBpx_UgVa9sdBUR3vitU4U-9Y5E4ZwRaSPlKF7yzxhv4IdyIWgpRYqYjJUIGC0ZGuuNwrp5wHC2cVAH--MtKfPE-splWEh5K8UjqtpfRw4tTcXXzCFN0zaNYJuqrhxWdfRlvVvcN_vUvTAE9NQrmKbRpV0dgFL6U1okbL-UK2c2WSy26Nk-69wKK43D6OPsasyXWfukL99SL7lZ9wK1IgWapFiitNxdeQsq5j1hX3yhfuIC0ja7sLw2zqICYwHaMDnU-Wg&cid=CAASEuRoScdbSH6oKJpM-22WcrM-JQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:42:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
190
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:42:46 GMT
partner
sync.search.spotxchange.com/ Frame 1B62
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENrnYYW3QiB4ccWzxJA91Vo&google_cver=1
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENrnYYW3QiB4ccWzxJA91Vo&google_cver=1&__user_check__=1&sync_id=cf705aa9-ca15-11ec-bc03-10ffbde80206
43 B
548 B
Image
General
Full URL
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESENrnYYW3QiB4ccWzxJA91Vo&google_cver=1&__user_check__=1&sync_id=cf705aa9-ca15-11ec-bc03-10ffbde80206
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY3ZGNyQEwAQ&v=APEucNXNXecZTPhqKaJm4XEstBBM93dmI2lOVCAwX0-p-QQVhj3bY20WycHRIkOWP5TTPCr11Yuhtj9r7Fbq5DPOOH9-PF0kD6WGsyb09q1qZjKaytQnWDaQ9bw7i0cGS8tWymvUJb-iyvOL3fuXkrN5ALlfSkb42M3yHMrWEzSGJY638XobOMwqCttZ9A0rpbjUXrWMSBzZeuT7GimXTG6vVUh8SQ17sw
Protocol
HTTP/1.1
Server
185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:56 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
43
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Mon, 02 May 2022 12:45:56 GMT
Server
nginx
Location
/partner?adv_id=7025&uid=CAESENrnYYW3QiB4ccWzxJA91Vo&google_cver=1&__user_check__=1&sync_id=cf705aa9-ca15-11ec-bc03-10ffbde80206
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
12
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 1B62
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Y3MDVhNjgtY2ExNS0xMWVjLWJjMDMtMTBmZmJkZTgwMjA2
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Y3MDVhNjgtY2ExNS0xMWVjLWJjMDMtMTBmZmJkZTgwMjA2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY3ZGNyQEwAQ&v=APEucNXNXecZTPhqKaJm4XEstBBM93dmI2lOVCAwX0-p-QQVhj3bY20WycHRIkOWP5TTPCr11Yuhtj9r7Fbq5DPOOH9-PF0kD6WGsyb09q1qZjKaytQnWDaQ9bw7i0cGS8tWymvUJb-iyvOL3fuXkrN5ALlfSkb42M3yHMrWEzSGJY638XobOMwqCttZ9A0rpbjUXrWMSBzZeuT7GimXTG6vVUh8SQ17sw
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 02 May 2022 12:45:56 GMT
Server
nginx
Location
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Y3MDVhNjgtY2ExNS0xMWVjLWJjMDMtMTBmZmJkZTgwMjA2
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
89
Connection
keep-alive
Content-Length
0
sync
ups.analytics.yahoo.com/ups/55946/ Frame 1B62
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1&verify=true
  • https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1&apid=UPcf6db481-ca15-11ec-bf51-062731e89e6e
0
17 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1&apid=UPcf6db481-ca15-11ec-bf51-062731e89e6e
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY3ZGNyQEwAQ&v=APEucNXNXecZTPhqKaJm4XEstBBM93dmI2lOVCAwX0-p-QQVhj3bY20WycHRIkOWP5TTPCr11Yuhtj9r7Fbq5DPOOH9-PF0kD6WGsyb09q1qZjKaytQnWDaQ9bw7i0cGS8tWymvUJb-iyvOL3fuXkrN5ALlfSkb42M3yHMrWEzSGJY638XobOMwqCttZ9A0rpbjUXrWMSBzZeuT7GimXTG6vVUh8SQ17sw
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELYwTpTyL8W9nWMR4_-cTn0&_origin=1&google_cver=1&apid=UPcf6db481-ca15-11ec-bf51-062731e89e6e
date
Mon, 02 May 2022 12:45:56 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame 1B62
Redirect Chain
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
  • https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPcf6db481-ca15-11ec-bf51-062731e89e6e
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBjZjZkYjQ4MS1jYTE1LTExZWMtYmY1MS0wNjI3MzFlODllNmU%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBjZjZkYjQ4MS1jYTE1LTExZWMtYmY1MS0wNjI3MzFlODllNmU%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK6tiwIQ-I3coQIY3ZGNyQEwAQ&v=APEucNXNXecZTPhqKaJm4XEstBBM93dmI2lOVCAwX0-p-QQVhj3bY20WycHRIkOWP5TTPCr11Yuhtj9r7Fbq5DPOOH9-PF0kD6WGsyb09q1qZjKaytQnWDaQ9bw7i0cGS8tWymvUJb-iyvOL3fuXkrN5ALlfSkb42M3yHMrWEzSGJY638XobOMwqCttZ9A0rpbjUXrWMSBzZeuT7GimXTG6vVUh8SQ17sw
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBjZjZkYjQ4MS1jYTE1LTExZWMtYmY1MS0wNjI3MzFlODllNmU%3D
date
Mon, 02 May 2022 12:45:56 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 7281
106 KB
37 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 13:26:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83951
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 02 May 2022 13:26:45 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/ Frame 7281
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BJd5_T1c4q9SWOkKtAZqu7_g7qLSR_y18lICm5Lj0hkExyQX-2HpRwH4-uPLpOAcU2qgrpeYsryRqZ_4YT2GL7IkjF_1T4jJf1z095Fn3T9W-uaL6ti7wyihoX_Bw4YFFGCgZ1aljhafY-fp2hY7mvRZCPsg&dbm_d=AKAmf-DohR9cyRHJPm75Tr2MivONGfkQDE5aYDJVbDKwuzmZ6wzsEmg3LJW6wbPHe7csVLEJUluBpXSEIMgC8zx_7jChnDLDHXBasrLBVu4BiMZR9SeI7Cnbl2SyfOBFQz9fKAhXiT1OWqg7BdqKt4UFepw5aobDTbQFUj5RmsBMlH0I58hzvOlLZWsxOOb-URqQCXWvE62SG0OAjnijNqYKId9QpsZNmBqZbD9bwzyRgev3YoIh8zafsdwF4mA-Fo_aKCIZcDT-964rpEO0AyZYgwDjfKkGr0HRBAVxutasyCTlHR-qXQwTGpiBtTPl8qrOE7l1PFcXNf2YMq4pZSF3atHrmIMyMkz72C2o-UgrAPYJG93jqF_LuafWRNTSLou3MLqld_R6pd-_I0RuKZifnVowIwFeflIk9_bWdZ5U6wPxLi4joUS-WOOD_Lp850Y_daHsij4ChiVSy_uRG7vJbmUI8Zaz9_DRhQMgy1bIgHANTunSUp4bsdY9eMPQAbx0a8QedSr8aM5Lok-Ydk23OaQnR9rPCNrexs4bz4SEaZSmZdYimOCUTBMlqUIuXq4abTi3WkoW4KrTQ5nBeLuPxPAyscn_4ojuUdJwjjaIeexz_CKa3Mig3eAPG5M__wLszMqzgGZ902Wr0VKBLSmCyOXrgVg_r4vYQftsPm0DOrL7n0gIeQ6m6FNlGHVhtQqH8s-uaxILbmG9dq8W5LghFns_5FFhh3Bn93P-VGiT-kfl9XkJqAW_wmwUUxT0_424MEuopS2vzOwmcxW1LvcDJ49NBzlgSeyW9NOafiJWbFw1qNs_gs1Y07e3HYzRJi9KEf92vUPTagBYIKsBKzoBbbUH1OrAyPihaqQAYULNDe5hwlh0FdxvO5rS3lSqol_XiLdEwAf3jCb_92YVmMuEW7xbd_PdEHTQz8DhdHjbcUJgOt-eh5-lVMblUTPP3OFVhdBhDyRr7O2Vfvy3K3UreHK0ik73uCMLAN6Nh6omVZt_ineCxM5bMGQZ-KeoDDIZVC693WjlZwQiqvCMivXdjJ79_h6WMnbq5kueB68-eX5UgLW81fzxxOhIS9-TNdd1hyymfxGG23Dr_YpdsrclLb5mh5-DJmRnAa1x-JC80SsuDTI3zcBk1rSO1k207di0gNrgWbdro0ePxBiqnefx8JUUhXELZuoH-uGlf72fq5IpDSd3ewOJC7VwwnvGoxi8bDsZKXQa_Xor80QKseXeOpqjHgOTrVlnL65Wnpp54vrFRzVBJShhwRVYGIN4YgSQFjhTHJbG5dMGJRayM7ns3TWq6xknrWk4rrhrabyLO1_6Gt2Uub7T80fZkmT-aWf5z8hAWaO109gs9RmCuY8bjFr1lI0yd-WfCe0mqOR0KZOlsK6whR4NQ9MYT21_-beCUOcVKxupUsvLAocRBxRkKGAJvJ0ODz_KnoujsDPuGg8Bdfb8X5rhPvLKIva4XO_bIJFzj1SHOotTRH4ykAEI_9xm_PUKGneT8JT0vMWwCFcaP2ET7_9mmIp4U8-4cV3h6pnS4kBvMRk7toF6oS6_JN-PLfSzPmxvf3PFGRHQQzblhahFF-lFLdnc-D250Tfs5_QTqy1kQC2oGpS6sCUkCEP9GSfxtwjOkObuWVSkpaZG-jWtdyEiRK5OfO7zcGeacjsb6UvV6ik6iuxmki8xgg2GoDCfNZ3_rXwnhUUFs-tDskgWrmo2FjAhwIxEwFpJIKf2hDj0AZytMJrHtt9hwQJIIHf8kx5xqFGMJYFhMd9uAk-ah7V3fsIko2PYfqomHNzWd9zUkKBkXIWsiRvrXbUPRjGJ6xcXtrw7NXkEilrsmxKChflb19fDkZSRRKXnqKSPjn1TudJ23uZfu0jjW7Oapdn3EvTPAKmNbcf64HPJYZll5qUIAT6ZwM49r-IWF7pnbByySv9TnL99JaGUSgFox_8ZliqSuLTpoTLYiz7fNILoKNAwySVNiqd2OLxbG64CHh7TiZHpuJSfIGk0ip6uPJLlIXNbNk0pk87JpxEDB4_kFQk163Imjppa3JFtS8CO0AH5jXJNUhpwxqp7kA8XzczfUWqBU88-K1zsQ1qhBvFD0RZJ4x6smFyZaWxETYkK8jMW_NtPNyW-1SXlPZHlP20Na24TkG5FK2yGz8Xou6K4DUaFzhP0jzGngejgDh3JADC9a4qJ-Uva59_FCGAXtZzMIGJXvqe87__IJzN84OdIxj_1pkoQXmht3xJIDvZ6RyA9kqHn389PaoEXSWKoEyBoaNA03_LkyUTW3C0a4WWuGf2fmfYTxP-jYp-Y9YuAMhbP-4sQmrvm3K3fqICxjMOYHnISeLbGw91OdEsLO1t8BHFmX469jCzxKjoZuaDD7lLAgSryJI2OkkniPEOD7V2-_AX4zDaVOF_G-IxaRCkCJz8uunEXA0p5p3wgjbJttOogVgJY_eLEposKH2llArMKrUAotu5tJX7gqzv5FkNR8z9LOqNhvZodMAac6rs46TMdaL16WGRea7MSk_u7TwXqAZxh472tS2nOuQD63_vn-Kp4yLxVvTGRCNFPk155wHQu8jvfppaggyFjjZWE5ciOs37L0hqh_SFSMP_nSWcHxwp8XWzor8Yej-SrOPhAmSrbYoJW4VdXs_TJx-NO5luy1urFscdaiGS92WQf5VXMPGpSsIKAcpfnfbHo4STNCmp0a153f9qdTC4R62SNCCEQPuSFaVaHAlc__OZ2GXc8DmlCSkuq48nMqx-2ZdTl09qLUaIDsG_YNqjkatuZ-9p6ARqLvrSlpcE8EOaOp30vqwDhpH1kOK0NqtII3dEqbb_SylZIDTCCy9uJgj0pl4Mb1wxgPHYhWUhTBPlb3KYGeD_EHdMlN3y_M0NetXAkluUxLsyvlAwo5giJ6Nrfppv2bgywMAv0YHsIIRYyf8iOR9licKMeny8XHzAcRsb-HebtYjxa2ywjcOoRqS442Q78GFrVsMGqLZzK_1zIVENQG6a1c-x5ha1FsNjmsNc71gmwVpNLXsPNKcISJL6VtWtEcEOWBCqNDejnXYy6r-Tvd-JcwMEZvNea6P-3yopncQxw&cid=CAASEuRoZDAIj1Dzzbtt5sM-EPTe8Q&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:29:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
961
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:29:55 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/ Frame 7281
25 KB
10 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BJd5_T1c4q9SWOkKtAZqu7_g7qLSR_y18lICm5Lj0hkExyQX-2HpRwH4-uPLpOAcU2qgrpeYsryRqZ_4YT2GL7IkjF_1T4jJf1z095Fn3T9W-uaL6ti7wyihoX_Bw4YFFGCgZ1aljhafY-fp2hY7mvRZCPsg&dbm_d=AKAmf-DohR9cyRHJPm75Tr2MivONGfkQDE5aYDJVbDKwuzmZ6wzsEmg3LJW6wbPHe7csVLEJUluBpXSEIMgC8zx_7jChnDLDHXBasrLBVu4BiMZR9SeI7Cnbl2SyfOBFQz9fKAhXiT1OWqg7BdqKt4UFepw5aobDTbQFUj5RmsBMlH0I58hzvOlLZWsxOOb-URqQCXWvE62SG0OAjnijNqYKId9QpsZNmBqZbD9bwzyRgev3YoIh8zafsdwF4mA-Fo_aKCIZcDT-964rpEO0AyZYgwDjfKkGr0HRBAVxutasyCTlHR-qXQwTGpiBtTPl8qrOE7l1PFcXNf2YMq4pZSF3atHrmIMyMkz72C2o-UgrAPYJG93jqF_LuafWRNTSLou3MLqld_R6pd-_I0RuKZifnVowIwFeflIk9_bWdZ5U6wPxLi4joUS-WOOD_Lp850Y_daHsij4ChiVSy_uRG7vJbmUI8Zaz9_DRhQMgy1bIgHANTunSUp4bsdY9eMPQAbx0a8QedSr8aM5Lok-Ydk23OaQnR9rPCNrexs4bz4SEaZSmZdYimOCUTBMlqUIuXq4abTi3WkoW4KrTQ5nBeLuPxPAyscn_4ojuUdJwjjaIeexz_CKa3Mig3eAPG5M__wLszMqzgGZ902Wr0VKBLSmCyOXrgVg_r4vYQftsPm0DOrL7n0gIeQ6m6FNlGHVhtQqH8s-uaxILbmG9dq8W5LghFns_5FFhh3Bn93P-VGiT-kfl9XkJqAW_wmwUUxT0_424MEuopS2vzOwmcxW1LvcDJ49NBzlgSeyW9NOafiJWbFw1qNs_gs1Y07e3HYzRJi9KEf92vUPTagBYIKsBKzoBbbUH1OrAyPihaqQAYULNDe5hwlh0FdxvO5rS3lSqol_XiLdEwAf3jCb_92YVmMuEW7xbd_PdEHTQz8DhdHjbcUJgOt-eh5-lVMblUTPP3OFVhdBhDyRr7O2Vfvy3K3UreHK0ik73uCMLAN6Nh6omVZt_ineCxM5bMGQZ-KeoDDIZVC693WjlZwQiqvCMivXdjJ79_h6WMnbq5kueB68-eX5UgLW81fzxxOhIS9-TNdd1hyymfxGG23Dr_YpdsrclLb5mh5-DJmRnAa1x-JC80SsuDTI3zcBk1rSO1k207di0gNrgWbdro0ePxBiqnefx8JUUhXELZuoH-uGlf72fq5IpDSd3ewOJC7VwwnvGoxi8bDsZKXQa_Xor80QKseXeOpqjHgOTrVlnL65Wnpp54vrFRzVBJShhwRVYGIN4YgSQFjhTHJbG5dMGJRayM7ns3TWq6xknrWk4rrhrabyLO1_6Gt2Uub7T80fZkmT-aWf5z8hAWaO109gs9RmCuY8bjFr1lI0yd-WfCe0mqOR0KZOlsK6whR4NQ9MYT21_-beCUOcVKxupUsvLAocRBxRkKGAJvJ0ODz_KnoujsDPuGg8Bdfb8X5rhPvLKIva4XO_bIJFzj1SHOotTRH4ykAEI_9xm_PUKGneT8JT0vMWwCFcaP2ET7_9mmIp4U8-4cV3h6pnS4kBvMRk7toF6oS6_JN-PLfSzPmxvf3PFGRHQQzblhahFF-lFLdnc-D250Tfs5_QTqy1kQC2oGpS6sCUkCEP9GSfxtwjOkObuWVSkpaZG-jWtdyEiRK5OfO7zcGeacjsb6UvV6ik6iuxmki8xgg2GoDCfNZ3_rXwnhUUFs-tDskgWrmo2FjAhwIxEwFpJIKf2hDj0AZytMJrHtt9hwQJIIHf8kx5xqFGMJYFhMd9uAk-ah7V3fsIko2PYfqomHNzWd9zUkKBkXIWsiRvrXbUPRjGJ6xcXtrw7NXkEilrsmxKChflb19fDkZSRRKXnqKSPjn1TudJ23uZfu0jjW7Oapdn3EvTPAKmNbcf64HPJYZll5qUIAT6ZwM49r-IWF7pnbByySv9TnL99JaGUSgFox_8ZliqSuLTpoTLYiz7fNILoKNAwySVNiqd2OLxbG64CHh7TiZHpuJSfIGk0ip6uPJLlIXNbNk0pk87JpxEDB4_kFQk163Imjppa3JFtS8CO0AH5jXJNUhpwxqp7kA8XzczfUWqBU88-K1zsQ1qhBvFD0RZJ4x6smFyZaWxETYkK8jMW_NtPNyW-1SXlPZHlP20Na24TkG5FK2yGz8Xou6K4DUaFzhP0jzGngejgDh3JADC9a4qJ-Uva59_FCGAXtZzMIGJXvqe87__IJzN84OdIxj_1pkoQXmht3xJIDvZ6RyA9kqHn389PaoEXSWKoEyBoaNA03_LkyUTW3C0a4WWuGf2fmfYTxP-jYp-Y9YuAMhbP-4sQmrvm3K3fqICxjMOYHnISeLbGw91OdEsLO1t8BHFmX469jCzxKjoZuaDD7lLAgSryJI2OkkniPEOD7V2-_AX4zDaVOF_G-IxaRCkCJz8uunEXA0p5p3wgjbJttOogVgJY_eLEposKH2llArMKrUAotu5tJX7gqzv5FkNR8z9LOqNhvZodMAac6rs46TMdaL16WGRea7MSk_u7TwXqAZxh472tS2nOuQD63_vn-Kp4yLxVvTGRCNFPk155wHQu8jvfppaggyFjjZWE5ciOs37L0hqh_SFSMP_nSWcHxwp8XWzor8Yej-SrOPhAmSrbYoJW4VdXs_TJx-NO5luy1urFscdaiGS92WQf5VXMPGpSsIKAcpfnfbHo4STNCmp0a153f9qdTC4R62SNCCEQPuSFaVaHAlc__OZ2GXc8DmlCSkuq48nMqx-2ZdTl09qLUaIDsG_YNqjkatuZ-9p6ARqLvrSlpcE8EOaOp30vqwDhpH1kOK0NqtII3dEqbb_SylZIDTCCy9uJgj0pl4Mb1wxgPHYhWUhTBPlb3KYGeD_EHdMlN3y_M0NetXAkluUxLsyvlAwo5giJ6Nrfppv2bgywMAv0YHsIIRYyf8iOR9licKMeny8XHzAcRsb-HebtYjxa2ywjcOoRqS442Q78GFrVsMGqLZzK_1zIVENQG6a1c-x5ha1FsNjmsNc71gmwVpNLXsPNKcISJL6VtWtEcEOWBCqNDejnXYy6r-Tvd-JcwMEZvNea6P-3yopncQxw&cid=CAASEuRoZDAIj1Dzzbtt5sM-EPTe8Q&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:42:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
190
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 May 2022 12:42:46 GMT
e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
pagead2.googlesyndication.com/bg/ Frame 872A
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 11:40:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
3947
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13654
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 12:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 May 2023 11:40:09 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 708F
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssCcG2bnU6r3d5swYgY1aAfU_UNB9nHfm9xXbJgUDnf6UR7EdKBO8kb2lQ6vnVCMRtlV5QB9lztSK46FONxnD8Vc-kGG6oRdrcKhQgenZatBvXeqwn0h10PjujFYPuritQfkFk4HZaO5LoeKU8VkmsEPlgxGPEdoYUocyqnRKPoJK6311qy5_ZYm7JAOBp445bRCcBmX35f48caEBID-WvEbszSAu12bp5-0pwTX5_1AsOUD79pFwpKtNCa_bMtHssfm7Cy6qIEckwWF-DuX9OOETjn40gh9Bbr1n2ZAIkbgw-ff84MVbNWEH6MNsze_a9_F07TBdyIjdwhCCRqtAj6GkXWQHp-FVaxiRppsqlabeY4ZeNhckSAHA0-w_TQBL-QVezKJyJDjw7noRX8b_WSgbU5M9r5zMklai1QK1GK2UDMgcVI3cORDhq4XUJwt230gd1eJqnwo0lqq86eekrlgFOs1J0iu6dSkCK9qgtjxjgTUPZ1O_9la71TMFWELOz5Ut29IkOQ1Bl24uDUB6blWfS9eSWsJyZD61NTHVmZBJJOrqOeG0cXgEoLTlE7dffhHHbqMIzP-gq0lknqLfzmDKawHNY_OUyNKwktXhh1LkLdfP7GYHkkwVlKps2YuQAVHiuURTBsN5tATIVkZveXXO2-N1anbC3-R8gXsD3pXC_9DDtc0ed0oRftknuC8b9MC_YsnGHDGZ127zgnvUoJhbLAnxLPSnX0QmMOTyIilq6lzY15NcIpphAGg_jlIq-DM190dRWQKTX6U_qC1GG3j7SKgE1Ht9vkS1sDO8RlShOdL0mvNRIUr9PchTq9WoeqKuED3zrqQXjUtl6DaHw8J8XkdB88p5mPNLHKK9rtGUzYj4awieL57LMv3tUv4d18Wr4cGSQpowZcI48m7-xsHWWexmWuvv6UbdclB8aBu4WC0-uwHWaXGqbWmTzcR9qEHKLWhVOlVe971vnGFkcv3oVRtg9Q4jyY-J6hBp7Ke16J1sdvgniir463J1J97smqPGvAUcTtvWIUw7LdpHb6PIguLbD_whRi7zf2_EdWenLdf9PvDrJMGaD_g1z8ZIFCPsKsOCdnRJdlDzOAnb9-FG6obVmLCrDTkF6qLnf8NYTqsc8FuEc5IVISW3gRJQUzuUL-F7RXQy1jR1UbWUEHiJG8PA4z4Q&sai=AMfl-YTH7Xz_TaLnqEkbZfX2lu4fdRYWJ1U6tbF2d9O5ZlQtaDlFlwOjBwpyGk4WueCYz9awJwdzmztWPQj1-wGl25WC1YGLaK2KNo6tLXFQBQMnWcH8IkUwIzdbv1iI9og3_u430ucGMzhI4hSxu0MZfkZfj_oemA&sig=Cg0ArKJSzK7L19ssh8xQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=535&vt=11&dtpt=216&dett=3&cstd=316&cisv=r20220427.20258&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.36.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame 0DB7
14 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220427&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d07dbc681ac2342a57f5deb8149cfc1aa0dc75de6b0580c85b003d636ecef0d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10662
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/12758814222256036355/ Frame 66C2
66 KB
18 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8b9dd395c2031b8770af3f6ab4701c57142a82b9f57f4d9e5b56a99d8c935826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
350662
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
18147
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 11:21:34 GMT
expires
Fri, 28 Apr 2023 11:21:34 GMT
last-modified
Mon, 25 Apr 2022 08:42:43 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 4D3D
0
27 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu9l1H54oZo0x_GFA9hWbv4zBmALIQOc99KLBD_ov0Rn-5xko6elYoG0-wzs7AwbsQfJ9GOg_wPAt9bb45ToRAw5kNmHUH0PLtuaf-3T1nbaGU3WSxqrlGJM6HpItHMXQVzqYf_q9d0JMPY1Yo8-lHs5xw5Bsqyjr2izR-fthTA1MQb1t5ghqmZkuFtTwQHPGfYsgrzTvdxtbqgipMuh2X51_3ZexZ0h5eYyCU4YPUx5Iba6u4xWlj3C_71O750sogsQQCItZSGxsbopzjSiUMa0NRujcO0604p75dt69EEWVO4SV6QFEw8ZrLxPi1jPygr2cnY506mlvt5hXpoQTdXseDh1FLomy6fGpGhNaMhcN3wdYTMbgJTDBIGu2AqpbNDEmqa2Ch_wa_Jq080lVLaDr6v0N9XAYGUlaFtH2pYPqBpIUSIAnoe8yWeGsnYHA4lrkxnt1_TG3szodIy5BmODSonRZMFnP8_bYJKrXvgPSYFDjs3GrhNmh90nmoG5eYdlKXUg0LqMfP_lhD6x1dIa3tWp3an5R7V96AMJ6phlSQ0HneOdmTxNJobFjxwx9lRu7piw5FqkFHSOUoE-N6kc-1-t2UiLhndeNw_ZOA--2Mnss5agyp9Mjro7yIuZpfZqt3nTeJ6g7oM-SaI1EmUOccfqp9lXMM8lZv1U2_jjnxwI82o4EhedlunL5mxOtASBA32B22xrEC5Su6uzrKLvwvYIf-VSZTiYr3K4E4r_VAGe2L94vm3svc8Zx2_buf-YFjsA8bxsyUW--h06tLPgWwaGbTuV5iVQOSk0gQZR6kYAOMdzy_1vddRa3UY1VLXPsqQbStOVeBWOuAFo1KztuYR7tCOX7hQTq1u-6nc6JzoeX_kIe5wdUvdp6YiuhqtAG-LIkMKFk7i3Oo3BhpObmwFbfmx6YOzpkLpV27SkqvZtEzZP5-wdiosEXIBh1fwE5l3ojY1yjQLKx57FTsxWTRaT19W-35rOPrPagmoRPAUbsSzJKy2177LiKjcE6JWx4Olo0iEONAtJzkGYxamPKb66CxK2Hg0_LbQczzvIdKf8JDItQVBpHYTzhMcEoj9Xa2bXxNh10Ej1ZHlW0FefBO5-6IEPEXXVQmyYh7S5048nuMO7BEK9g33z5vMZZT0LE-4UDaZ6fpajNA-V2IBIt7lNCAC47cgxyzmKg&sai=AMfl-YR3yVeWJM22gjodt8F2mv3ZNmDYFZM7jNKPCd0SugyMD9QmgO52evFhy8HMR96kGjovVBCcjl8YxZQRiSuahn8W-M8B4Jb7r4ScQKArJmKQmKjLDsYSbCgQDYKzg4vbFMs8DAHRQqfv07fOkN9N6GGHq6HQkw&sig=Cg0ArKJSzPxDm61IxliCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=64&cbvp=1&cstd=62&cisv=r20220427.49075&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.36.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Mon, 02 May 2022 12:45:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 4D3D
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 12:32:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87224
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 01 May 2023 12:32:12 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame BE85
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
83984
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 01 May 2022 13:26:12 GMT
etag
48472445140208031
expires
Mon, 02 May 2022 13:26:12 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 7281
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 12:32:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
87224
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 01 May 2023 12:32:12 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 8BD2
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
83984
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 01 May 2022 13:26:12 GMT
etag
48472445140208031
expires
Mon, 02 May 2022 13:26:12 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/13356131428248065318/ Frame 90BE
66 KB
18 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c6a67af4ddd7f2f75176e7d567004fc726ab42e0f8393a970184e97c36dc066
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
346442
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
18159
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 12:31:54 GMT
expires
Fri, 28 Apr 2023 12:31:54 GMT
last-modified
Thu, 28 Apr 2022 04:00:13 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 7281
0
27 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2-EfxqpXoOcMCIqgCh1KayEsCcxyJ2rT-krhngt_Xl6FUPFTv9Jj9N0-Ss11_PEErJXvrdmVaopfH7yzV18ZldbdbCfPU4hvfTpWBB7nmRHlbtBbbPwL6Sn98NAr8B0oGov_DhAgdvHkIDF7L802DbunzspJFsVwzEePt4AK7OGxVYWS0G-2YGyJYOQu5XbP8gxjbLpewTaP7pQ78sRbjR99L2d2PjNix23z8FIz0omup2RvQCfA20JO9Cf_3qYmd39KuiOjZHZ1KX70AxVJLc6PZ_D90kDE4aTz6BDttVErngpfRwZZV-u5o2CKbhETkZLWEBew7HHp25uwGSlJlVEfAvxWIt_9peEM6ZA6X8enPRMEHzEu4KXUV6JGQZOFr9L88JRznwEtzmuDUVw1ae5dTZ94MSxGyysCEldAsrXwu4vmsrzMBmYcJfJ4LCnMZbSISzBy8Ko7EeLr1buBBz4gyysOxQ0x4N1GcgyH6SlVm_jQGKhiL7gcTXkI4GvTWYSi71UDF0K6pqtO7KYWvsZFmn63-E8EbEtfmXYudAhscNGMlB-WoJsyVfcOh8jVHSw_RDvJmXh1jvDlfnFJqTUK3DTCwPM4apbXUg2LPrLQ4PuCQRduznsOnL0VV6AHKUH92kgfx3f8HJKmbv0ypAMKkXuW80AHA9WiEf3FtwqjimSOz8whczZiI3hKcmGK98Q4adyfpbOGYmHkMCXziLHUvXaqHWjHTXjC7WP20s3j3llAokxAI1JFNXbhRWrlWPU8HmjI5ptzfI3NLQ8EIE8peb596FnIW953xg3DhTBz2iJFho4mM0nzL3jlPsH5ausRJZXWae3v7fChvreIqdivuv6HeEwyHrH2EqvGZaqLe-wjqjEjTWO55xnHKLZdmn8ES-Fw6Xzt3ZcVxeXZ2BY00y2gXLHo7zl0CaAiFfovDArHDgZV3_OXM-4iqylpcz4HGz92X_-ZTm3aPzYlrRGKOPkbr4fKhsBeSKPBvfmsn3H8QO6ORW35am8-Q_GLqqcjEE4JprM3CIboG5wjS2GhSNPTRLAV3ZMAObHbyzj9ghDTlVwi7ZxyVeuJrmJOWqZXIRqxUKLfdbupuonpxChFA5O0uwo8t0dLcFkV72ZwTdh-mCfL7wOPubyEKCGUoTPh2Y1AolEYFJBBqgOs0Vca-Vm2gm6s&sai=AMfl-YTorPgTQAl0xWz3jEfjrOEIL6lCtg1AjB-bdxD_mMa5Ikvwc48ozkFRHd8yQOUAxg7UOle0BeDU4_HbJlC2T8HC4AWoVxfiDucqMcOLwuhVLo3kn8mW6Q7fbf-1bjKt9L-PzZHWjPqewTGdgrXZwmzPnPo9sA&sig=Cg0ArKJSzJ8HaAnmLjfIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=91&cbvp=1&cstd=89&cisv=r20220427.21435&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.36.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Mon, 02 May 2022 12:45:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
match
ps.eyeota.net/ Frame 55FF
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=3935973953595647647
  • https://ps.eyeota.net/match?bid=kh51m51&uid=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=
0
344 B
Image
General
Full URL
https://ps.eyeota.net/match?bid=kh51m51&uid=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:56 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date
Mon, 02 May 2022 12:45:56 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://ps.eyeota.net/match?bid=kh51m51&uid=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
p
a.audrte.com/ Frame 55FF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=&google_gid=CAESEFW9dEeFsVYOyS_b3tpNTVA&google_cver=1
  • https://a.audrte.com/p
68 B
617 B
Image
General
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
23.22.109.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-109-120.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:56 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Mon, 02 May 2022 12:45:56 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame 55FF
1 KB
1 KB
Image
General
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=a8hQmbesbugR7mhNyuiZLCUjg&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:56 GMT
Content-Length
1241
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
truncated
/ Frame 7281
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
361a259206a09d754380c40ce56eab72b3c8c24fa15cce75575ac150d8f65578

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 4D3D
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
53e346f7b238ea0ffd8bf014265f8dedecc700b3df87b7e1496eb6f7834e39fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 0DB7
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 02 May 2022 12:45:56 GMT
asset-320x50-text.png
s0.2mdn.net/sadbundle/16224771542101161438/ Frame E7F8
30 KB
30 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/16224771542101161438/asset-320x50-text.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8ff1aeddc9c7aa43f8d42890ddbfbde8d14fbb518a5f7adb726c27a5dc060000
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16224771542101161438/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 11:26:19 GMT
x-content-type-options
nosniff
age
350377
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31070
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 08:42:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 11:26:19 GMT
asset-320x50.png
s0.2mdn.net/sadbundle/16224771542101161438/ Frame E7F8
28 KB
28 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/16224771542101161438/asset-320x50.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c02484a3175e91c86edcf5fd84acb569572e347c66fdf96f4753c6e96a86641
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16224771542101161438/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 11:26:19 GMT
x-content-type-options
nosniff
age
350377
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29071
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 08:42:58 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 11:26:19 GMT
DcmEnabler_01_247.js
s0.2mdn.net/879366/ Frame 66C2
29 KB
10 KB
Script
General
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 12:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10136
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 02 May 2022 12:47:42 GMT
DcmEnabler_01_247.js
s0.2mdn.net/879366/ Frame 90BE
29 KB
10 KB
Script
General
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 01 May 2022 12:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86294
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10136
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 02 May 2022 12:47:42 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 932B
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
87224
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 01 May 2022 12:32:12 GMT
expires
Mon, 01 May 2023 12:32:12 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame AF39
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
87224
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 01 May 2022 12:32:12 GMT
expires
Mon, 01 May 2023 12:32:12 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
current
dclk-match.dotomi.com/match/bounce/ Frame BE85
0
103 B
Image
General
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOe2U-mnu7ptE5WhWLCBqtg&google_cver=1&google_push=AYg5qPIEoVZH-FGGEV-3Ts_RKqObJytJ9Ujyrvv4-cG-3ecRdNuWVtAxDgU3eN57sjA3cIBwEc89BlDbR__7Ml-5grdaKwLpIB0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame BE85
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJtCJlMe6RLZ3feZENT4HcTZAB1oW...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJtCJlMe6RLZ3feZENT4HcTZAB1oWA4zhj1YhnyGbiKbNtyyiu3FoaVGB5qAvimFNa-mxM224E3htTJLLF4bPDednEUzS4K
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651495557.686954,VS0,VE0
x-served-by
cache-hhn4054-HHN
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WW0tU2d3QU15ZUxCR2dBLQ==&google_gid=CAESEKppAAO4aswvhWKKgfE2UsQ&google_cver=1&google_push=AYg5qPJtCJlMe6RLZ3feZENT4HcTZAB1oWA4zhj1YhnyGbiKbNtyyiu3FoaVGB5qAvimFNa-mxM224E3htTJLLF4bPDednEUzS4K
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
google
match.adsrvr.org/track/cmf/ Frame BE85
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEHomITDnZS9TtgwC_paw-yM&google_cver=1&google_push=AYg5qPKA_RYY376fgCxkiwwjdkVMhniZz9LbuLpPYP3CuCR_vl8yO1mjUU7VkpNDTtl74B84DtN67VC44EdptmCBHs_tx2X1Kzo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame BE85
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEKiDvnsF14ZGzjuFDbVqfIA&google_cver=1&google_push=AYg5qPIUa-FXduiLYYqtVPYpt75FfQiqssazo8p8UvFcheqeVNnRcNu2_YfJQ1Afe7x_SaTRidI...
  • https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=51V9W-_aTNKYu2BnaH3Bcg&gdpr=1&gdpr_consent=
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=51V9W-_aTNKYu2BnaH3Bcg&gdpr=1&gdpr_consent=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
Apache-Coyote/1.1
location
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=51V9W-_aTNKYu2BnaH3Bcg&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
pixel
cm.g.doubleclick.net/ Frame BE85
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELriG1tMTjxTAQgl4QXpbk4&google_cver=1&google_push=AYg5qPJyVX_Fcs80Dl517-GTasTsPkyClGzhB-v2XFfVjLiI0I6fBRQkPCsQFweR2w3yrX3andg2xbq0T1xZ40kR0VdR...
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=a0745daf-a182-4de4-9b85-e78482b0b499&ssp=google
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyVX_Fcs80Dl517-GTasTsPkyClGzhB-v2XFfVjLiI0I6fBRQkPCsQFweR2w3yrX3andg2xbq0T1xZ40kR0VdRaiLHFZNm&google_hm=qj-GvRYsQKO5k7eOhj_0hQ==
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyVX_Fcs80Dl517-GTasTsPkyClGzhB-v2XFfVjLiI0I6fBRQkPCsQFweR2w3yrX3andg2xbq0T1xZ40kR0VdRaiLHFZNm&google_hm=qj-GvRYsQKO5k7eOhj_0hQ==
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJyVX_Fcs80Dl517-GTasTsPkyClGzhB-v2XFfVjLiI0I6fBRQkPCsQFweR2w3yrX3andg2xbq0T1xZ40kR0VdRaiLHFZNm&google_hm=qj-GvRYsQKO5k7eOhj_0hQ==
Date
Mon, 02 May 2022 12:45:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
us
sync.go.sonobi.com/ Frame BE85
0
478 B
Image
General
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPIq8kB--AXOluJZzas3U5O_6uX535c58rGN5cQ9djQaqV9OpgxsC2b-S8yBBpOsB_stIjHyyvuqgFt5wVBn2HVc8Lbr-38%26google_hm%3D%5BUID%5D&google_gid=CAESEJVjAYcIBkSe2gBtcGKNqXA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:56 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame BE85
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOQvgoDIypLywyHHKnOBCDk&google_cver=1&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ2
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzMyNDg4Nzc5Mjg1Njc4NjYyNjE4Mw%3D%3D&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzMyNDg4Nzc5Mjg1Njc4NjYyNjE4Mw%3D%3D&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ2
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzMyNDg4Nzc5Mjg1Njc4NjYyNjE4Mw%3D%3D&google_push=AYg5qPJo32m5wOJfCqprJInTICmPid9nh2c9s7q_yxcFgM_J8v5m_yBh6BbSR6yk_z58a5rIAsn_51_mZ-dfemyr73NpEjxi3nJ2
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
attr
cm.g.doubleclick.net/pixel/ Frame BE85
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JKgNyHaaXWzFAnXAKFb-_sUAWFEOjRKJp4nNQ-w-OR1fwYe_L9Py8CUaiSZQdrqvdxK-kL
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745090&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554475&bpp=19&bdt=181&idt=121&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=2&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=792698608&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3629&biw=1600&bih=1200&isw=300&ish=250&ifk=753092123&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761044%2C31061828&oid=2&pvsid=470425835042370&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pgqer4q8tl0m&btvi=1&fsb=1&xpc=cjnTUhMq1N&p=https%3A//securityaffairs.co&dtd=144
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
current
dclk-match.dotomi.com/match/bounce/ Frame 8BD2
0
103 B
Image
General
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOe2U-mnu7ptE5WhWLCBqtg&google_cver=1&google_push=AYg5qPJqazCPXJEYLj8eGT-K1DomAOKiw3c1fPnbVshcB9n6ert8LyMXWdX5gEYWxWvvSvOrgYwHI9lFd942IVYvbfFltaGMOjtb
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 8BD2
Redirect Chain
  • https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEGyxtXgRQPRXQYJRlxjjLqk&google_cver=1&google_push=AYg5qPKXME1DkoXlUWOPAHB7CeUJ0o9Z35AYbuhY3qj0bMRn5ezx6lwt4beGlGJ9-MtHSnd3KlxMc...
  • https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPKXME1DkoXlUWOPAHB7CeUJ0o9Z35AYbuhY3qj0bMRn5ezx6lwt4beGlGJ9-MtHSnd3KlxMcAMdX29qm_FGxDW1hBlcgutQ
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPKXME1DkoXlUWOPAHB7CeUJ0o9Z35AYbuhY3qj0bMRn5ezx6lwt4beGlGJ9-MtHSnd3KlxMcAMdX29qm_FGxDW1hBlcgutQ
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 02 May 2022 12:45:56 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 2C9C5C3560A4410ABF25F5B279059150 Ref B: VIEEDGE1114 Ref C: 2022-05-02T12:45:56Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPKXME1DkoXlUWOPAHB7CeUJ0o9Z35AYbuhY3qj0bMRn5ezx6lwt4beGlGJ9-MtHSnd3KlxMcAMdX29qm_FGxDW1hBlcgutQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeBsYCAEsrpPYg5H2ZxQ==
pixel
cm.g.doubleclick.net/ Frame 8BD2
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D81312610%26google_hm%3D%24DSP_CKID&google_gid=CAESEIT0Kr-qk_B9JeCyeTG4zyc&google_cver=1&google_p...
  • https://cm.g.doubleclick.net/pixel?google_nid=81312610&google_hm=OTU2ODQ5ZWEtYmRlZS00NWQwLTg2YzUtMTk4OTIxN2EyM2Zh
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=81312610&google_hm=OTU2ODQ5ZWEtYmRlZS00NWQwLTg2YzUtMTk4OTIxN2EyM2Zh
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=81312610&google_hm=OTU2ODQ5ZWEtYmRlZS00NWQwLTg2YzUtMTk4OTIxN2EyM2Zh
date
Mon, 02 May 2022 12:45:56 GMT
content-length
0
strict-transport-security
max-age=15724800; includeSubDomains
expires
Thu, 01 Jan 1970 00:00:00 GMT
us
sync.go.sonobi.com/ Frame 8BD2
0
478 B
Image
General
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPKadFUk8DK6Xean4pwdi96dybSxgqAwxAvdgojrbA-IRXzF4iNh1ROMljT3J0Alp7usW0kIei9c5UwKAvbmh1bdOGvv59o%26google_hm%3D%5BUID%5D&google_gid=CAESEJVjAYcIBkSe2gBtcGKNqXA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:56 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 8BD2
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELHfgInEFy3a1U3EbkQIGAY&google_cver=1&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jp...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESELHfgInEFy3a1U3EbkQIGAY&google_cver=1&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jp...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jptk6DxDo0zyM&google_hm=21c5a7800d7c22f06df421af
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jptk6DxDo0zyM&google_hm=21c5a7800d7c22f06df421af
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Mon, 02 May 2022 12:45:56 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKLc8FSo7_2Q-oH5vAenDqJSW-9Zsggt2nr9jkYhv_y0BqwTI8LbhxbYbsXRVUTzfl4zZwBrosPzcGQtt_Jptk6DxDo0zyM&google_hm=21c5a7800d7c22f06df421af
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
pixel
cm.g.doubleclick.net/ Frame 8BD2
Redirect Chain
  • https://cs.media.net/cksync?type=g&google_gid=CAESEBcVfyXQbyHYld1LGZbg7WM&google_cver=1&google_push=AYg5qPJpJyl7w4uXG8WLJ2yE13YsbdnLmVdpwe7ZPoy5gFytyb1B0gbUTbRecH5bMe-1NIOjbqUdAI7EyK3y5f5BuFfMGnkbW1k
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&mn_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJpJyl7w4uXG8WLJ2yE13Ysbdn...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&mn_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJpJyl7w4uXG8WLJ2yE13YsbdnLmVdpwe7ZPoy5gFytyb1B0gbUTbRecH5bMe-1NIOjbqUdAI7EyK3y5f5BuFfMGnkbW1k&gdpr=&gdpr_consent=
Protocol
H3
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&mn_hm=Mjk0NDk3MTU2ODE3NDAzOTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJpJyl7w4uXG8WLJ2yE13YsbdnLmVdpwe7ZPoy5gFytyb1B0gbUTbRecH5bMe-1NIOjbqUdAI7EyK3y5f5BuFfMGnkbW1k&gdpr=&gdpr_consent=
cache-control
max-age=0, no-cache, no-store
content-type
text/html
content-length
154
x-mnet-hl2
E
expires
Mon, 02 May 2022 12:45:56 GMT
sync
ssbsync.smartadserver.com/api/ Frame 8BD2
0
75 B
Image
General
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGhljgmfZVOsZiK08NNJfHc&google_cver=1&google_push=AYg5qPKfWYFpbKNbJL58OpIByrCQ-EOAMbeKHRa16FDKLlMqWr6n5EYhWj84-iE3MnRFZOOr43Gy6Q5wsQrYGBVOvw_6cBNUC8Mz
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.108 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame 8BD2
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iqsd1OUd1E558F4pVMOteqw6RQwgUlTAQZIq7ChRHCwyWhr9eEkFIv2LtqS-nrptma0mEV
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745093&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1651495554&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130739%2Fcyber-crime%2Femotet-operators-test-new-techniques.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651495554512&bpp=13&bdt=264&idt=197&shv=r20220427&mjsv=m202204260101&ptt=5&saldr=sa&correlator=4815771223631&frm=21&ife=1&pv=1&ga_vid=735984151.1651495553&ga_sid=1651495555&ga_hid=1257932435&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=1580003737&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31064019&oid=2&pvsid=947196825280108&pem=550&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.mod0fqddjd6r&fsb=1&xpc=YesasqAcK1&p=https%3A//securityaffairs.co&dtd=217
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0AF9
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1137
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:26:59 GMT
expires
Tue, 02 May 2023 12:26:59 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame EC69
783 B
532 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
983e6bf2668db486d1e2543b75926444a1bf4e3bf4cdad517b41360ac7d74277
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Ndvvu/aNJutMRXfmERfyBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
510
content-security-policy
script-src 'report-sample' 'nonce-Ndvvu/aNJutMRXfmERfyBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:56 GMT
expires
Mon, 02 May 2022 12:45:56 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
view
googleads4.g.doubleclick.net/pcs/ Frame 4D3D
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu9l1H54oZo0x_GFA9hWbv4zBmALIQOc99KLBD_ov0Rn-5xko6elYoG0-wzs7AwbsQfJ9GOg_wPAt9bb45ToRAw5kNmHUH0PLtuaf-3T1nbaGU3WSxqrlGJM6HpItHMXQVzqYf_q9d0JMPY1Yo8-lHs5xw5Bsqyjr2izR-fthTA1MQb1t5ghqmZkuFtTwQHPGfYsgrzTvdxtbqgipMuh2X51_3ZexZ0h5eYyCU4YPUx5Iba6u4xWlj3C_71O750sogsQQCItZSGxsbopzjSiUMa0NRujcO0604p75dt69EEWVO4SV6QFEw8ZrLxPi1jPygr2cnY506mlvt5hXpoQTdXseDh1FLomy6fGpGhNaMhcN3wdYTMbgJTDBIGu2AqpbNDEmqa2Ch_wa_Jq080lVLaDr6v0N9XAYGUlaFtH2pYPqBpIUSIAnoe8yWeGsnYHA4lrkxnt1_TG3szodIy5BmODSonRZMFnP8_bYJKrXvgPSYFDjs3GrhNmh90nmoG5eYdlKXUg0LqMfP_lhD6x1dIa3tWp3an5R7V96AMJ6phlSQ0HneOdmTxNJobFjxwx9lRu7piw5FqkFHSOUoE-N6kc-1-t2UiLhndeNw_ZOA--2Mnss5agyp9Mjro7yIuZpfZqt3nTeJ6g7oM-SaI1EmUOccfqp9lXMM8lZv1U2_jjnxwI82o4EhedlunL5mxOtASBA32B22xrEC5Su6uzrKLvwvYIf-VSZTiYr3K4E4r_VAGe2L94vm3svc8Zx2_buf-YFjsA8bxsyUW--h06tLPgWwaGbTuV5iVQOSk0gQZR6kYAOMdzy_1vddRa3UY1VLXPsqQbStOVeBWOuAFo1KztuYR7tCOX7hQTq1u-6nc6JzoeX_kIe5wdUvdp6YiuhqtAG-LIkMKFk7i3Oo3BhpObmwFbfmx6YOzpkLpV27SkqvZtEzZP5-wdiosEXIBh1fwE5l3ojY1yjQLKx57FTsxWTRaT19W-35rOPrPagmoRPAUbsSzJKy2177LiKjcE6JWx4Olo0iEONAtJzkGYxamPKb66CxK2Hg0_LbQczzvIdKf8JDItQVBpHYTzhMcEoj9Xa2bXxNh10Ej1ZHlW0FefBO5-6IEPEXXVQmyYh7S5048nuMO7BEK9g33z5vMZZT0LE-4UDaZ6fpajNA-V2IBIt7lNCAC47cgxyzmKg&sai=AMfl-YR3yVeWJM22gjodt8F2mv3ZNmDYFZM7jNKPCd0SugyMD9QmgO52evFhy8HMR96kGjovVBCcjl8YxZQRiSuahn8W-M8B4Jb7r4ScQKArJmKQmKjLDsYSbCgQDYKzg4vbFMs8DAHRQqfv07fOkN9N6GGHq6HQkw&sig=Cg0ArKJSzPxDm61IxliCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=325&vt=11&dtpt=261&dett=3&cstd=62&cisv=r20220427.49075&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.36.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
googleads4.g.doubleclick.net/pcs/ Frame 7281
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2-EfxqpXoOcMCIqgCh1KayEsCcxyJ2rT-krhngt_Xl6FUPFTv9Jj9N0-Ss11_PEErJXvrdmVaopfH7yzV18ZldbdbCfPU4hvfTpWBB7nmRHlbtBbbPwL6Sn98NAr8B0oGov_DhAgdvHkIDF7L802DbunzspJFsVwzEePt4AK7OGxVYWS0G-2YGyJYOQu5XbP8gxjbLpewTaP7pQ78sRbjR99L2d2PjNix23z8FIz0omup2RvQCfA20JO9Cf_3qYmd39KuiOjZHZ1KX70AxVJLc6PZ_D90kDE4aTz6BDttVErngpfRwZZV-u5o2CKbhETkZLWEBew7HHp25uwGSlJlVEfAvxWIt_9peEM6ZA6X8enPRMEHzEu4KXUV6JGQZOFr9L88JRznwEtzmuDUVw1ae5dTZ94MSxGyysCEldAsrXwu4vmsrzMBmYcJfJ4LCnMZbSISzBy8Ko7EeLr1buBBz4gyysOxQ0x4N1GcgyH6SlVm_jQGKhiL7gcTXkI4GvTWYSi71UDF0K6pqtO7KYWvsZFmn63-E8EbEtfmXYudAhscNGMlB-WoJsyVfcOh8jVHSw_RDvJmXh1jvDlfnFJqTUK3DTCwPM4apbXUg2LPrLQ4PuCQRduznsOnL0VV6AHKUH92kgfx3f8HJKmbv0ypAMKkXuW80AHA9WiEf3FtwqjimSOz8whczZiI3hKcmGK98Q4adyfpbOGYmHkMCXziLHUvXaqHWjHTXjC7WP20s3j3llAokxAI1JFNXbhRWrlWPU8HmjI5ptzfI3NLQ8EIE8peb596FnIW953xg3DhTBz2iJFho4mM0nzL3jlPsH5ausRJZXWae3v7fChvreIqdivuv6HeEwyHrH2EqvGZaqLe-wjqjEjTWO55xnHKLZdmn8ES-Fw6Xzt3ZcVxeXZ2BY00y2gXLHo7zl0CaAiFfovDArHDgZV3_OXM-4iqylpcz4HGz92X_-ZTm3aPzYlrRGKOPkbr4fKhsBeSKPBvfmsn3H8QO6ORW35am8-Q_GLqqcjEE4JprM3CIboG5wjS2GhSNPTRLAV3ZMAObHbyzj9ghDTlVwi7ZxyVeuJrmJOWqZXIRqxUKLfdbupuonpxChFA5O0uwo8t0dLcFkV72ZwTdh-mCfL7wOPubyEKCGUoTPh2Y1AolEYFJBBqgOs0Vca-Vm2gm6s&sai=AMfl-YTorPgTQAl0xWz3jEfjrOEIL6lCtg1AjB-bdxD_mMa5Ikvwc48ozkFRHd8yQOUAxg7UOle0BeDU4_HbJlC2T8HC4AWoVxfiDucqMcOLwuhVLo3kn8mW6Q7fbf-1bjKt9L-PzZHWjPqewTGdgrXZwmzPnPo9sA&sig=Cg0ArKJSzJ8HaAnmLjfIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=325&vt=11&dtpt=234&dett=3&cstd=89&cisv=r20220427.21435&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.36.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
prg03s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame EAC9
13 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220427&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6fb04390ab66cc6dc4f243b36a4388c82bfd1edca36d014fd10c6c11e20d8d7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10472
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 64E9
14 KB
11 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220427&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0f693c38c60785edddf29028ada03a3f22265e548da4dfeb08a46a6772d09cbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10795
x-xss-protection
0
e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
pagead2.googlesyndication.com/bg/ Frame 932B
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 11:40:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
3947
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13654
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 12:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 May 2023 11:40:09 GMT
e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
pagead2.googlesyndication.com/bg/ Frame AF39
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 11:40:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
3947
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13654
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 12:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 May 2023 11:40:09 GMT
asset-300x250-cta.png
s0.2mdn.net/sadbundle/12758814222256036355/ Frame 66C2
3 KB
3 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/12758814222256036355/asset-300x250-cta.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
efc39234f7e38920e29088dcf4fc6754da829b76f6bc83334bc79d5f82b2933f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 11:20:31 GMT
x-content-type-options
nosniff
age
350725
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3502
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 08:42:43 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 11:20:31 GMT
asset-300x250-text.png
s0.2mdn.net/sadbundle/12758814222256036355/ Frame 66C2
6 KB
6 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/12758814222256036355/asset-300x250-text.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bbc3ed0c2b8bd0c4f1c9e86754cec491d04cf23f7ec57aa1ec05822a33bfe792
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 11:20:31 GMT
x-content-type-options
nosniff
age
350725
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6221
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 08:42:43 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 11:20:31 GMT
asset-300x250.png
s0.2mdn.net/sadbundle/12758814222256036355/ Frame 66C2
54 KB
54 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/12758814222256036355/asset-300x250.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
19677a85827a066ff7a9fb94c2b7b7ef5b622ab90b43324e683af4a7ca858d08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12758814222256036355/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 11:20:31 GMT
x-content-type-options
nosniff
age
350725
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55282
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 08:42:43 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 11:20:31 GMT
asset-728x90-cta.png
s0.2mdn.net/sadbundle/13356131428248065318/ Frame 90BE
3 KB
3 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/13356131428248065318/asset-728x90-cta.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
140c06334e4ccc9d224319ed366201180a6c1f525cf4e958ed4de5d7660added
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 12:31:54 GMT
x-content-type-options
nosniff
age
346442
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2948
x-xss-protection
0
last-modified
Thu, 28 Apr 2022 04:00:13 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 12:31:54 GMT
asset-728x90-text.png
s0.2mdn.net/sadbundle/13356131428248065318/ Frame 90BE
5 KB
5 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/13356131428248065318/asset-728x90-text.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
acf3471f8d6bcd0ccc155b58910d0dc86123bdbabe3071ebc46e0f4405e05fb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 11:43:18 GMT
x-content-type-options
nosniff
age
349358
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4881
x-xss-protection
0
last-modified
Thu, 28 Apr 2022 04:00:13 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 11:43:18 GMT
asset-728x90.png
s0.2mdn.net/sadbundle/13356131428248065318/ Frame 90BE
40 KB
40 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/13356131428248065318/asset-728x90.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1414f028670029febfc969d1b5ff193e6d1a670f3c3f100f3fb44eae327e8a87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13356131428248065318/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 12:31:54 GMT
x-content-type-options
nosniff
age
346442
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41150
x-xss-protection
0
last-modified
Thu, 28 Apr 2022 04:00:13 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Apr 2023 12:31:54 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame EC69
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220427&jk=2173063773847037&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

sodar2.js
tpc.googlesyndication.com/sodar/ Frame EAC9
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 02 May 2022 12:45:56 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 64E9
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 02 May 2022 12:45:56 GMT
e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
pagead2.googlesyndication.com/bg/ Frame 0AF9
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 11:40:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
3947
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13654
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 12:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 May 2023 11:40:09 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 26DA
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1137
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:26:59 GMT
expires
Tue, 02 May 2023 12:26:59 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 5E6F
783 B
536 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
8b2c25ce6ebcb3c91b0271008eb50583176d4a77f30c6d7d552b770bd3d23895
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7wVGiUapx1ksqZvWImw40w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-7wVGiUapx1ksqZvWImw40w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:56 GMT
expires
Mon, 02 May 2022 12:45:56 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9942
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1137
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:26:59 GMT
expires
Tue, 02 May 2023 12:26:59 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 9CA8
783 B
535 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
3d99baafc2c436bed258501d27ba7c135b5bc57aa7619e0f0a1cbe3fa060ba61
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0sYjDXs+ZQXNIqBv+EMuYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-0sYjDXs+ZQXNIqBv+EMuYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 02 May 2022 12:45:56 GMT
expires
Mon, 02 May 2022 12:45:56 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gen_204
pagead2.googlesyndication.com/pagead/ Frame 872A
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BaQSHg9JvYpXmNaat9u8Pqsq1SAAAAAA4AeAEAg&bg=!AwClAETNAAZNIUvJbSE7ACkAdvg8WtUmVKvSvd50u4TNR3UOoHkQDNwdcHvRuWpN7ntkvfrzh97RmQIAAAEOUgAAAANoAQeZAw2_BrKWfi_csyDUfrFKVlJUcixLLfVomq9ykUdHchJwCdbvLs270-4JXMz5iICtjKn2xkaoOY6e16aVYfYIfgRfArTIdslH2dceqCsYdIadvyPPJsBl15p45TqH_YjmkTGdZe0KyLTwkmoIsX5UO3q2ccylCdWdwvGbYsWux5GtS_Sg2hwZMSgOPG-SCDYelRGjW3QATf_oIHk4ZvEN2KDvwOkhU-tVYwfEEhuYpf7cyupjuD1xPrsVubREz-NAUfblFbluEzcg_GgS-m3wkKCT_UnOGTiJVWbGpyirb9kZXDVcxEYnrTXij9I2ycUuoCN4KmZs7-IX_9V5qbrQ8gMXI9B0FehRpWsFxyXoRlMCqjcuhAxwmr8AORxAlvKHs33DS2LdQT0VSGeUCn9YwDh-JxZNT9C8-Sawuq38CwLUGn29IILDxukKrpX_4__HvsFmiFOwgtj67ujVsE4qu8E7fdo6X42Nox-_Cn6QLu6czjCZEeDKg5EU3AGYvXsgeB35TX9_ouVw15sUlFArKi9FhqFMsZgS8EX10VAozUfUYNUuWzgJnmEb_tFefMYUwAvk3AqK6i1OQSr89VJkTrRkS9-8WhxUypUUekMsoq1NWn409cac3Vg5lZNhNThFRW0WIXktaSnNZkNlCuJKiCd_OdcXUPe6Z7nKwax7iYtAC6_e-dGNj5GcG-40ewI6q0O7d_1-KW_m38hLZ42W87sQcrQYm6IH9SpVbgcsn8U0tXt8gmVhRhHBt-ukq8kzBCSKHA6b01ObSPAfdvItv8D8sEgli6SqILukbEc-_P8hrqCoCfjAoLmCTps-Su6GXyE8xueqL4f5yWNk2gvcQepp7CiGZVnsppOfaTKrqPhp476QokvymkaGnkBPkqQq6jdmy97uxz3dWFhl9On20-B9kVV4XA9uWNqkD6AR6pIBOn8s0X2EO2SHmYhHyoZarKOkbYMlJrOEJMss5PMIUzAwXRympc-OEC0bBH5D4JrXYaZ3zK8ebp09rsDYuD0VzOenMBcWwq5pYPh9CJyn
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 5E6F
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220427&jk=470425835042370&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

sodar
pagead2.googlesyndication.com/pagead/ Frame 9CA8
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220427&jk=947196825280108&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

activeview
pagead2.googlesyndication.com/pcs/ Frame 708F
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu_qjpbcO7AYrhwJRCctEDB23pn6Zlha4hUlKmnvJ54u75IsfkxbruBj6ivbPkEzsi_A7etOvux7wLyqdb7B912F4oZrXsefC2x7uSqUQ7WbM4&sai=AMfl-YTBqynw60xvN0uRSSihr4PGX76yLmBoAzTWQ-73ZxFJ8-nTZaDu8lzTiCHSR8U_EspWuDfFxUFyt-g60qlspNB6B9JRtBF_64E&sig=Cg0ArKJSzBvIvB1Z0_LuEAE&cid=CAASEuRodJI3CiCwfekf93MHuUwhlQ&id=lidar2&mcvt=1021&p=0,0,50,320&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20220427&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651495554693&rpt=595&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
pagead2.googlesyndication.com/bg/ Frame 26DA
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 11:40:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
3948
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13654
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 12:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 May 2023 11:40:09 GMT
e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
pagead2.googlesyndication.com/bg/ Frame 9942
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 11:40:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
3948
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13654
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 12:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 May 2023 11:40:09 GMT
generate_204
tpc.googlesyndication.com/ Frame 0AF9
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?wF3c2g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
SPug
simage4.pubmatic.com/AdServer/ Frame 20BB
0
128 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156631&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D258da93cfb81e596%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
gen_204
pagead2.googlesyndication.com/pagead/ Frame 932B
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfFrxhNJvYubDEdet9u8PzdK9mAcAAAAAOAHgBAI&bg=!mJulm9_NAAZNIUvJbSE7ACkAdvg8Wmq5knFvyRtUdkwk6auaYChNDB3C0pLEVvu0PB3sd6rIo5koTgIAAAGgUgAAAAJoAQeZAyjmZQkK3ahDeYP2RAWHh3zgqLCTUxZadVuso6fWSJ2sVrauVzVSXx1-CtmFf9dAL4XHIUZEaaBg-wXkOhhxu9edc_dwPLTBzG3jvzxgXSwJ-mb8YlTE6o0Xr86sd4OHJEw_8SPenkEHiCYsZRnrFb1zScSbnh1eHQc7SaHRNYn4bdKKM9g25iOdNKj-hvJaU-gkQeLqO9vTOGQ3THnRtxXMDHULIyVF8Zi8yrDgAu_wqWkxSaqqf1nLcFUB7-I3j1lkYhbUP77bWTsRNoxr2nLcvN3feWZW0EHf-UkwS7jw08XFjdZcKdhb9Mkv-yN5TKd_2i-S1uUr9eixlDxVW2ca358QeyMs5KXteYTBNBeAXOdQs7RhZ5pWhZq6UV6Jcu0uPKVVEXjcleqKp06CxxYMVKcOwFugCS-OVPohEE8imK1IV2QO_Kzl2CYLYLzgEqKi4fNkDbBAaicz1tqnbL_YCWX4FRTtEPrRcWWVnpd84o3kivmul8rrp_1HlLqLqI4yUxjetRNztivu71PnbqMkaPJWkMnenvmsi84h7NGshbDX_b5Way3peOM3vStshN-pORLiDpa2PdQ7yMQm9SoB4T2GFIPoUVfYs1F_r2TrWIFHNbHbPrnXoTYV1Tx_4BtfpFKpzz4wd_AwXYVP1vyjgn3Ki3SVkFfCV5Py3z3BDQuKpWE9BfPc3n1Hvee3DkFSINt0bsQMObL_KCmSm-_6q4Sqd91aKDSFxF1lybqAll0fJRHlGU5YT48abgoQNZbkaKachcrDu99MmD3q4atgyBD-KH5LM5fSjuJF2lOgjk6_9NgRuCob9zu_x74cj0HsdI1tLTYbRhsgUO9q6aaspUTPKnj06haZELb80xDWr5nwPrTrAVTkhxGJtlc_RkiiEISj4GPdKdf5TBQJoo7FBJFAWKr_sIUu7_gm0uEv38-WuMr7q96Fy1OYKqgci0lVH9H-oO_YjjDRicMN8enw9dm25xu4J9a-DtFq0Q1iJd9fpX-mD6C68pRW_v5FRN7aI3i7fU3mzvF3epXCUsr84WPvjAjWvIc-SemBb27gXPCs-k6FL7Xt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame AF39
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5CIehNJvYtfEFeXR7_UPydy94AMAAAAAOAHgBAI&bg=!OjmlOX3NAAZNIUvJbSE7ACkAdvg8Wp1CZFlLQWumk1rEntWxxw7G36-73jUEP0ewrmJVJvOlm23hzwIAAAF_UgAAAAJoAQeZAzbuXKP3RKKW7YeYc8lPG6vElssgLnzaXxEIzin-sNOmxROL1AfIDaV_wSGVPAHIMpJfhgqJ-Q9lTnm4nq9soBbMS1vOQ3fkeQxqR1qwNv4wPPoFG1Xj5X2H-a9jHv0LzVH2ZWfMlUus6-KUT-WO4kEqxtJ4GupEjF50-yrDQbiuQ7eE1GQYpoLDwQAPidWOA9UW46-0PuPadxnwKcX2x7XxjEEIgJLg-GTK6Av5JOysMbMuWhFOXHaR7-Ia1pRdKlqr4Lhr48KRvxEXHh7vL3fYOPf3OBw7sUu2H9BYGagimTvbcnZ6VPNB9U7reY1NWWa_chg2Z6MPiV6Gpe0rluO0yaho-NczCeG11UX9I_XiozelicMm9XKZjUtS-vmodLmZ3r18OQDaqjw3cRJ-jssLvTrH6Wx-3fDu-KflgvdE8KSA_DNRL1kr5l7hwhtrNKeB6IEoArQ8XRtpcddV5iGF4RPJlF2vUSddz7Yk2J0r_dl7LqFXk3ZfqYXm-MHsK841clZCqnomCTPxt9FAGZAn0FBgOU2aQUAopKkw7YyUFdOwS2CERy0GzhbWK00WktOZjqK0upIi8oKoihTWfmgEyU4gO0oUWDmmxzgMYD6t4_mMiIEl1vdSsmFp50wtYXoRloyxJm179l3KcUDGGZXskKBbNJzAhSmMnFvL_EVEdOPNw-TK0pBl38f82afqnDWJHOKGMgF6pyqei0xnH8YMrIODRLx4p1ba999RdWKG7sDlr_EIB9HEoe9ZLFFM6j5QIQBSWaKSq5OBAM99Wv337KsFgPk6cAHEwNFl8nWy04bcUr_FuE_hcjjFbl81QQhAsfBLnkJK2l9GNTVzTNe8nVI5CSixxUIjt_Lyk09y27n6vMeYrQnDU9xAatgKP320-GWDMFZ2eV2hNwan7FEeGLmoyAtrt97q1UvEV-eAnkX7-fnYKi-djlTlCxx-YdxOC4-y6MeotoM8Akqv7rOlTQLAW5NF6y44KtND1bIPymcd3bet5KnkKqm05Mk6QZMV4tlGGxQtjIzBC0O8xgHZKcL1RORH8eZrjrXFy50vfUYmL-iIPCmia3eqyn5pkQOZcTG_Yr8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame B51B
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:57 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b221546d-39c9-4694-986a-e004cb63aafb
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 15FD
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:57 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
7f23a52a-4988-4cc6-9363-859dfe733c71
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame DB6F
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:57 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
c268ed01-0144-42f4-8e24-347e8264f211
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 5C17
0
737 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 May 2022 12:45:57 GMT
X-Proxy-Origin
81.95.5.44; 81.95.5.44; 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
aac6d1a6-5945-4102-a7f3-56849eaa7246
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 26DA
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?D58Arw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame 9942
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?5P3qqw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 7281
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuKaQ5AGhz0wDmjqXNMKNpRNwpHU-uXdMJljIoGDHcUC5M_HCxr6OgkbLmR5HLK5o5ZI7I0yDCl5eSktAzu5GY7EcnOwiWuQruLEQDJChhtkMg&sai=AMfl-YSa8srXtnyMDmkYQk6N_ykPfils1QNqgOMkVxugCUjNAICKB-8QWyx9GwVcb7SWcGnxnxxuGN_rZD2RSLldcxnHD3a11je_N1w&sig=Cg0ArKJSzLliDDgK_J2XEAE&cid=CAASEuRoZDAIj1Dzzbtt5sM-EPTe8Q&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220427&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651495554731&rpt=1262&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 0DB7
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220427&jk=2173063773847037&bg=!lZalltLNAAZNIUvJbSE7ACkAdvg8WuryCr0YnmD0osa6Lg3wpJNjD_m71O3hQryNMEvTXC1nzcx1_AIAAAFwUgAAABVoAQcKABXHm5QXSB73Tmll9aj2V_L1D-LHg_yZAwDzI1J96_fe6ULsnD__5Q3P8VudaqBgvu2tfXUpWWn7j6Evkwd6SNQblQGIEMcbUWYN5JyN0nUVNPKIt32A2zMuWE-3hLZlRQU5KvV_aCOb1P1c2ywUu4O3Acjczo7gD-td8aA2fCTJMIJycSj1qX-NHpq2eIlh2SEon-YPSQULrOdzuYRV0T3hBUHE588c31FTUDLKDiR3k8LZRlZbY9LU2Dd26sr2kwhgx1KDK3wDF9wG5yk5nWhW4gjyx_yM5XASy-jEn1POI8sdBTCAJVUf28cYVQz1EhN31LKqaxdo7EfCyoVtkkAbYMLsbMopAU25UhWTMIRb5-LyENs-Y5ZCghfnQBZflIJUQcdukzfsWPvhoC_AhjmSY9nbLesRfPaI-v3Z0gDphQhZtqJ7843KmegL3GVE8nrgju8FI1Z3brlS7308LfjfXU91rZms3PPTpf8LGkGQ6zaCBZIJ3lQ8GNiY1kHnJWuehr3TeBiXuahrDV8VcHTJ_FmHCPc7IeblfNEcJxCbE2Qsqg_UiB7qe-o1rdqB383cNZsGEfLNU4UcvVH892dAdDtgaJWdqHALE4N1aBfEXopX8cajRDor6hklkkfznpfbZget-qy_NiRSIFYQ9_RoBj9IBkt4sDvWUA7sytszN9gsOpJthYWaY-3lHx8Jx73--l2GERs1FxUFgcOjsMaauo0gBmCPo4pXN7og2la5x5v2rICklRb3lqkiPo0G9iL71qT0vcwfEL6w_5Ojio1YLjaGkoirnMRdbp6DL6p3fVfu9K54n0nWzbnOCHplut9lNH49i22mkOgeJdjf_pJHusOUK_MV6ZqY1044ADQwVKQIa3vexwwja5pNIa7_9eIaBTO3bWQi_xRGhw_wuEBTYEgV1Ms_PdXNxXGO1zkLJnp91rWnNbYeHPBYOCeIZYyHRjMXaSlD_T0zLWSCrkYNta7tPPRUYn7otvVzC29cHAigGinjgcIdLSoOg-MjHb3dTDzswmQfTu0viSbF94b2mNF99DT66YY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

sodar
pagead2.googlesyndication.com/pagead/ Frame 64E9
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220427&jk=947196825280108&bg=!W1ilWBzNAAZNIUvJbSE7ACkAdvg8Wk5-7fZdvKuVrIUWXn3bEVFFmvYgm9B70yGOiyvDurHuUkyrIQIAAAEkUgAAAANoAQeZAwORVVxGKUCaoVGRf6X2Xjf15bT50aTBRAmCzx_GvjOEfiRrxITnydixb3d6m8hbKjA9z6adk-ZH_T3AbCrLMcBKhdR_vKZWF6_F7Ofv3UzSIvizNV2v0F85URCINSX4A-ovKHKsK7Z5x2l8b3ATPG75-qoXSQq4cxGFEdtiqb7qnPGHHO17G6RGfL3yYDFGVwCYwtvQJvbFyXwqf98AmObl4T8a-3DdogqbzkOi8uzKm-mwE1j-sRjUDaAjKsIaYs-FnLsuORxmC5f0tUfT4urg06yNFuDNYuVnLASnG4QMVQaA9AExIYTkixtVqX9FBGLxu1a41ZSw8nty0c4aTUJ1WoE9HeJvhedfFial3QfemiZnkuPIY58eljolTrh86nGU5Q7feW-8R2e2f1pZKIZOpEekU3x4CArTrYN6L-kh0HXM-1K3WMB2pFthwjhWVYEAeVo-2E4zk38lTDaNm5tWmUGwu6be2GHD1oqy7ekPh7NqXuox5bug_2QyANdF-WrVHS8rntnTyJpQNjD1iZiwA8raSeh6OEu19fe4jL6Tb0IRtg-z3aXltHxjj06r82F6ViWZ7bjtQ80bNOUfv1hhpSKuJ-5p-y3xJPYmQ3Omqsge_oho--8v5hg9zGsNwu9md4DULye4Mrv4gHsE8CMNNYhydfKaHVGyTcVKGVdjK4w8rkVgCB56wiBR6QsqoiQUOp0eKZuU8CZThboKuRrw5-Q9cLNfu3GeLNhv7YJOI8RpGHkOBHjmu7oH4tDR9Kqb_xzPmq368cJHi9Zprvm_keHyR2flhgRfo3iS-XIN1FGp0yt-bj09pF36SmFy3Su7vOV5T31g2EsA2RsGdz9Ku1m1XnNy3chaeyn61cgM43j4nJPdCwX458JvS_UUfQS82-dR4BwUyhLRS1IkofiJrxTRg6s4sKrD4AY19RpSuCSr75RWzhpeCaj7cHPj0hvI8l_adPpSWM-Yz8Q_aWHwr_0gC-W-su7ED4-DO-n38TllUraISPR9Zfl8mqm0S16v55w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

sodar
pagead2.googlesyndication.com/pagead/ Frame EAC9
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220427&jk=470425835042370&bg=!19Sl1JDNAAZNIUvJbSE7ACkAdvg8WsAE8h5P9C_dxIPspe3PIPO-93yy3BJaUZSCrknTDICiJftPcQIAAAE4UgAAAAJoAQcKAAwK7sIleciuJzXqQRiZAvl-yj1SteWGRqhzd67CxeSL36PnWRR-NICJ0njNs2mbAFojkwS5IMp_b5P6oPhTJyecDkrZiJ0bvMd3lniOKD0sHyb_lPvmh7r5mfyx662da5pSLGoHMBxM5y_QVY1aOjDUfWvOWj_aLM_vBWuZ-IoymK7_fhYFpMD8uXejYwlkWFKAonSAm_G2oyLTFLHxQx9UMoUpNRrgkAMNZRs8NXfpKOgNT9GWgf3QVNU5pTs4CaQmJAamez7fGTclGDh_pnFJ-gP5Eww5mzOD493fPhcsqjMShSD9FUX7t7Q2D2JaYLAF3M1BCLxSLojJETp_Fqy5O7r9BlbC8W0BxCf9f_auSkZ4-yOjpXj-9gmSf70dosMDG8UDyoU_RU8kzhVTVYlNZUQdtAZJJo2VqA2YXe4hg7qJaUmW7jEo9rlPBRIAIqEKVJEMmo7tGkQllGusbDrl7W4rMyG3PZKDVhRpCh7Ej3qeETrE7zUDbgAb-GnPJ10YAsTtEmW_Bo_dLciTAQ9yz-0vIK3Q4wRwe88Iqy1wOh198rKyWWhun07T4ledADYK72uljCNBBSOvuHaX_0Y8fX9SUkyWpLUsCPo8ixPNKI8lMWneClvdmLnTa_P38-BJDJV6etwsGjyLeO2W61dYP5eFQ8rBR-N9AcV-47Az6Ov84e0aaKTiAXJAewZG-JxR54CFYDAxu5Vm34c7-WujyWMUQ6XAWdNR2TDTpy3hjqepPNpY89S3CwGr9C3RhfgkhDBmvANJwGGMuIytKAD5mRLJtOe9DazfbxzkqLd4VfSh7rT3Hqu_4l6oSJg_R1leXzifzbUHH1cMTb3rGZHhDRo5IDKZRz4GBr3DsVukWxYs479YlfboNFhA4DTEUZU5OG4xz4CNsfhSi4lsqTXmcDEArIsFa9pKeQ_hHYbLHY8r9Wh3KCrGGBNVb4YPbVPWzZpJIR4FFXUbiffoyZUltC4iI6V5EQIisvg4crYQ9eGHq3PLr45lMobOk9AG5W0fii0I7g0uDA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

rt=ifr
bcp.crwdcntrl.net/5/c=15238/rand=409941518/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/ Frame B36F
163 B
403 B
Document
General
Full URL
https://bcp.crwdcntrl.net/5/c=15238/rand=409941518/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.222.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-222-239.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
31c569d868268829ebaa21b3f4ce8a1a2e18dcfe8f6e66be63d89c3837234d9b

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache
content-length
163
content-type
text/html;charset=utf-8
date
Mon, 02 May 2022 12:45:58 GMT
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma
no-cache
server
Jetty(9.4.38.v20210224)
x-consent
absent
x-server
10.45.30.80
PugMaster
image6.pubmatic.com/AdServer/ Frame 9D84
2 KB
2 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=50301806&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
6e58672fb432f27ff41b67aff065dbcbfcf2c43ce6a98fa128bdb8a83b5e8055

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:58 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1823
content-type
text/html; charset=UTF-8
PugMaster
image6.pubmatic.com/AdServer/ Frame 5F89
2 KB
2 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=18655082&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
6e58672fb432f27ff41b67aff065dbcbfcf2c43ce6a98fa128bdb8a83b5e8055

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1823
content-type
text/html; charset=UTF-8
141
match.deepintent.com/usersync/ Frame 81E9
0
44 B
Document
General
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 02 May 2022 12:45:58 GMT
server
b
Pug
simage2.pubmatic.com/AdServer/ Frame AE98
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
42 B
367 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 04:16:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sv3pug015:0:504

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Mon, 02 May 2022 12:45:58 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
usersync
match.bnmla.com/ Frame 7D93
0
114 B
Document
General
Full URL
https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 Chestertown, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
0
Date
Mon, 02 May 2022 12:45:59 GMT
Server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame 7925
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
1 B
140 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Mon, 02 May 2022 12:45:59 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
10:0:446

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Mon, 02 May 2022 12:45:59 GMT
expires
Sun, 01 May 2022 12:45:59 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
Artemis
aud.pubmatic.com/AdServer/ Frame 9D84
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
0
0
Image
General
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
Protocol
H2
Server
204.237.133.247 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

date
Mon, 02 May 2022 12:45:59 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame 9D84
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
42 B
603 B
Image
General
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
frontend-id
5
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
frontend-id
5
location
/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 9D84
95 B
194 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:59 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
7050db6d6b2e9261-FRA
access-control-allow-headers
*
content-length
95
p
a.audrte.com/ Frame 9D84
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4
  • https://a.audrte.com/p
68 B
617 B
Image
General
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
23.22.109.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-109-120.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:45:59 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Mon, 02 May 2022 12:45:59 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
d1ba4609
rtb.gumgum.com/getuid/ Frame 9D84
35 B
209 B
Image
General
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.167.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-167-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:59 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 9D84
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d14c113f-ca15-11ec-9fb5-a51467463951&gdpr=0&gdpr_consent=
1 B
246 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d14c113f-ca15-11ec-9fb5-a51467463951&gdpr=0&gdpr_consent=
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:59 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:725
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d14c113f-ca15-11ec-9fb5-a51467463951&gdpr=0&gdpr_consent=
Date
Mon, 02 May 2022 12:45:59 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
d14c1140-ca15-11ec-9fb5-a51467463951
PugMaster
image6.pubmatic.com/AdServer/ Frame FC92
289 B
518 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=30396571&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e2641261f4a5704478c81fee051991c6527c256f07378393b01b84ec9b577abe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:58 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
289
content-type
text/html; charset=UTF-8
PugMaster
image6.pubmatic.com/AdServer/ Frame F8E5
47 B
167 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=21295854&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:56 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
47
content-type
text/html; charset=UTF-8
Artemis
aud.pubmatic.com/AdServer/ Frame 5F89
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
0
0
Image
General
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
Protocol
H2
Server
204.237.133.247 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

date
Mon, 02 May 2022 12:45:59 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=608B10F9-6255-420B-A2D2-FC2E69A961B4&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame 5F89
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
42 B
603 B
Image
General
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
frontend-id
3
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:57 GMT
frontend-id
11
location
/pubmatic/1/info2?sType=sync&sExtCookieId=608B10F9-6255-420B-A2D2-FC2E69A961B4&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 5F89
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=608B10F9-6255-420B-A2D2-FC2E69A961B4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:59 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
7050db6d9b829261-FRA
access-control-allow-headers
*
content-length
95
p
a.audrte.com/ Frame 5F89
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=608B10F9-6255-420B-A2D2-FC2E69A961B4
  • https://a.audrte.com/p
68 B
617 B
Image
General
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
23.22.109.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-109-120.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Mon, 02 May 2022 12:46:00 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Mon, 02 May 2022 12:45:59 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
d1ba4609
rtb.gumgum.com/getuid/ Frame 5F89
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.167.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-167-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:59 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
141
match.deepintent.com/usersync/ Frame 082F
0
39 B
Document
General
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 02 May 2022 12:45:59 GMT
server
b
Pug
simage2.pubmatic.com/AdServer/ Frame 5485
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
42 B
290 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 02 May 2022 12:45:59 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sv3pug014:0:614

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Mon, 02 May 2022 12:45:58 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lj34o36N1NLvr95&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0ae965e2f8a6b4310@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
usersync
match.bnmla.com/ Frame 29C8
0
114 B
Document
General
Full URL
https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 Chestertown, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
0
Date
Mon, 02 May 2022 12:45:59 GMT
Server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame 46AE
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
1 B
69 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Mon, 02 May 2022 12:45:59 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sv3pug009:0:494

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Mon, 02 May 2022 12:45:59 GMT
expires
Sun, 01 May 2022 12:45:59 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C6CDCCE70F8246B185FE1D2B153F3554
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
Pug
simage2.pubmatic.com/AdServer/ Frame 5F89
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d15b7aa3-ca15-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
1 B
373 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d15b7aa3-ca15-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
Protocol
H2
Server
204.237.133.120 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:45:59 GMT
cache-control
no-store, no-cache, private
x-lat
10:0:901
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d15b7aa3-ca15-11ec-8220-5f16f286a6e8&gdpr=0&gdpr_consent=
Date
Mon, 02 May 2022 12:45:59 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
d15b7aa4-ca15-11ec-8220-5f16f286a6e8
ids
idsync.frontend.weborama.fr/ Frame FC92
Redirect Chain
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
  • https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=608B10F9-6255-420B-A2D2-FC2E69A961B4
0
16 B
Image
General
Full URL
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=608B10F9-6255-420B-A2D2-FC2E69A961B4
Protocol
H3
Server
34.111.131.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.131.111.34.bc.googleusercontent.com
Software
Weborama Collect Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:58 GMT
via
1.1 google
last-modified
Mon, 02 May 2022 12:45:59 GMT
server
Weborama Collect Frontend
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=608B10F9-6255-420B-A2D2-FC2E69A961B4
date
Mon, 02 May 2022 12:45:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
qmap
sync.crwdcntrl.net/ Frame FC92
49 B
279 B
Image
General
Full URL
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=608B10F9-6255-420B-A2D2-FC2E69A961B4&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.222.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-222-239.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 May 2022 12:45:59 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
expires
0
cache-control
no-cache
x-server
10.45.15.143
content-type
image/gif
content-length
49
x-consent
absent
SPug
simage4.pubmatic.com/AdServer/ Frame 9D84
0
128 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:46:00 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
SPug
simage4.pubmatic.com/AdServer/ Frame 5F89
0
48 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:46:01 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=225d2128214efd4cb439b1095d30ca5b
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=225d2128214efd4cb439b1095d30ca5b
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/show_ads.js

Verdicts & Comments Add Verdict or Comment

135 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| 38 object| 39 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ string| GoogleAnalyticsObject function| ga object| dataLayer object| _mN object| _mNSrv function| setup string| _mN_Idf string| _mN_ctrM number| _mN_ctr object| mnjs object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE object| _mNadPrvLog object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| FB object| wp object| twemoji object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| st_go function| linktracker_init object| wpcom object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed function| onYouTubeIframeAPIReady boolean| isPending string| prebid_file function| findCMP_PixFuture function| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

133 Cookies

Domain/Path Name / Value
securityaffairs.co/ Name: session_depth
Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D2
.securityaffairs.co/ Name: _gid
Value: GA1.2.831215178.1651495553
.securityaffairs.co/ Name: _gat
Value: 1
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1651495552.1.0.1651495552.0
.securityaffairs.co/ Name: _ga
Value: GA1.1.735984151.1651495553
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.rubiconproject.com/ Name: khaos
Value: L2OPT9BU-20-6TJR
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB3QOvdR/grza14C1LCtWBX9mfsNIvv6QtrmRNeXP/he0caVwlKC7vuQ5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-05-02T12%3A45%3A54%22%7D
.go.sonobi.com/ Name: HAPLB5A
Value: s5610|Ym/Sh
.adnxs.com/ Name: icu
Value: ChgI3sJXEAoYASABKAEwgqW_kwY4AUABSAEQgqW_kwYYAA..
.adnxs.com/ Name: uuid2
Value: 1783418094771575678
securityaffairs.co/ Name: cto_bidid
Value: sZ5WuV9rc2EwZkVTbFg4U1FJdWFGUTd1T3hKeUM0S1RiaSUyRjYzNHU1VW5zSU94ZDRKYnh3TWZLZmZ3JTJGakF3NEtnQncyY3o4YyUyRjJpaXMwUUklMkI0cUUyeTlsR2ZBJTNEJTNE
securityaffairs.co/ Name: cto_bundle
Value: RX52rV9GTDFxdGt0c29IMTFVcGNHVGxqZFl3SmZTV0NxV0Z6YThEVEN0aG1lQUFjV2k2ZWlodkklMkYxVkJ6Wm4lMkZ5SG83bGgwMkFlQkQxVFpWVk1iUjh2b3dwUzBSUTNKbDExYzFGU1NCRTVoVCUyQkJneXo2QkJFckpCS0JrMSUyQnM1OWZPQ2Vj
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: AK4o9WcCOab6gbaA
.zeotap.com/ Name: zc
Value: 1c296382-82fa-461d-7b1d-19466cc1d151
.zeotap.com/ Name: zsc
Value: %84%FC%A8%81%01%BF%F9%97%8D%ADe%3E%DFteyp%16Oe%A6%12%21%2B%19%C6%F4%8A1%C9%0A%89%F6%7CJ%EA9%C8%5CT%BD%DE%9B%19%EDv%C8%C3%C5B%F0%12%26%CA%15%B1%EA%D3%D2%DE%1D%87%AD%08%C7%28%7F7i%9C%10%22%E1~%1A%B2%D7%60%A1%CC%7D%9D%17%2B%1C%96%A2%E2D%5BEP%E1%0DUS%07o%EDguF%D3%88%DB7%06%EE%D9V%BE.%0A%F9P%05%F0%8E%1EJ%B4%3F%1EZ%02%0DGk%9EYD%A2%0D%5C%D7T%CD%EA%F8%8E%1C%5B%87%0B%A2r%1C%5D_Q%CA%A4X%7Cjg%AC%D9%BDr%FDk%B5%8Cv%C5f
.casalemedia.com/ Name: CMID
Value: Ym-SgrHXjm.VFp-THVFdOgAA
.casalemedia.com/ Name: CMPS
Value: 5183
.casalemedia.com/ Name: CMPRO
Value: 1121
.agkn.com/ Name: ab
Value: 0001%3AmjUmHlEeUA6H2bZQAQtPD%2BUAgj56w58e
.richaudience.com/ Name: avcid-zeo-uid
Value: 1c296382-82fa-461d-7b1d-19466cc1d151
.tapad.com/ Name: TapAd_TS
Value: 1651495554795
.tapad.com/ Name: TapAd_DID
Value: f396b4f3-51ad-4547-9516-f2ad9a15194c
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.adfarm1.adition.com/ Name: UserID1
Value: 7093119393942796438
.weborama.fr/ Name: AFFICHE_W
Value: 4pVPE7OPHMbi59
.doubleclick.net/ Name: IDE
Value: AHWqTUmToB1DyrisF3WlDPaSazRLVuzywbOwst4c4ykOyuOokifx4yehdmJRZzE9Cdc
.demdex.net/ Name: demdex
Value: 87933219208043071631663835005271550173
.dpm.demdex.net/ Name: dpm
Value: 87933219208043071631663835005271550173
.tidaltv.com/ Name: tidal_ttid
Value: e7557d5b-efda-4cd2-98bb-6067687dc172
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 608B10F9-6255-420B-A2D2-FC2E69A961B4
.mathtag.com/ Name: uuid
Value: 91ac626f-d283-4600-b3fa-2e612d8fdf77
.theadex.com/ Name: axd
Value: 4293028820329263788
.theadex.com/ Name: tis_ZgL
Value: ZgLeAqwx
.krxd.net/ Name: _kuid_
Value: O0DQHRh3
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.adform.net/ Name: C
Value: 1
.fwmrm.net/ Name: _uid
Value: "a125_7093119398214527963"
beacon.lynx.cognitivlabs.com/ Name: UID
Value: c796c5c5-08f2-4f3c-8ba6-16af90fd412e
beacon.lynx.cognitivlabs.com/ Name: ss
Value: 1lsaXW0Rob%2BFJxch2elbnKi4CNGNyZ8VKmvEowr0OjuM6I8IKOHK8oMRctZ6bQ2P0qHS7Q1Dx2rLpvkw6j1L1g%3D%3D
.de17a.com/ Name: guid2
Value: 1.7970472423113245867
.yahoo.com/ Name: A3
Value: d=AQABBIPSb2ICEJiAn8reHIxb9tt_fO_BbNgFEgEBAQEkcWJ5YgAAAAAA_eMAAA&S=AQAAAl0uKTdxHsDDTW2keDwGoto
.adform.net/ Name: uid
Value: 3935973953595647647
.quantserve.com/ Name: d
Value: EOMBCwGFJvijAA
.quantserve.com/ Name: mc
Value: 626fd283-3bf3a-00249-e72e9
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Ym-SgwAMyeLBGgA-
.simpli.fi/ Name: suid
Value: C6CDCCE70F8246B185FE1D2B153F3554
.onaudience.com/ Name: done_redirects161
Value: 1
.adsby.bidtheatre.com/ Name: __kuid
Value: 03140866-f51c-446d-a756-5bef95e81a5d.420709555
.casalemedia.com/ Name: CMST
Value: Ym-SgmJv0oMA
.onaudience.com/ Name: cookie
Value: da9e636b1aa00185
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&8f35751e-5bbc-46ab-84ee-32fb9cca64d6"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTE0OTU1NTU7MjswMjGe7H/M03b2K/AWLeZNGjwLhlpEi630cpzGhr4ZLyH8LA==
.linkedin.com/ Name: lidc
Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2336:u=1:x=1:i=1651495555:t=1651581955:v=2:sig=AQE9YRJIcXnKGLyaImZcW9OSIpw6qA5s"
.bidr.io/ Name: bito
Value: AAD2p07E36UAAD0fWMY9Kg
.bidr.io/ Name: bitoIsSecure
Value: ok
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQUs0bzlXY0NPYWI2Z2JhQSIsImV4cGlyZXMiOiIyMDIyLTA1LTE2VDEyOjQ1OjU1LjMwOTg0NzEwNloifX0sImJkYXkiOiIyMDIyLTA1LTAyVDEyOjQ1OjU1LjMwOTg0MDAxNloifQ==
.turn.com/ Name: uid
Value: 8138885220535409139
.onaudience.com/ Name: done_redirects104
Value: 1
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.bidswitch.net/ Name: tuuid
Value: aa3f86bd-162c-40a3-b993-b78e863ff485
.bidswitch.net/ Name: c
Value: 1651495555
.bidswitch.net/ Name: tuuid_lu
Value: 1651495555
.amazon-adsystem.com/ Name: ad-id
Value: A78pCM77SELktweDuaAVm_Q
ads.playground.xyz/ Name: connect.sid
Value: s%3AxcYjLuebj6c5g8ijcGX-9FWTmeG1wkt7.g4HCHoIPRzdOu7F448ZywyZ79SC%2BaB0jDk2z3lDm4ug
.onaudience.com/ Name: done_redirects162
Value: 1
.securityaffairs.co/ Name: __gads
Value: ID=7353ac537e94ec95-2214bef788cd00eb:T=1651495555:RT=1651495555:S=ALNI_MaOW1hRsQDPbSyYzqnkIgJ9XwkOSQ
.eyeota.net/ Name: SERVERID
Value: 23917~DM
.tribalfusion.com/ Name: ANON_ID
Value: aHnseFolXVjQuWx7J3gJT8CDrOtALDs7ZausSviUr2S5FnqPVBnmZad3XNPoQoDHIcgrZblZbgVvIyOfvbFBfV8S
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-d5a22345-2157-4b74-7e16-09967f118b1d.rQyouA3l%2FwDwPH87lumD1BwuwBcaEOeDQLqraeO4DmA
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A1aIjRSFXS3R-FgmWfxGLHVFfBSw.crtVi0SRO5eGpP%2Ff0A%2BfoVruG1Vr%2FTiXV506BWnbRes
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0NjQwNzc3MjQ2MDAyMTAyNBHiM9RNiczODIwMDbRINsyX4jU0MzU0sTQFAUtLAFyhgZA0AAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFvFwmtoZmpoYmkKApaWABEDHQsQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0NjQwNzc3MjQ2MDAyMTAyNBHiM9RNiczODIwMDbRINswHAJNh5aMlAAAA
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-Ecv7Kmx8QgRnUYUhbggaabSV
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEC64OCEK-U1_HfkqrvbEUoI&KRTB&16514-CAESEC64OCEK-U1_HfkqrvbEUoI&KRTB&23025-CAESEC64OCEK-U1_HfkqrvbEUoI
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-1783418094771575678&KRTB&23339-1783418094771575678
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ&KRTB&19420-fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ&KRTB&22979-fK4QfS6uHihnr0R9ef0LK3quEiJn-REpL6U_memZ
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-7970472423113245867
.adnxs.com/ Name: anj
Value: dTM7k!M4.FCxrEQF']wIg2HaNqNJC@!EKyQ#xY4Z6+55$[L*Uq74^]16e_LP0VOXo7-jL<V%K>sLY`gFEA-[_3EWoa=sJSA.gLHHXs6>J#2CcI
.casalemedia.com/ Name: CMRUM3
Value: 11626fd28205a0&27626fd2820b40&e6626fd2822760&2d626fd2832760CAESEOlDdGL3M__Ll-EuXZds-aw&be626fd28205a0&f1626fd28205a0&08626fd2832760c796c5c5-08f2-4f3c-8ba6-16af90fd412e
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-OPTOUT&KRTB&17107-OPTOUT
.pubmatic.com/ Name: PUBMDCID
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-Ym-SgwAMyeLBGgA-&KRTB&22978-Ym-SgwAMyeLBGgA-&KRTB&23194-Ym-SgwAMyeLBGgA-&KRTB&23209-Ym-SgwAMyeLBGgA-
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7093119393942796438
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-1aIjRSFXS3R-FgmWfxGLHVFfBSw
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-3935973953595647647&KRTB&23263-3935973953595647647
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&KRTB&16736-uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&KRTB&23019-uid:91ac626f-d283-4600-b3fa-2e612d8fdf77&KRTB&23208-uid:91ac626f-d283-4600-b3fa-2e612d8fdf77
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-8138885220535409139
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-aa3f86bd-162c-40a3-b993-b78e863ff485
.advertising.com/ Name: APID
Value: UPcf6db481-ca15-11ec-bf51-062731e89e6e
.spotxchange.com/ Name: audience
Value: cf705a68-ca15-11ec-bc03-10ffbde80206
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~24no:1762~24no"
.lijit.com/ Name: ljt_reader
Value: 21c5a7800d7c22f06df421af
.tidaltv.com/ Name: sync-his
Value: H4sIAAAAAAAAADM0NjQwtTI0stA1tDACACik3jkNAAAA
.3lift.com/ Name: tluid
Value: 3324887792856786626183
.audrte.com/ Name: arcki2_ddp
Value: CAESEFW9dEeFsVYOyS_b3tpNTVA!20210804!1651495556684
.media.net/ Name: visitor-id
Value: 2944971568174039000V10
.media.net/ Name: data-g
Value: CAESEBcVfyXQbyHYld1LGZbg7WM~~3
.audrte.com/ Name: arcki2_adform
Value: 3935973953595647647!20210804!1651495556787
.audrte.com/ Name: arcki2_TTT
Value: 1651495556789!a8hQmbesbugR7mhNyuiZLCUjg!H4sIAAAAAAAAACWWS45tJwxFB0MbyWADdjONNKIoaURvAnznP4S3TqWkqjr3igNme3/sRUqozVzqmtnEap7nPJ5Ku8fMh9wk/VY9c+dTb2R9rIxaZl6h+zQ99ZWVRncr/nb2ey3rHi+HzZnna+/GiDrrTGVJfc12rjZXtltOjvsk2+lPy35tvUjlWW319Mwaalo9svN2Xn1Fvd5tlEir11LilNx3tGw9Xp6tODXdPQ5lvVfS8DVvWMmi82TVVyhHWvb1ntsbI85IZs9bLzfXUdlpv5pDruZ+zWrRpl0jdbvvHJ25ttuyNgpzLp/Vn+/oPKqk6fssb56vABaFt7y891ylNi+ULdqTmJVh2vKJxk6HJ4+4OZq1eHPZiUh7tFKlvfzO2lnv4Li+JHfnEs9WAZTUd3+3+6VZAVjVGhA8y/ZqK7uIrGmp33uq1ZGbx8nWlufYZ1C9yl1Xjqyd6vaY5VDTOrTFDuX0tfIatnvAivJaan4KjbY8XDnzcmaURQOqUOSewNgTRcqspeX4WUTr82o6ctEpfuLobjvBk+t6du4xLrcTqCImeb2+iy1AtwoL5r3SNO9XCg2eAkRVMxRd0pvcO0aipFV09fxCWPTuAoJWMxDf8dq+GprmK3SH63TlYtxFczzemTC3VRmnzp1uPXuOr7es4k9lpz7ax5e36x56zkw3isB2y3MqOI9J7wqFTynzrDvEPdIspYPFyLG8IoSGBnzTQJFQcJgIKM091uiTnepHOntQZe2Vn+roOjZNu+lCMw1IfXRw3L3sdPYDArXRFDTqo3fFz+GQjVq5XSAUd0gTy7j/k2klXRkD9vZ8b50faQtg6sql1Fv6Rgcsao4yi1teqg4zXfMqxzKSPX3VJqorvd3q7KYZewBnvs5rN8k3ZBkUqbZasmMOt0qu9dPdkY4uY+ZR6Iv43qeWNG2sLRq0ZSs7YUKzt5UrFLFT4HmNNL5aBh2NqdiEgdgKwGz9xDbHlt5LQ85bBpWwLsGf7qBto7JTQf6rhpsn9BtI6/F+GzCT3kyJTW+eekiF65IQ4bgXXV+dmOBpHOfItLlUQTazjJZ2Xz7roOa+kfmpVDdWZE6waw7kHKemvT0uvmHPt+gA64J+0avfmNjdSy9KwJzPazoNBmTaAk51mMNlX/wkk9Yunaam1z9jBkxHYXpnv+oTB0DBDfbV/jG3czvjnn6E6rt0X7VCK01s5G9xezknoAo+HD5G3qXOmAddzY6J+dyV43r4Z2LUNKd8anhyppl4rNSVl58jyQlfcO+V/TV8urf7ivThZSe5bcwBgV5wiGF6sJ1+r+DfKrXrvGlzvc2HrANX0s8Yo1LdKq0aoQOIJ73GNgFf+8KYrenO68uGQiO+G8YqA2Yq/LOFdaFbDWLBu898bTZCYmG+J2FL7ZX2+Tg42oZ5LlO/bEBROEbVCZ963K9jMedXE1SK3smW18TY8u7maYN2VBv5fVGo5fbv4EPvWgvHFhyO770UiDW/zw5xusB6REhbn2C5yIud/D6kXz1XgPk/7yYF5DJZNpRwUlJqaxeMHd1NZD4ni+oouT0lFUdpQryiu6sNxLtBSl3wjfue/DaKrUE+3peOHe/ono4Rn2CGNRn0Wwe3JB+eP0nwj42L5iNfPA9HN0K/EUfbz3pf4ERKkiz04cyBYWwEvwJb30cGXn0e5yGpfdsG7Ff1i9fyLcKpBOM59sjwKMn3rQXMQBwcND5jHFj0GrHG6NfpLXY4O+VYvp9F256f7nDHvtcqF6aJvfSj1FdgLqKHVJvIB+qMnB54tChMGJseWsNrPu7QO3SFp/HRa90aVcfT9Ne///zx399//spGVNJWlpa0/JaJuWCKxptCm4jMnttsRMTA4NpLgVeKk7T8og5tPzWwUsIrJCFEhXzrgle8H1PEktHuDBz+vHqsHZcTku6efR6sqsX6FE8MeMOe4o0nQ8vEmZO6bC9BcOtnAAFT/YORAO0yx8ArPTGm0CUhP/dn7vG5SCfxyU38uXRCpCWPIZPZKN/zOdtnpPGNfMTaYK7qSNaTsel91GRfpto3qEVlOcB43fAHW0rjPsVXIcz7IKi1sAkjoVcv94gyMnzRNcYSvr3fSGgByYCuZ5G7scB61yYEcSZYg31iOtTEADI/q9kME8yos9UYxOkO78qwUGt8ikVnh9kD5zz4Cx0s8GfNdi7BrDtwkYAkcb9prVhvZzBZfvY35yaqJDMMfr7NmDrPrVmYxOyhj5+kJJQxwm8sEZjo8GcZCcBIWhmelCJOYqqwNTgEBWN/DFpEPFlQoVLbpA7d/A3h3bOkfwsAAA==
.sportradarserving.com/ Name: zuuid
Value: a0745daf-a182-4de4-9b85-e78482b0b499
.sportradarserving.com/ Name: c
Value: 1651495556
.sportradarserving.com/ Name: zuuid_lu
Value: 1651495556
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1651495556
.inmobi.com/ Name: idsp_c
Value: 956849ea-bdee-45d0-86c5-1989217a23fa
.pubmatic.com/ Name: SPugT
Value: 1651495556
.pubmatic.com/ Name: SyncRTB3
Value: 1652659200%3A166_220_3_161_54_222_231_21_99_5_7_55_13_165_204_8_234_238_56_104_233_22_243_189_57_71_81_176_88%7C1652313600%3A63%7C1656633600%3A69%7C1652745600%3A35%7C1652054400%3A2_15_223%7C1654041600%3A203
.pubmatic.com/ Name: pi
Value: 158127:4
.pubmatic.com/ Name: DPSync3
Value: 1651536000%3A174%7C1652659200%3A219_241_221_226_235_197_245_227_201
.ads.pubmatic.com/ Name: KCCH
Value: YES
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 4
.ads.pubmatic.com/ Name: pubsyncexp
Value: 1651517158565
.fiftyt.com/ Name: cs
Value: MTY1MTQ5NTU1OXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fBrm8uqac3zlo4q8Lk9NsCfbkYIAYqQodXrg1YFQTqS2
.w55c.net/ Name: wfivefivec
Value: lj34o36N1NLvr95
.w55c.net/ Name: matchpubmatic
Value: 5
.fiftyt.com/ Name: fppm
Value: 20220502124559
.fiftyt.com/ Name: fifid
Value: 64170cb6-b824-4269-5d13-3c4f85021479
.audrte.com/ Name: arcki2_pubmatic
Value: 608B10F9-6255-420B-A2D2-FC2E69A961B4!20210804!1651495559345
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:lj34o36N1NLvr95
.pubmatic.com/ Name: PugT
Value: 1651495559
.semasio.net/ Name: SEUNCY
Value: 31889FC5778BE2E0
.ipredictive.com/ Name: cu
Value: d15b7aa3-ca15-11ec-8220-5f16f286a6e8|1651495559720
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-d15b7aa3-ca15-11ec-8220-5f16f286a6e8&KRTB&23011-d15b7aa3-ca15-11ec-8220-5f16f286a6e8&KRTB&23355-d15b7aa3-ca15-11ec-8220-5f16f286a6e8
.audrte.com/ Name: arcki2
Value: a8hQmbesbugR7mhNyuiZLCUjg!20210804!1651495560104

11 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html(Line 324)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html(Line 325)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html(Line 326)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html(Line 327)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
javascript error URL: https://securityaffairs.co/wordpress/130739/cyber-crime/emotet-operators-test-new-techniques.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://tags.bluekai.com/site/87734?id=1c296382-82fa-461d-7b1d-19466cc1d151&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=1c296382-82fa-461d-7b1d-19466cc1d151&reqId=ef7a99a4-f32a-4cc6-7043-30be2970b83d&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.sportradarserving.com
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads.yieldmo.com
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
aud.pubmatic.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c.eu1.dyntrk.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
contextual.media.net
core.iprom.net
cr.frontend.weborama.fr
cs.media.net
csync.loopme.me
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loada.exelator.com
loadeu.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.taboola.com
matching.truffle.bid
maxcdn.bootstrapcdn.com
mug.criteo.com
mweb.ck.inmobi.com
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.onaudience.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.ads.linkedin.com
r.turn.com
res-a.akamaihd.net
rtb.gumgum.com
rtb.openx.net
s.amazon-adsystem.com
s.e-planning.net
s.tribalfusion.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.richaudience.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.teads.tv
sync.tidaltv.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
visitor.fiftyt.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
api.rlcdn.com
fonts.googleapis.com
pagead2.googlesyndication.com
104.102.28.239
104.102.28.254
104.17.120.107
104.45.178.220
104.89.28.165
104.89.42.102
104.92.74.8
138.201.8.249
141.94.170.77
141.95.171.142
142.250.185.194
142.250.185.66
142.251.36.66
143.204.98.21
151.1.205.165
151.101.129.44
151.101.66.49
157.245.94.128
159.65.196.12
169.197.150.8
169.50.137.184
178.162.133.149
178.162.133.150
178.250.0.163
178.250.2.146
18.156.0.31
18.195.0.245
18.198.126.47
18.204.146.207
18.66.97.109
185.15.245.80
185.183.112.148
185.33.221.11
185.33.221.53
185.64.190.80
185.86.137.108
185.86.138.16
185.94.180.126
192.0.76.3
192.0.77.2
193.0.160.129
195.5.165.20
198.47.127.19
198.47.127.20
2001:678:cb4:bbbb::11
2001:8d8:100f:f000::289
204.237.133.116
204.237.133.120
204.237.133.247
205.234.175.175
212.82.100.182
213.155.156.180
213.19.147.44
23.205.235.133
23.22.109.120
23.35.228.210
23.35.228.23
23.35.236.247
23.88.75.186
2600:9000:2057:9600:c:abe:f440:93a1
2600:9000:2156:ae00:3:c04e:c780:93a1
2602:803:c004:200::143
2606:4700:10::6816:1957
2606:4700:20::681a:b9c
2606:4700:4400::6812:230b
2606:4700::6812:bcf
2607:ae80:5::49
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:22::14
2a00:1450:4001:801::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:810::2002
2a00:1450:4001:813::200e
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a02:2638::1c
2a02:fa8:8806:20::2040
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:200::300
2a04:fa87:fffe::c000:4902
2a05:d018:24:b001:736:16ab:a44d:3496
2a05:d018:d29:3601:ceb4:b945:274f:b273
3.120.46.173
3.124.22.198
3.127.106.234
3.127.178.105
34.102.253.54
34.107.148.139
34.111.129.221
34.111.131.239
34.149.20.76
34.249.222.239
34.98.64.218
35.157.246.167
35.157.46.192
35.158.225.181
35.173.74.115
35.201.96.126
35.227.248.159
35.227.252.103
35.244.174.68
37.157.5.142
38.27.122.158
46.249.52.248
46.249.52.249
5.161.47.120
5.178.65.253
51.15.145.116
51.178.20.139
51.195.5.234
51.210.112.63
51.89.9.251
52.17.114.133
52.19.103.233
52.223.40.198
52.28.226.141
52.29.249.60
52.46.130.91
52.94.223.37
54.225.138.85
54.229.167.98
54.234.215.67
54.76.15.137
54.76.86.86
54.78.125.222
64.74.236.255
66.155.71.149
66.155.71.150
67.202.105.21
68.183.31.14
69.173.144.138
69.173.144.165
72.251.241.206
72.251.249.9
74.121.143.245
76.223.111.18
77.243.60.138
85.114.159.118
92.123.224.108
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
01f28a637db2f1f18e444d18fc3b7a9449b4fdf89f6808aeb6c1c9763be5c6d6
021c7c06257349b394a1685e80711ff965d06d8e47ed5a4a829acb7fab4ed9fc
027279286c6ec7f8189b0fb49d9eaa06dc483120f09710ce240571221f85790b
037eb88de36a2f41d388f15cf6df810451c0c05a62454e989e1545d72b6b7210
03db6100f177b8f6227cdb665be487e65b772ac51d7613b5fc3b41d8f75f4715
041d0030f762791ed6783e648082f64426c03a3cc9a3ace7b6808cea57b2e581
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
079812fb83b44e742139694b85f120d6a0a3ee2b41eb3e32cbac68ff80d72c17
07b73fef44aa5b46ad1c04e15f5ac4b5f98508ed9d0d2048d4dd006fafaeca2b
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0cf72ecd5c93398efc9866c99c06bbdcbd021f3ac7592728d970be2a587afe88
0d4048f05cfbe0ec2df0a0c85417d9ec96de70a8d8b12872ba333bd5219ceda7
0e3acaace5bfdd10b40e45ea6111c8d148bce299e0519ae3e00a1b38d4af9659
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0f693c38c60785edddf29028ada03a3f22265e548da4dfeb08a46a6772d09cbb
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
11cd8c3f59b7fe36ac22255e2ddd8cbddeb7667344b5d49d54563fcd85abc546
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12c89195053b32c8e6577a5049ef4b5f6aa0a3f38cc0b87a745dd5fb6d9959cc
138afbeda764a9866782ed50b1586ace79a6a8b06c5159419671a18aa611d36f
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
140c06334e4ccc9d224319ed366201180a6c1f525cf4e958ed4de5d7660added
1414f028670029febfc969d1b5ff193e6d1a670f3c3f100f3fb44eae327e8a87
14462c88d03d0d5dae4d1014ea370b9591dce5c273140fde8afa91f28c622bb8
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
19677a85827a066ff7a9fb94c2b7b7ef5b622ab90b43324e683af4a7ca858d08
1973bb0e810b8f54792d7ea56c03749f6792541876847b085f58d64fb7adfc07
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1adae561b17dcef78043fd7fcc0d8e01ac56963b2b5a162cdff69d34463c4740
1c79dc210f80d435fe9770fe4f1ee51ebdbf95739d2cfdb192891bbebc0f6e0f
1f81479b9ff928b0be2275ec290f76762d46db26f9c35969e68c419a4057943b
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
2062009d7238beb2615145261705d49c8424517d357f437be0eec8468686b8b8
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
24da0eff77d1376a2ee38876356abc5c06f92ebbfe472bfb98d917258a1c8938
2710e2a787684bf15ed427077dc932a4949c55ca801fd4ca332aa0dc9cbbf95d
28158e665605376a8ae3e6a546e757953fd8bfeae5d60ba993162629c10ed384
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c115b4e839413a0d7fc63df34311120c5431cd695ecd5cfb190556494d4dc71
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f0bb8350afd1e6af98bf0b5cfc6e077bc4252c5768efd79e73d7cfb1a5bbd86
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30e44b945235fcd2d0c4b99df1f5716098d122155ed312f82c4ba0144fc2ddbb
3191e9fb6e972eb75ac4c29e708d461e939a7a30b6cde1723a16ca8904490d7b
31c569d868268829ebaa21b3f4ce8a1a2e18dcfe8f6e66be63d89c3837234d9b
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
3286acdd1028ded7e69051306ea25c7ea0708f3db1bdc4d5889ca1f9e8763f9e
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3328beeff094245f649a189b6f989a7839d25e6724360daaf69cebf2b1e7b4a0
3483723575438de69ab9e861b7d03c8e9b74e1db246eccbc173a9a30afe56fd4
361a259206a09d754380c40ce56eab72b3c8c24fa15cce75575ac150d8f65578
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3a1a8c5bf5d6a14e99d24eaea5aaa2143b69a73d33f19862fbdf83c70be409d2
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d99baafc2c436bed258501d27ba7c135b5bc57aa7619e0f0a1cbe3fa060ba61
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
430b4ca1c22aaa4fe9657ee42d3396a150f409d9624a0d18665e152aa09ca236
43c9311ada7b7ae6fc857cd58e37f25b56653ba28185de2f505ebda5eb965510
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
4529ee8d8b3f45a695c0213ba3dfefb8e6259b6d86d8a8ba51e195ed92b54187
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
4651534e586ec35cafa0c654f782671b5e3478709aefa7b54700bf6ad58c2ba0
46630edfeeb815edea51c1bb0cbdb1ef1eaffd783dd176b4313e65a2aced341c
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4aeb829e435e8fe202c348e01b0a48052c030522d82dd49ab3b4d1160a7fdce5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53270b71935310d01091c385fb610d324d59e3cb15354e98762445f658cb64bb
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f
53e346f7b238ea0ffd8bf014265f8dedecc700b3df87b7e1496eb6f7834e39fb
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
54b2cb5b05581281dd33ba1aec21d5cb1b149b03ab55d267547a3c745900a208
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a5a8fbe049af1fec5633ed79eb182bb20c17df0e3c7b09044aa9a7ea74dc8f6
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
6003b8d63fd5e4fda897a9833bb4e006311fe2407b386fd84e5daa57753e762e
6071f4e4c890545ad0f59302890def2aebb273acd131ed7ec434b26dfebad1e2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6384fc1e61784855178f1d51ae4a1d8449c2269b1e6f8554d6ef3aa2fd7bbf1d
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
67289e231e0f7e5160b64d6761481954fbd89cc2f3cd3bf469fca94d7b4d6c87
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cf6b164daeac39893218993ecee1b0d54859977c2a3f622c59aa1fa038cafd5
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6e58672fb432f27ff41b67aff065dbcbfcf2c43ce6a98fa128bdb8a83b5e8055
6fb04390ab66cc6dc4f243b36a4388c82bfd1edca36d014fd10c6c11e20d8d7d
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
748e230e7d5855a387ef9a5aaefbc6a73085f1c1e3bd2ecb65f33ec4df8db417
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
7793c3da957b0a05dc720efbebff2d21cde700fdf009a2f78b1747450c0c6b6f
78f289018bca1b13f8236997068d4df4cdd3a72d2fccc4651ba2bb5fe0c3e1ca
7b1561b99b8fd52fada048d453ed90f8efdcde805d41c5420c23812def24dcfe
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
7c02484a3175e91c86edcf5fd84acb569572e347c66fdf96f4753c6e96a86641
7c3171ff57ba80d27cb237c78e706e174ea01288df7cf6285ea55b9a9ce64bae
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83417ce3b0da990df59126bb7bcf68d22158bf5778ac605d4cfe17f8c455019d
84df3475fdbee3373ede344a0ff931ef8038c0c574fd90c97dc9a1c04fa6d632
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b2c25ce6ebcb3c91b0271008eb50583176d4a77f30c6d7d552b770bd3d23895
8b9d4bc69f45474e0b789ab2cb1b80afbf15cf4ef5f0c65ecd2b889bfc7545c8
8b9dd395c2031b8770af3f6ab4701c57142a82b9f57f4d9e5b56a99d8c935826
8c106f968e6dae4cc1049fd8205860cbd57eba3b59803c5688a1f417b57d9b65
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8feae31487f143edd26796d6a8a3d66d26c78cceaffd5ce630850d1426f03c47
8ff1aeddc9c7aa43f8d42890ddbfbde8d14fbb518a5f7adb726c27a5dc060000
900ee1ce380f79145f6a899d3a238d2e478f21453317a926b0824df93c33966e
9363888aa93dd0c7f301af6f822f44d9ee6179e21db2b58cf63d945b5fefabc3
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
97be370c4064459ef2cb7846a2e3b97d470d5cd5f51521fdee735660f45222ec
983e6bf2668db486d1e2543b75926444a1bf4e3bf4cdad517b41360ac7d74277
985fd507807f6d3951b1d8d4180f7f79fecb63216d624993a2e7cff42245cccd
987994bcfb57a1a039584465fc9573980c20877f228b1efcf227f50ffc55e657
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c6a67af4ddd7f2f75176e7d567004fc726ab42e0f8393a970184e97c36dc066
9db128fb434e943a524c45954939a986091362f7619383f46224f1e3f3ec0048
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a150a10b2f776e9ddbdf7c6e8e4da2c8fc6adcb203f9063884eca835db32a8dc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a3fcc0905115e4dac559bd970a39935c6a62f5a3d55036f0a8ea752da6b750fc
a4555b9e12b099a95e7c489a85e25f436723ddd9589fd2537888a6afe7c18754
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a64ffc3335bfec1a296b166a280c0c1cb1e9cf1b3075d0af8f1d1ef1d02d9547
a811225206e0fb1ab4910cf5a511535cc571c711f6f0da3108baed7009acbde1
a8b411acfdde1ff190ca897323d49b9121de73b66dbeb30bf22ef014f0644fde
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
acf3471f8d6bcd0ccc155b58910d0dc86123bdbabe3071ebc46e0f4405e05fb9
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b41322e0e5089783deb202f04293115865f3c0fb08c57d7ab47d1875284c1129
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7c6ca90e908363ec46bf60890e3e132d483d7bf041b0959d39cbe75019ad1d2
b807de09f266b5de07a67aed880f9d203de45a734340dd624834d0d9de4e201b
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba2357e5bb7386b4cab051dd8128f99fde703f8a45825a1bd4b4bc7d3a6cadd6
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bad563ad601410593004428dd0a47d07964db2aa62712afca6633e5d0b8b6196
bbc3ed0c2b8bd0c4f1c9e86754cec491d04cf23f7ec57aa1ec05822a33bfe792
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
c1eeaadd08ab6cb5b7079483bc9e25bdee84177c5140bcf63123659f06b4a4fb
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c25568770c17d6ae6b5163a6c5bd581607615902df7ba19548a04db76792bfa8
c3cc898cfbb6f8e8f6789ba3a35c2ee24397a3d829d6a931d2ba85984f47f33f
c5216d8d82c0c227f6efb8d924f603fe922e2608740205873d74c8d3e0f3e0c9
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c938e918b826c6448940186b9e9423ca3482c4f0a00d8ccb30d7c85b99d25647
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d07dbc681ac2342a57f5deb8149cfc1aa0dc75de6b0580c85b003d636ecef0d1
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d11d86a9fb8a6eb351f3dc837adf24e74de3f457660fd0e56f56359ca30dd2db
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d60372805f90092f1f0bc6c94ee31ac355bf29064d971faff3f392d037cc32a4
d923ee78c830ba61f65748ff977f348a9b8160f36f05c922b6431428ed693d22
d941799a1897b188046f428413d02a6bb6f38f8309fd29f2f46b75f58eb3b3c7
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
d9fee4dab2ec131f16a57d9e9e72d2cb469626607c24f19f931008a52c71e385
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e2641261f4a5704478c81fee051991c6527c256f07378393b01b84ec9b577abe
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e2fdd62d9ae7fd0d59cab3f62ed46932868da38301f25d447bb1e35cb74dc0f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
ebd72bfc28397f0ce35395adece048cdefc3e53322f901fd9e7de19976d44dd4
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ed2af13f96bfc49da457ae1378827ab0c1b26557ea5ffa4c253f66fdf796ca24
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efc39234f7e38920e29088dcf4fc6754da829b76f6bc83334bc79d5f82b2933f
f033f680faade0fee749071910078602f26ca3ecde263154007d668e4bd23e03
f06f0c46b31497a3bb7c4b51fcd1f246df7af7d3bb5aef9bcf9f5155f67611ef
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f12c6133a12eead81c368fe146cb489bdb7331b5e3b5ceb9ea52eac1e3feb815
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6ad9149a2b57c72b8cad43d5d1b6191728f99c7a2e0efe777209514f8630617
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b
f80b1190aac6184fef6d24944ce9d30c89cfa34f20b0b5cf8a11454cced84d12
f88a9b1762e6d3aed3c70e6e7bd510c19d38a0f6e92c846ea5b449da5f9def64
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb