urlscan.io logo urlscan.io
SecurityTrails logo

thehackernews.com Open in urlscan Pro
2606:4700:20::ac43:4615  Public Scan

Go To Rescan Add Verdict Report
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Submission: On June 28 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 74 IPs in 10 countries across 68 domains to perform 302 HTTP transactions. The main IP is 2606:4700:20::ac43:4615, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com. The Cisco Umbrella rank of the primary domain is 178901.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 1st 2022. Valid for: a year.
This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2606:4700:20:... 13335 (CLOUDFLAR...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
26 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (STACKPATH...)
21 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
9 142.250.184.226 15169 (GOOGLE)
4 65.9.71.118 16509 (AMAZON-02)
5 23.97.225.52 8075 (MICROSOFT...)
2 2620:116:800d... 16509 (AMAZON-02)
2 4 2a02:2638:1::13 44788 (ASN-CRITE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 178.250.2.146 44788 (ASN-CRITE...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
5 10 185.33.221.87 29990 (ASN-APPNEX)
1 34.254.13.191 16509 (AMAZON-02)
1 185.64.189.112 62713 (AS-PUBMATIC)
1 2.18.232.7 16625 (AKAMAI-AS)
4 35.156.141.29 16509 (AMAZON-02)
12 52.210.150.207 16509 (AMAZON-02)
4 51.89.9.251 16276 (OVH)
1 178.250.0.165 44788 (ASN-CRITE...)
2 4 216.52.2.48 30282 (AS-INAPCD...)
1 34.107.148.139 15169 (GOOGLE)
1 2 147.75.85.234 54825 (PACKET)
1 3 34.98.64.218 15169 (GOOGLE)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 18.192.170.39 16509 (AMAZON-02)
1 2602:803:c003... 26667 (RUBICONPR...)
1 2600:9000:206... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
26 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.99 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 6 2a00:1450:400... 15169 (GOOGLE)
8 20 142.250.186.162 15169 (GOOGLE)
2 6 104.18.19.126 13335 (CLOUDFLAR...)
26 2a00:1450:400... 15169 (GOOGLE)
3 3 52.59.94.57 16509 (AMAZON-02)
5 5 18.197.223.14 16509 (AMAZON-02)
2 2 193.0.160.128 54312 (ROCKETFUEL)
7 10 69.173.144.138 26667 (RUBICONPR...)
3 3 52.16.238.87 16509 (AMAZON-02)
1 3 185.86.139.101 201081 (SMARTADSE...)
5 6 18.156.0.31 16509 (AMAZON-02)
2 142.250.185.98 15169 (GOOGLE)
2 2a02:2638::3 44788 (ASN-CRITE...)
7 52.223.40.198 16509 (AMAZON-02)
4 23.35.236.201 16625 (AKAMAI-AS)
1 23.35.236.188 16625 (AKAMAI-AS)
1 2.18.235.93 16625 (AKAMAI-AS)
2 18.64.119.56 16509 (AMAZON-02)
1 2620:1ec:49::45 8075 (MICROSOFT...)
4 23.205.235.133 16625 (AKAMAI-AS)
1 34.252.251.45 16509 (AMAZON-02)
1 104.18.18.126 13335 (CLOUDFLAR...)
1 1 72.251.249.14 29791 (VOXEL-DOT...)
1 1 54.226.216.14 14618 (AMAZON-AES)
4 4 213.19.147.45 3356 (LEVEL3)
1 1 52.0.133.126 14618 (AMAZON-AES)
4 7 209.54.180.3 16509 (AMAZON-02)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 2620:1ec:22::14 8068 (MICROSOFT...)
2 35.244.174.68 15169 (GOOGLE)
2 3 52.94.220.185 16509 (AMAZON-02)
1 104.36.113.23 62713 (AS-PUBMATIC)
2 3 37.157.5.142 198622 (ADFORM)
1 4 185.86.139.115 201081 (SMARTADSE...)
1 1 178.250.0.163 44788 (ASN-CRITE...)
1 2 185.33.221.89 29990 (ASN-APPNEX)
2 2 2001:678:cb4:... 56396 (AMOBEE)
1 3 2a05:d018:d29... 16509 (AMAZON-02)
1 16 34.247.233.198 16509 (AMAZON-02)
2 2 52.28.125.64 16509 (AMAZON-02)
3 4 64.202.112.31 22075 (AS-OUTBRAIN)
1 1 35.244.159.8 15169 (GOOGLE)
1 1 34.196.179.83 14618 (AMAZON-AES)
2 2 34.233.85.84 14618 (AMAZON-AES)
1 1 150.136.25.38 31898 (ORACLE-BM...)
1 169.197.150.7 398989 (DEEPINTENT)
2 2 64.202.112.255 22075 (AS-OUTBRAIN)
1 1 69.192.160.219 16625 (AKAMAI-AS)
2 2 198.148.27.140 ()
3 3 103.229.206.241 30419 (MEDIAMATH...)
3 3 151.101.130.49 54113 (FASTLY)
2 2 18.195.155.181 16509 (AMAZON-02)
1 1 202.241.208.56 4694 (IDCF IDC ...)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
1 52.51.92.79 16509 (AMAZON-02)
1 1 104.92.74.8 16625 (AKAMAI-AS)
7 104.36.113.107 62713 (AS-PUBMATIC)
4 4 52.215.3.215 16509 (AMAZON-02)
2 198.47.127.20 62713 (AS-PUBMATIC)
1 169.50.137.184 36351 (SOFTLAYER)
302 74
12    2606:4700:20::ac43:4615 (United States)

ASN13335 (CLOUDFLARENET, US)
thehackernews.com
3    2606:4700:4400::6812:2209 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.adpushup.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
26    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.com
1    2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
21    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
1    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
9    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
securepubads.g.doubleclick.net
www.googletagservices.com
4    65.9.71.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-118.fra56.r.cloudfront.net
c.amazon-adsystem.com
5    23.97.225.52 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
e3.adpushup.com
2    2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
4    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
3    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
3    2606:4700:10::ac43:8ae (United States)

ASN13335 (CLOUDFLARENET, US)
i.connectad.io
cdn.connectad.io
sync-eu.connectad.io
10    185.33.221.87 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    34.254.13.191 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-13-191.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com
a.teads.tv
4    35.156.141.29 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
12    52.210.150.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
ads.servenobid.com
4    51.89.9.251 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu
onetag-sys.com
1    178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com
bidder.criteo.com
4    216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
1    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
2    147.75.85.234 (Schiphol, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
3    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
adpushup-d.openx.net
u.openx.net
us-u.openx.net
1    2a02:fa8:8806:13::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)
web.hb.ad.cpe.dotomi.com
1    18.192.170.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-170-39.eu-central-1.compute.amazonaws.com
prebid-server.rubiconproject.com
1    2602:803:c003:200::41 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    2600:9000:206f:1800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
9    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
26    2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net
p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
20    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
cm.g.doubleclick.net
6    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
26    2a00:1450:4001:80b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
3    52.59.94.57 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-94-57.eu-central-1.compute.amazonaws.com
pm.w55c.net
5    18.197.223.14 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-223-14.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
10    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
3    52.16.238.87 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-238-87.eu-west-1.compute.amazonaws.com
match.360yield.com
ad.360yield.com
3    185.86.139.101 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
6    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net
googleads4.g.doubleclick.net
2    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
7    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
4    23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    23.35.236.188 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-188.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
2    18.64.119.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-119-56.txl50.r.cloudfront.net
cdn.districtm.io
1    2620:1ec:49::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
4    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    34.252.251.45 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-251-45.eu-west-1.compute.amazonaws.com
g2.gumgum.com
1    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
1    72.251.249.14 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ce.lijit.com
1    54.226.216.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-216-14.compute-1.amazonaws.com
x.yieldlift.com
4    213.19.147.45 (Beverwijk, Netherlands)

ASN3356 (LEVEL3, US)
sync.1rx.io
1    52.0.133.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-133-126.compute-1.amazonaws.com
ssp.disqus.com
7    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
1    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
3    52.94.220.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    104.36.113.23 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
3    37.157.5.142 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
4    185.86.139.115 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
2    185.33.221.89 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
2    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
3    2a05:d018:d29:3601:ea85:e49c:e259:daf9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
16    34.247.233.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
2    52.28.125.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-125-64.eu-central-1.compute.amazonaws.com
a.sportradarserving.com
4    64.202.112.31 (Harrodsburg, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
1    34.196.179.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-179-83.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    34.233.85.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-85-84.compute-1.amazonaws.com
sync.ipredictive.com
1    150.136.25.38 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    64.202.112.255 (Harrodsburg, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com
stags.bluekai.com
2    198.148.27.140 (None, )

ASN- ()
bh.contextweb.com
3    103.229.206.241 (Singapore)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
3    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
2    18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
cs.emxdgt.com
1    202.241.208.56 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
tg.socdm.com
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
1    52.51.92.79 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-92-79.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
1    104.92.74.8 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
7    104.36.113.107 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
image2.pubmatic.com
4    52.215.3.215 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-3-215.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
2    198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
1    169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
Apex Domain
Subdomains		 Transfer
51 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 120
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 160
561 KB
45 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 54
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
cm.g.doubleclick.net — Cisco Umbrella Rank: 205
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 287
342 KB
26 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 276
129 KB
18 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1686
usersync.gumgum.com — Cisco Umbrella Rank: 2090
rtb.gumgum.com — Cisco Umbrella Rank: 1247
6 KB
17 rubiconproject.com
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1040
fastlane.rubiconproject.com — Cisco Umbrella Rank: 528
pixel.rubiconproject.com — Cisco Umbrella Rank: 336
eus.rubiconproject.com — Cisco Umbrella Rank: 573
token.rubiconproject.com — Cisco Umbrella Rank: 711
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1036
25 KB
15 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 520
ads.pubmatic.com — Cisco Umbrella Rank: 488
image6.pubmatic.com — Cisco Umbrella Rank: 629
simage2.pubmatic.com — Cisco Umbrella Rank: 611
image4.pubmatic.com — Cisco Umbrella Rank: 882
image2.pubmatic.com
33 KB
14 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 327
s.amazon-adsystem.com — Cisco Umbrella Rank: 286
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1274
50 KB
13 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 2138
public.servenobid.com — Cisco Umbrella Rank: 4558
8 KB
13 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 244
acdn.adnxs.com — Cisco Umbrella Rank: 591
secure.adnxs.com — Cisco Umbrella Rank: 408
34 KB
12 gstatic.com
www.gstatic.com
p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com
fonts.gstatic.com
80 KB
12 thehackernews.com
thehackernews.com — Cisco Umbrella Rank: 178901
329 KB
10 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 299
ads.yahoo.com — Cisco Umbrella Rank: 1058
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 479
5 KB
9 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 391
mug.criteo.com — Cisco Umbrella Rank: 2727
bidder.criteo.com — Cisco Umbrella Rank: 744
dis.criteo.com — Cisco Umbrella Rank: 717
10 KB
9 google.com
adservice.google.com — Cisco Umbrella Rank: 92
www.google.com — Cisco Umbrella Rank: 8
2 KB
8 adpushup.com
cdn.adpushup.com — Cisco Umbrella Rank: 12422
e3.adpushup.com — Cisco Umbrella Rank: 15960
222 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 367
2 KB
7 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1255
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 653
3 KB
7 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 608
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 576
7 KB
5 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 290
3 KB
5 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 179
212 KB
5 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 660
ce.lijit.com — Cisco Umbrella Rank: 963
3 KB
4 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 474
2 KB
4 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 694
1 KB
4 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 540
2 KB
4 openx.net
adpushup-d.openx.net — Cisco Umbrella Rank: 13411
u.openx.net — Cisco Umbrella Rank: 710
us-u.openx.net — Cisco Umbrella Rank: 387
809 B
4 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 820
402 B
4 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1299
457 B
3 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 612
828 B
3 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 462
2 KB
3 adform.net
c1.adform.net — Cisco Umbrella Rank: 583
1 KB
3 360yield.com
match.360yield.com — Cisco Umbrella Rank: 4129
ad.360yield.com — Cisco Umbrella Rank: 642
984 B
3 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 790
2 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 71
3 KB
3 connectad.io
i.connectad.io — Cisco Umbrella Rank: 6911
cdn.connectad.io — Cisco Umbrella Rank: 4190
sync-eu.connectad.io — Cisco Umbrella Rank: 3137
1 KB
3 google.de
adservice.google.de — Cisco Umbrella Rank: 7751
1 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 622
695 B
2 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 950
467 B
2 contextweb.com
bh.contextweb.com
885 B
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 534
1 KB
2 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1030
955 B
2 sportradarserving.com
a.sportradarserving.com — Cisco Umbrella Rank: 2887
1 KB
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 801
943 B
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 635
idsync.rlcdn.com — Cisco Umbrella Rank: 321
140 B
2 criteo.net
static.criteo.net — Cisco Umbrella Rank: 606
57 KB
2 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 775
1 KB
2 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1220
306 B
2 media.net
prebid.media.net — Cisco Umbrella Rank: 1342
contextual.media.net — Cisco Umbrella Rank: 529
9 KB
2 districtm.io
dmx.districtm.io Failed
cdn.districtm.io — Cisco Umbrella Rank: 10774
4 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1029
pixel.quantserve.com — Cisco Umbrella Rank: 443
10 KB
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 851
612 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1450
697 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 494
754 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 922
44 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1161
339 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 753
585 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 395
707 B
1 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 4219
284 B
1 yieldlift.com
x.yieldlift.com — Cisco Umbrella Rank: 4646
593 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 991
345 B
1 dotomi.com
web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 1878
399 B
1 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1237
249 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 670
226 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 429
2 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 867
649 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 630
30 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231
28 KB
0 resetdigital.co Failed
sync2.resetdigital.co Failed
0 sonobi.com Failed
sync.go.sonobi.com Failed
302 68
Domain Requested by
26 s0.2mdn.net thehackernews.com
s0.2mdn.net
26 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
23 pagead2.googlesyndication.com thehackernews.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.gstatic.com
tpc.googlesyndication.com
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
www.googletagservices.com
20 cm.g.doubleclick.net 8 redirects googleads.g.doubleclick.net
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
ssum-sec.casalemedia.com
g2.gumgum.com
19 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
thehackernews.com
16 usersync.gumgum.com 1 redirects g2.gumgum.com
12 ads.servenobid.com cdn.adpushup.com
public.servenobid.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
g2.gumgum.com
12 thehackernews.com thehackernews.com
10 ib.adnxs.com 5 redirects cdn.adpushup.com
googleads.g.doubleclick.net
acdn.adnxs.com
9 www.gstatic.com googleads.g.doubleclick.net
7 s.amazon-adsystem.com 4 redirects ssbsync.smartadserver.com
ssum-sec.casalemedia.com
7 match.adsrvr.org cdn.adpushup.com
public.servenobid.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
g2.gumgum.com
ads.pubmatic.com
6 ups.analytics.yahoo.com 5 redirects ssum-sec.casalemedia.com
6 pixel.rubiconproject.com 3 redirects public.servenobid.com
eus.rubiconproject.com
6 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
6 www.google.com 4 redirects tpc.googlesyndication.com
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
5 x.bidswitch.net 5 redirects
5 www.googletagservices.com googleads.g.doubleclick.net
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
5 e3.adpushup.com thehackernews.com
4 match.prod.bidr.io 4 redirects
4 simage2.pubmatic.com ads.pubmatic.com
4 sync.outbrain.com 3 redirects g2.gumgum.com
4 rtb-csync.smartadserver.com 1 redirects ssbsync.smartadserver.com
ads.pubmatic.com
4 token.rubiconproject.com 4 redirects
4 sync.1rx.io 4 redirects
4 eus.rubiconproject.com cdn.adpushup.com
eus.rubiconproject.com
g2.gumgum.com
4 ads.pubmatic.com cdn.adpushup.com
public.servenobid.com
g2.gumgum.com
ads.pubmatic.com
4 ap.lijit.com 2 redirects cdn.adpushup.com
public.servenobid.com
4 onetag-sys.com cdn.adpushup.com
public.servenobid.com
4 btlr.sharethrough.com cdn.adpushup.com
4 gum.criteo.com 2 redirects static.criteo.net
4 c.amazon-adsystem.com cdn.adpushup.com
c.amazon-adsystem.com
4 securepubads.g.doubleclick.net cdn.adpushup.com
securepubads.g.doubleclick.net
3 image2.pubmatic.com ads.pubmatic.com
3 sync-tm.everesttech.net 3 redirects
3 sync.mathtag.com 3 redirects
3 pr-bh.ybp.yahoo.com 1 redirects ssum-sec.casalemedia.com
ads.pubmatic.com
3 c1.adform.net 2 redirects ads.pubmatic.com
3 aax-eu.amazon-adsystem.com 2 redirects
3 ssbsync.smartadserver.com 1 redirects 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
public.servenobid.com
3 pm.w55c.net 3 redirects
3 fonts.googleapis.com googleads.g.doubleclick.net
3 mug.criteo.com thehackernews.com
3 adservice.google.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
3 adservice.google.de pagead2.googlesyndication.com
securepubads.g.doubleclick.net
3 cdn.adpushup.com thehackernews.com
cdn.adpushup.com
2 image4.pubmatic.com ads.pubmatic.com
2 creativecdn.com 2 redirects
2 cs.emxdgt.com 2 redirects
2 bh.contextweb.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 sync.ipredictive.com 2 redirects
2 us-u.openx.net 2 redirects
2 a.sportradarserving.com 2 redirects
2 ad.turn.com 2 redirects
2 secure.adnxs.com 1 redirects ssum-sec.casalemedia.com
2 cdn.districtm.io cdn.adpushup.com
cdn.districtm.io
2 static.criteo.net cdn.adpushup.com
static.criteo.net
2 googleads4.g.doubleclick.net thehackernews.com
2 match.360yield.com 2 redirects
2 p.rfihub.com 2 redirects
2 p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com googleads.g.doubleclick.net
p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com
2 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 prebid.a-mo.net 1 redirects cdn.adpushup.com
1 um.simpli.fi ads.pubmatic.com
1 idsync.rlcdn.com ads.pubmatic.com
1 secure-assets.rubiconproject.com 1 redirects
1 rtb.gumgum.com g2.gumgum.com
1 tg.socdm.com 1 redirects
1 ad.360yield.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com g2.gumgum.com
1 sync.technoratimedia.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 dis.criteo.com 1 redirects
1 image6.pubmatic.com ads.pubmatic.com
1 id.rlcdn.com
1 px.ads.linkedin.com
1 ads.yahoo.com
1 ssp.disqus.com 1 redirects
1 x.yieldlift.com 1 redirects
1 ce.lijit.com 1 redirects
1 ssum-sec.casalemedia.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 sync-eu.connectad.io cdn.connectad.io
1 cdn.connectad.io cdn.adpushup.com
1 u.openx.net cdn.adpushup.com
1 public.servenobid.com cdn.adpushup.com
1 contextual.media.net cdn.adpushup.com
1 acdn.adnxs.com cdn.adpushup.com
1 fonts.gstatic.com fonts.googleapis.com
1 pixel.quantserve.com thehackernews.com
1 rules.quantcount.com secure.quantserve.com
1 fastlane.rubiconproject.com cdn.adpushup.com
1 prebid-server.rubiconproject.com cdn.adpushup.com
1 web.hb.ad.cpe.dotomi.com cdn.adpushup.com
1 adpushup-d.openx.net cdn.adpushup.com
1 prebid.media.net cdn.adpushup.com
1 bidder.criteo.com cdn.adpushup.com
1 a.teads.tv cdn.adpushup.com
1 hbopenbid.pubmatic.com cdn.adpushup.com
1 ads.yieldmo.com cdn.adpushup.com
1 i.connectad.io cdn.adpushup.com
1 cdn.jsdelivr.net cdn.adpushup.com
1 secure.quantserve.com cdn.adpushup.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 code.jquery.com cdn.adpushup.com
1 cdnjs.cloudflare.com thehackernews.com
0 sync2.resetdigital.co Failed public.servenobid.com
0 sync.go.sonobi.com Failed public.servenobid.com
0 dmx.districtm.io Failed cdn.adpushup.com
cdn.districtm.io
302 111
Subject Issuer Validity Valid
thehackernews.com
Cloudflare Inc ECC CA-3		 2022-05-01 -
2023-05-01		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-22 -
2023-05-22		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
c.amazon-adsystem.com
Amazon		 2022-05-09 -
2023-04-18		 a year crt.sh
*.adpushup.com
Sectigo RSA Domain Validation Secure Server CA		 2020-05-27 -
2022-08-29		 2 years crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-06-15 -
2022-09-18		 3 months crt.sh
connectad.io
Cloudflare Inc ECC CA-3		 2022-04-15 -
2023-04-15		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.yieldmo.com
Amazon		 2022-04-25 -
2023-05-24		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
teads.tv
R3		 2022-06-01 -
2022-08-30		 3 months crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
ads.servenobid.com
Amazon		 2022-05-29 -
2023-06-27		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-03-11 -
2023-04-12		 a year crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-06 -
2023-05-04		 a year crt.sh
*.a-mo.net
R3		 2022-05-05 -
2022-08-03		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2022-05-31 -
2023-07-02		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-06-21 -
2022-09-23		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-12-10 -
2022-12-09		 a year crt.sh
cdn.districtm.io
Amazon		 2021-09-07 -
2022-10-06		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-17		 a year crt.sh
*.gumgum.com
Amazon		 2022-05-06 -
2023-06-04		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-06-14 -
2022-12-07		 6 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-06-07 -
2022-11-30		 6 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-05-02 -
2023-06-03		 a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon		 2022-02-15 -
2023-03-16		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh

This page contains 54 frames:

Primary Page: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Frame ID: F3530CE849CF69AC015FF140E74D2B85
Requests: 81 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20190131/zrt_lookup.html
Frame ID: AEEEC95BD1BA509DC0E2642911FB8AF8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Frame ID: 664FE6A0E98951B3C6A7E64B1FA19308
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Frame ID: CDC8D72042A332FD994D6A87E4AF53D6
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Frame ID: 81D7C274D79FB50FE2A91F86E5C1695A
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1656430764&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349302&bpp=1&bdt=203&idt=259&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600%2C970x250&nras=1&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=264
Frame ID: 2F176ED7A2482A2B6E6A1B7AD8E9C611
Requests: 1 HTTP requests in this frame

Frame: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8BD5861EB803BBCEB123DE716A822D11
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Frame ID: 71F5ACE5D2BA456F5F868DA83FC440B6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F20F92940733C56B482C507C316E7608
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D217F2398B7340E3ED7CC9EBA758AE77
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 80DF287F79207A162E337990EDAD0E4F
Requests: 2 HTTP requests in this frame

Frame: https://p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: BEE48470EFF99F29E949DD986C8B189A
Requests: 2 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019
Frame ID: 6AE4442941C190070FD360F34FBF3935
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Frame ID: F501E46CF5EC8D80BAE54E9FD772DD17
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C40974C19AA054B8FBE1C12735A5BD4B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Frame ID: BCCB15EEEA01DC54A328EF9EE5458FF6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Frame ID: 7A99716D961DADD442E71C98C89AE2EC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Frame ID: C2A12C033B86440F66AAA9B862226BCC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DA5AC0556980CDFE43516331CEF4AFB8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E95CDB807A08762D10839DA0AB989DA9
Requests: 2 HTTP requests in this frame

Frame: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7EB85BF89FE55EB5B0705C831FB53B5D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGJ2RwMcBMAE&v=APEucNWyF7cdWmLptIK3wkJuGi9wuEsHkGtLfL3qNgW2LTxMVFmEXtJw0If2LWNzKHTifqVMlyywpQJH6JCwRkp-n4YQR7xdF5BQ8t0X4rTYCev4CrP1Dxk6Mo82G78-0HDnGCL-r5rFX4CVu5ZWVWGijp-2o7B_-qqo-35H8hcef6I2CDy_3xE
Frame ID: 3EA3BC81B89B96ABA13A2017EBB98603
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 02017EFC7FC699D24EBCFFF45CA0FE0C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 074F8A9685D077778CFA6CF07372B506
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9758430/1649322212218/index.html
Frame ID: 813F3B16EC236F393C314B54050AFC82
Requests: 25 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=thehackernews.com
Frame ID: 85D43FF47ABAFF68F4F9CEA835A1D5C6
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Frame ID: F8F8B3EB15835BBE098F6A591897FF73
Requests: 14 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9A3E981055A2851FAA7BE8AD991FE5B2
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUPEPKI9&prvid=2034%2C2033%2C2031%2C172%2C2030%2C173%2C251%2C175%2C132%2C178%2C2029%2C233%2C255%2C2028%2C2027%2C3017%2C214%2C236%2C3016%2C237%2C337%2C338%2C70%2C51%2C97%2C55%2C99%2C77%2C3012%2C2043%2C2040%2C141%2C186%2C222%2C244%2C201%2C3007%2C246%2C345%2C4%2C203%2C10000%2C80%2C108%2C229%2C9%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: CAC8871BADA0B96D56E2F20B1858C96E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 8FC0B53132A7C70CAFBA7738E1B2D3E2
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 35345FBA1EE6F6AD6627E81B6489D426
Requests: 14 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 3A2B5083EFEAAA6A337B9D1623060DB3
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: E0490AC01F623B93D54AA726FFD2C634
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 86B6776E370758D15F78E8D49363034A
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1656434349750
Frame ID: E679669134D8FAC06678C3727196F133
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1
Frame ID: 2075C9FEEBF5AC265CED5134387E8CBE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: B03E083961BE531B82D5DE8363887633
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 67F1E22AD1DF7C6A128EC09A4EDAC93E
Requests: 16 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: D39D2B7E6001928E1F915D627533681B
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: FFACA3EB0174071F59388EDD46756CFD
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: E24AD50D3390A5862C15BCD2C0F605F9
Requests: 10 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=948262bb-2eb2-4f00-b50b-765a1ceb9c1e&gdpr=0&gdpr_consent=
Frame ID: F40F5229310A757E76205950BB36E5EF
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj
Frame ID: A99B74CFE2F81E1B61A46F5B5FAA3BD2
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8zNTFiZTgxOC05ZmI0LTQ2NDktOWM4Mi1iMDZmNDdjNjljNjU=&gdpr=0&gdpr_consent=
Frame ID: FBF687EC0D29E5FBECEEFE3AB20858D4
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 112C30291F55021CD959DCF5EB5E42FB
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: AA63D3F00D6C76AEDBC688163A7D31D5
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=3368081737051884287brt055491656434354128832f1
Frame ID: CD50B5809C9DB01FFF59945F24D88DDB
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=YrsussCo5soAAKRjES8AAAAA
Frame ID: AABF4651A0E6EFBD3353AAF1D72B0C3A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=0enamG20Hr2thHMYAukN&pi=gumgum&tc=1
Frame ID: 02793534CACE40776D7C299C507CF652
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: ED77B1B6137F4F8DB95ACA79D8F2751C
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=7F3DC454-3AD7-40EC-B7CC-69105588C503
Frame ID: C51708F6A7BCEF5BAA6BCB0A50FED4FF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=
Frame ID: E58AA9B7E496BA4D443EE5CFEA9C3D38
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFdkE7Fdl0AAA71tq5JiQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Frame ID: 129BCAD972638846A291C7D324D5AEDA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&gdpr=0&gdpr_consent=
Frame ID: 27B5611A1FDFD6648BF385B2475B12F3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

302
Requests

80 %
HTTPS

29 %
IPv6

68
Domains

111
Subdomains

74
IPs

10
Countries

2198 kB
Transfer

5475 kB
Size

102
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=ZRQMynwxejRVQzhOSjY2cHduUThoNWkrQ291R0VlWFRnTklsbGpjMmo4OW0ybitDK2pDN2pIdzF4M2w4Qi9RaE9ETnplRmRvV0xhZjZQRFJQWUF4OU9XczdaUnFjUUVoK1V0SXcxZDFSZHlKZDJ5TG1mSnpZSmlhYjR6bkcwYmV4NXhTeVQwMGt3aEczNGRESHNZWXZHM0FUeTZLV1M5N0x6ekRvRSs5TFNpeW91V1I5c21KbjFua2FmNUFkaUxZQ2NUTVVxcVc1VEgyRUp4cTZLK3U5VE5HS1MwZHFHZlJsbFdNaVM3UitpMFFTb3liV1o5eU9uRFo5TmdSTkkvM2huR2ZHfA&cppv=2
Request Chain 118
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 129
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 130
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 138
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 156
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1
Request Chain 157
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yrsur-Vf9Shq6qpSh6Q.LgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1&google_hm=2
Request Chain 158
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEEcIDkilNQmqM7tAH456X5s&google_cver=1
Request Chain 159
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2ODA4MTczNzA1MTg4NDI4Nw%3D%3D
Request Chain 167
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cver=1&google_push=ARnp8GAJePw_iCpHcBB3wGwOLO_7nTtUSYi78Y1a_y6Gw4lPD-7kzDxgES7MuCybg83DLorf2oF-d4uyeR3zBeVaxLI9zb42gHw HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cver=1&google_push=ARnp8GAJePw_iCpHcBB3wGwOLO_7nTtUSYi78Y1a_y6Gw4lPD-7kzDxgES7MuCybg83DLorf2oF-d4uyeR3zBeVaxLI9zb42gHw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cmpZZ2ZYV3YxTzZlZjU1&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cver=1&google_push=ARnp8GAJePw_iCpHcBB3wGwOLO_7nTtUSYi78Y1a_y6Gw4lPD-7kzDxgES7MuCybg83DLorf2oF-d4uyeR3zBeVaxLI9zb42gHw
Request Chain 168
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEOH-SxjdP56mtl3NuCMtZzg&google_cver=1&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZHoIKb8M HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEOH-SxjdP56mtl3NuCMtZzg&google_cver=1&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZHoIKb8M HTTP 302
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=google HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=5109685623550794859&expires=30&ssp=google HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZHoIKb8M&google_hm=Jvz7g4b9Ss2E_sHpZQ9icg==
Request Chain 169
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAJ9y_gwppg5qf-SJqw-F7A&google_cver=1&google_push=ARnp8GA86FtsLMoQOlI3zUBYue1m4hfZSHHvkMCwDqqwkf7vvaIsn1ntnhZykozgYeW7nG9PItzL4CICbOMfJrq1oSCF99Tj8w HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==&google_push=ARnp8GA86FtsLMoQOlI3zUBYue1m4hfZSHHvkMCwDqqwkf7vvaIsn1ntnhZykozgYeW7nG9PItzL4CICbOMfJrq1oSCF99Tj8w
Request Chain 170
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOJnrF-LJcJwy03KRsDM1kM&google_cver=1&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2eAtAeEyLG4 HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOJnrF-LJcJwy03KRsDM1kM&google_cver=1&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2eAtAeEyLG4&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2eAtAeEyLG4&google_hm=E4yHtGZHG9dPubt8SWiNgHBV
Request Chain 171
  • https://match.360yield.com/match/ebda?google_gid=CAESEIhNCaOl-uWbYcCREkPZg6A&google_cver=1&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT8EORilimSu0 HTTP 302
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEIhNCaOl-uWbYcCREkPZg6A&google_cver=1&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT8EORilimSu0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ref5RamjTui5r5dbY6_5mw&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT8EORilimSu0
Request Chain 173
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuLKTJiCI7-Nm1CIXAZ81I&google_cver=1&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Qotvx81aeD5J04PrJHBpQOvBuo HTTP 302
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuLKTJiCI7-Nm1CIXAZ81I&google_cver=1&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Qotvx81aeD5J04PrJHBpQOvBuo&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS04WV9vTWdoRTJ1RmNDOVU2ZVBxZjRjNkIxRkMzd1FpdH5B&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Qotvx81aeD5J04PrJHBpQOvBuo
Request Chain 222
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=thehackernews.com&sn=ChromeSyncframe&so=3&topUrl=thehackernews.com&bundle=k73kd180MUcyMzFnYmxpZ1BteGJmVWhiT2k1RU1GeWc2ODhXN2VLcmFrd3FKWFpkRDZDMUglMkJ6bUdKSE10SGVDWUc5eEJIeWNoRU03cGsxJTJGUHcwUm84UnpNd0Y0SW1OUSUyQkdsUXB5TXFLbHc1Tjh6Sm92RU9kWGVENXdyR1dlM3ByUXZGaw&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=1Wcdu3wyUldKdVpxc1dWNmp6RlBzLzRnNi9WcndSanA3MEpNMXNDK3Vxa2dqcTNha2VjSzF5UW1tanZKZkRSMmpTMzRwZm5PRkRjYWwwZzhZbG8xZnFWbXNvOC9FWGNTdjFtRDU4VmtoUnozTzUyaGhEd1JiTkh0TkhsanMvU1ZMK05FaUtPZ0QyM3pPKzFVcmltS0NoZ1U1TXZkYzBUSUdHSERtYm9qaFRpZDFaeGhyRlJDbnBOd0FMd2JPaHV2b1AwbXl3MG5BckFCZ3RydWplMURINWlQbTl0K3AwVVFrb0g5bStmbFZjUFlRdzRxT1hub3NHczlwZi84UUFJWDR1eVFOMWJBT3AzenBGSDdSUWgxTHI2Z1RCTHg4M3I3TzM4Z2VpQlhOTGdNNmZncz18&cppv=2
Request Chain 234
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=3368081737051884287
Request Chain 235
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=E4yHtGZHG9dPubt8SWiNgHBV
Request Chain 237
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID HTTP 301
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNGFiNjQ2NjktZmNkZi00OTRlLWI1MTktYjcxMTRiYTlkZTY0IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNi0yOFQxNjozOToxNC4wNzM1MDZaIn0=
Request Chain 238
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1656434353758 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2252640054
Request Chain 239
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5109685623550794859
Request Chain 241
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=cd550b43-407d-4a88-8014-5ca0afa0500b&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 242
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
Request Chain 244
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID HTTP 302
  • https://ads.servenobid.com/sync?pid=346&uid=62b58476-ff76-1bde-7f93-5510a765426c
Request Chain 245
  • https://ups.analytics.yahoo.com/ups/58632/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=339&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
Request Chain 246
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=p2ly3307RvKTDXpk3akdBQ&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p2ly3307RvKTDXpk3akdBQ
Request Chain 247
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==
Request Chain 248
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4YE8S8N-22-2OBW&sigv=1&esig=2~7a66eebbc3dd1bb7a6b5ae8e5e1ce31f02d6ab23
Request Chain 249
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4YE8S8N-22-2OBW
Request Chain 251
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGMwODRhYjNhODhkYmNlNzgxNTVjOGNiZTkzMjRjOWMzNmZhNTJhNg
Request Chain 252
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=USpcNgdtRHirGiNWZcMnuA&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=USpcNgdtRHirGiNWZcMnuA
Request Chain 253
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEO40xRqCBCArTyI5Cp6q0Gk&google_cver=1
Request Chain 256
  • https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=8982777071185948856&gdpr=0&gdpr_consent=
Request Chain 257
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4077581924694820654&gdpr=0&gdpr_consent= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4077581924694820654&gdpr=0&gdpr_consent=&dcc=t
Request Chain 258
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3466632763
Request Chain 259
  • https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%40&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=bf4edff5-8146-4784-9abf-ef5d06b55bf2&gdpr=0&gdpr_consent=
Request Chain 261
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB&dcc=t
Request Chain 264
  • https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4077810862758296985
Request Chain 266
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=rjYgfXWv1O6ef55&gdpr=1
Request Chain 269
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=3368081737051884287
Request Chain 270
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_351be818-9fb4-4649-9c82-b06f47c69c65&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=b690b301-0c00-4f1e-9256-16c8720657ad&ssp=gumgum2 HTTP 302
  • https://usersync.gumgum.com/usersync?b=bsw&i=26fcfb83-86fd-4acd-84fe-c1e9650f6272
Request Chain 271
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=obn&i=ENC%28ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_351be818-9fb4-4649-9c82-b06f47c69c65&obuid=ENC(ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://ib.adnxs.com/getuid?https://sync.outbrain.com/cookie-sync?p=appnexus&uid=$UID&obUid=ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=appnexus&uid=3368081737051884287&obUid=ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e
Request Chain 272
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=8a29998a-78c1-485c-8c82-3e8aad97d376
Request Chain 273
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c3d69bf6-fd6f-43a1-5fe0-f2ac6d204028$ip$217.64.151.68
Request Chain 274
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=oth&i=y-fFBA.jpE2pcJMOQttKZhRYU13kU.LmtWnZfq~A
Request Chain 275
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=d8420abf-f700-11ec-b2fc-c7b778ea8869
Request Chain 276
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Request Chain 278
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_351be818-9fb4-4649-9c82-b06f47c69c65&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=Csmhk_WLusl4XDsIFNVU&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2Q3TNVUGWX2XJR2XG3BULBCHGSKGJZLFKJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2Q3TNVUGWX2XJR2XG3BULBCHGSKGJZLFKJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Csmhk_WLusl4XDsIFNVU&us_privacy=1---
Request Chain 279
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=ade7f945-a9a3-4ee8-b9af-975b63aff99b
Request Chain 280
  • https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8369460078
Request Chain 281
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=JPR8IJ5tp3qy&ev=1&pid=558355
Request Chain 282
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=4077581924694820654
Request Chain 284
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=948262bb-2eb2-4f00-b50b-765a1ceb9c1e&gdpr=0&gdpr_consent=
Request Chain 285
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj
Request Chain 289
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=3368081737051884287&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
  • https://usersync.gumgum.com/usersync?b=emx&uid=3368081737051884287brt055491656434354128832f1
Request Chain 290
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=YrsussCo5soAAKRjES8AAAAA
Request Chain 291
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=0enamG20Hr2thHMYAukN&pi=gumgum&tc=1
Request Chain 292
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 296
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=
Request Chain 297
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGZGtFN0ZkbDBBQUE3MXRxNUppUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAFdkE7Fdl0AAA71tq5JiQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAFdkE7Fdl0AAA71tq5JiQ&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFdkE7Fdl0AAA71tq5JiQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Request Chain 298
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&gdpr=0&gdpr_consent=
Request Chain 299
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fz3EVDrXQOy3zGkQVYjFAw%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 301
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=739162bb-2eb2-4400-9348-a251f8bf2e82
Request Chain 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=N0YzREM0NTQtM0FENy00MEVDLUI3Q0MtNjkxMDU1ODhDNTAz&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 303
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDV12gbrNsAmZ-zlJ9EHRq8&google_cver=1
Request Chain 305
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4077810862758296985&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 308
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7F3DC454-3AD7-40EC-B7CC-69105588C503&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fSIsMLVE2uUSGmzzCMzVK5EhE12t_Ek-~A&gdpr=0&gdpr_consent=
Request Chain 309
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d8420abf-f700-11ec-b2fc-c7b778ea8869&gdpr=0&gdpr_consent=
Request Chain 310
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3368081737051884287&gdpr=0&gdpr_consent=

302 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request zuorat-malware-hijacking-home-office.html
thehackernews.com/2022/06/ 		150 KB
71 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordPress VIP
Resource Hash
d8b5fb8f1b636e9c5a84c979fb2e691704769dda054f789a6515000f6a971c6a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
173
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, s-maxage=604800, max-age=0
cf-cache-status
MISS
cf-ray
7227db595b1d5a31-MXP
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Tue, 28 Jun 2022 16:36:15 GMT
last-modified
Tue, 28 Jun 2022 15:39:24 GMT
link
</css/roboto.css>; as=style; rel=preload
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
camera=(), geolocation=(), microphone=()
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kR6MEJG8XZ8ZIcgJv1rVzzm3FcZQus1W8wHuL6WvezCX%2BahNOfJWJooNcDB%2BKjlpjIoDwl%2FTN%2Bt6NLxpxhKVRPkYGwHr8s78HITutyQ0BoSCyviTAeD4FjXwaiVPxSudc%2FrkmwZKZj%2B3XI21oaKf"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding, accept,amp-cache-transform
x-content-type-options
nosniff
x-forwarded-for
2001:ac8:20:3d00:1012:b724:c80d:298e
x-frame-options
DENY
x-powered-by
WordPress VIP
x-xss-protection
1; mode=block
roboto.css
thehackernews.com/css/ 		77 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://thehackernews.com/css/roboto.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRAeUdkQCWQ13UuOCr4n97VeMU53odYQGIpmAyhXCSOm9i8dKP7bC7oNcWpP4SjcNpL3FxWypXAMKV4vGJNgafGWqJT9YfjXSz3%2BEuMOl1Jq4%2BDrWfvDg1Tld7CtJTQOvSHEm8cX0ONMPY6n86iQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, immutable, s-maxage=8640000
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-ray
7227db59ec0a5a31-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
souter.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg960bGMseqxbdnv3xqZUrWcOzL5MfDLr4qmhEQDcc_kRyaMLxrU7o0NMvSR_TVyTEzrQxPA3Cc9_H3Sp_vJ-5tZWQg4h9xGPQhMKSNLLsuVF1mHTjD-IVdRJ-fKp-W3I1PkvPvVKJZ-iZC76aWh... 		108 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg960bGMseqxbdnv3xqZUrWcOzL5MfDLr4qmhEQDcc_kRyaMLxrU7o0NMvSR_TVyTEzrQxPA3Cc9_H3Sp_vJ-5tZWQg4h9xGPQhMKSNLLsuVF1mHTjD-IVdRJ-fKp-W3I1PkvPvVKJZ-iZC76aWhXluWmKUjZ7co90F8srg43ozs8aIVZxqD5nblJm7/s728-e1000/souter.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
edb6236234478fe65d3f22cd56f653050b2ac4574b3928574bc673b0d006aea6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3501
cf-polished
origFmt=jpeg, origSize=152623
x-forwarded-for
217.30.102.50
content-disposition
inline; filename="souter.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
111088
x-xss-protection
0
expires
Mon, 24 Mar 2025 15:40:48 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1bcd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1UeCkuFCsY0kuWzTcMYfzmAbBkXTh8b0scla9iIq5YVvZaHX3eB3Jx7%2FXInyedF6WN1IUwOsAHtLeVFCgygw8wJ6a7onX1DuO%2Fomqfg9RSPI%2Fmee4DOwPcf0gHZVQzzCOoUdQfKmDjTOB3LUJ7L"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept, Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db59fc115a31-MXP
access-control-expose-headers
Content-Length
flow.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjvbzKYyAqwih7tqZAnFAcdpeuLtQdx4bBAsWIy-sCJ7K1fyc4zVMAesHvs_M_KRlD0rsEaN1MN7ZRAa9GjY59AjvoH61CpBal6lw8qYqnwLUawsNKljS5cm0Vx3mVXjylOOMAEwccJunTQahk3S... 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjvbzKYyAqwih7tqZAnFAcdpeuLtQdx4bBAsWIy-sCJ7K1fyc4zVMAesHvs_M_KRlD0rsEaN1MN7ZRAa9GjY59AjvoH61CpBal6lw8qYqnwLUawsNKljS5cm0Vx3mVXjylOOMAEwccJunTQahk3Stdv8d9TZUAEOez6OM8IQyoFjOhgWxfNt0SFDiY7/s728-e1000/flow.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a315c734f4b5ae401c7081178c38d1a3e441e9d63e011272e087632ba3f5ade5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3430
cf-polished
origFmt=jpeg, origSize=80460
x-forwarded-for
95.232.24.226
content-disposition
inline; filename="flow.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
47132
x-xss-protection
0
expires
Mon, 24 Mar 2025 15:41:59 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1bcb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6htmbOixhnWwUzJfvEahoQ22272LdPZ7e2VDhhhP90VewGQvypyGWFu611JC3XpFlWuyNLuyDOo4kDr6ENhpR9pCe%2FQx%2F0SIfgMWUJjdfZ53zEm7m92R0S0YRTvcU6Y1i8U1Xu6oOFa0%2FRl8URr"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept, Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5a2acd3752-MXP
access-control-expose-headers
Content-Length
cc.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiDlxxtTI9gNv328qFfv8HVljLaVthpGc0hze6Q9P2fYaY_LW26ncKpcuRJbI_oI3kOZswaXC3YTMeenaG8A8h-lhpD2CTIJe8jHqOQTdhynErvOL6sH36ucNouQ2MISrqZwthpbD51zEMj3N4ic... 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiDlxxtTI9gNv328qFfv8HVljLaVthpGc0hze6Q9P2fYaY_LW26ncKpcuRJbI_oI3kOZswaXC3YTMeenaG8A8h-lhpD2CTIJe8jHqOQTdhynErvOL6sH36ucNouQ2MISrqZwthpbD51zEMj3N4ict-R4GeO3wuO_O6Ahb_4Uj2KNAXFuCse2cCGKcND/s728-e1000/cc.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12f5b1274ab0a4ac91ed51e6dc47ae3c1a7494346aa2cc6c9dde8749006bd7e9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3429
cf-polished
origFmt=jpeg, origSize=29459
x-forwarded-for
95.232.24.226
content-disposition
inline; filename="cc.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
19574
x-xss-protection
0
expires
Mon, 24 Mar 2025 15:42:00 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1bca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8iVOe77kBG1iZeVMhAu9WbiL6wd2V3HwfSd2316mXfrahdT3uSRhXVfqqRhzufbzzeUVNpqp6ww1PtwYrb3uVi%2FrLfRz5nSgV5jydXRGsw2dG8ej78wc4nPrT4Oi5v7vL9KRZl9PgfAOH8Nn6kW"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept, Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5a2acf3752-MXP
access-control-expose-headers
Content-Length
adpushup.js
cdn.adpushup.com/37020/ 		441 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adpushup.com/37020/adpushup.js
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f46567d3913857de0723b7efb8737672353d3ac6c0470a44d2017a9806b7bf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Jun 2022 11:44:00 GMT
server
cloudflare
age
11357
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-cf-geodata
CH
cf-ray
7227db5a7aa50225-ZRH
expires
Tue, 28 Jun 2022 17:39:09 GMT
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		27 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d64f4662969ecae048bd993de6d91ef6296d12a7c059a08589c6bddb4a21875

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Referer
Origin
https://thehackernews.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		103 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		442 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/gif
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1721336
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27938
timing-allow-origin
*
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2FXTtsLOCBdyDswRV9Kd4FKlMs%2BfzNvF1drhMbGEUa5WFL77o8Ub0Ogi9UrPL1K17p0mk5sHR4r7VqwLdYQjZ%2Bksjwhc4GU4G8buftDb9zNiWnUjoU17yYqr3SgaXENHQEkIQYgI%2F8pyKysC1L%2Fo4iRp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7227db5a98862373-ZRH
expires
Sun, 18 Jun 2023 16:39:09 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		163 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
426fe7d10574f970a159f294dc54b597f9d10316a3daba427554e434b27866ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56436
x-xss-protection
0
server
cafe
etag
9319957434875509287
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 28 Jun 2022 16:39:09 GMT
s.js
thehackernews.com/cdn-cgi/zaraz/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://thehackernews.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyWnVvUkFUJTIwTWFsd2FyZSUyMEhpamFja2luZyUyMEhvbWUtT2ZmaWNlJTIwUm91dGVycyUyMHRvJTIwU3B5JTIwb24lMjBUYXJnZXRlZCUyME5ldHdvcmtzJTIyJTJDJTIyeCUyMiUzQTAuMjY1OTk5MjkxODIwMjU2OTQlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnRoZWhhY2tlcm5ld3MuY29tJTJGMjAyMiUyRjA2JTJGenVvcmF0LW1hbHdhcmUtaGlqYWNraW5nLWhvbWUtb2ZmaWNlLmh0bWwlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d783f014d2564161910b9d880cff11a972a1ab67c43f05e550b44c886c944b75
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods
GET, HEAD, POST, OPTIONS
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KkUltW0a1%2B1ARwP6QGgMSm7v1sLb83gfHOPoig6mxQQZf0HweqpxXsFIC4%2Foa4LenkXSM0FDtezmM4PB2BeINbevfRHTtzPWlxeerS3HIy6hlPV6xELT9YWC3zux7OCIaHNiMWwV3D512tZINSZt"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://thehackernews.com
vary
Origin, Accept-Encoding
access-control-allow-credentials
true
cf-ray
7227db5a6b423752-MXP
access-control-allow-headers
Content-Type, Set-Cookie, Cache-Control
truncated
/ 		194 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
spyware.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi_58XOVBOF2WpPZngrxCJrgYE6cjkbHpIcr-GX7d5Uzhck2ObXSwQKiQTpq9FmEN3WmoMkwju5efF9Xc01CVrFq1eFhtqleQPi7XpbXcsShqMm6ZWg3YasiFzVSrhfNa_036T7P-qZVmq81PX66... 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi_58XOVBOF2WpPZngrxCJrgYE6cjkbHpIcr-GX7d5Uzhck2ObXSwQKiQTpq9FmEN3WmoMkwju5efF9Xc01CVrFq1eFhtqleQPi7XpbXcsShqMm6ZWg3YasiFzVSrhfNa_036T7P-qZVmq81PX66kNUWzIRXGQ4MlR1GF-UHRjfbpNeyFAavp0k0JZC/w72-h72-p-k-no-nu/spyware.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40c521c64b2d083d7fcb658a185feabfc8e0dd2092b2e650f301933bdc58d456
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26322
cf-polished
origFmt=jpeg, origSize=4959
x-forwarded-for
185.121.33.196
content-disposition
inline; filename="spyware.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4718
x-xss-protection
0
expires
Wed, 29 Jun 2022 09:20:27 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1bab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2jF55ZyBhV1E19ROE%2B9%2BUSiLOuix4qPuyKlq4FJqbEdRhq3uPgxhAQI7hP%2FBHpTZ7ZT6MUh9gDZZaHSLn3bXArL%2Frf0W090PbZRx1LHAuFakF%2BvvyDuUBduCnWkZuDGEkeZq9Vg7tqlibTIk9R%2F"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept, Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5a9b7b3752-MXP
access-control-expose-headers
Content-Length
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d9d"
vary
Accept-Encoding
x-hw
1656434349.dop133.fr8.t,1656434349.cds106.fr8.hn,1656434349.cds144.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/ 		336 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5e8873d76f8a5192aa8f516c89b7391217d8f1af46620e01a0ac4bb0f1921a20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
120994
x-xss-protection
0
server
cafe
etag
3939671176573479895
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 28 Jun 2022 16:39:09 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220623/r20190131/ Frame AEEE 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220623/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
64504
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4414
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 27 Jun 2022 22:44:05 GMT
etag
10429905676100781186
expires
Mon, 11 Jul 2022 22:44:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pb.37020.1652339691291.js
cdn.adpushup.com/prebid/ 		346 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73f85b949987db91e6d2e4b11a8b5ee5ab0737277bcf2887724e9ce76d38f6fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 12 May 2022 07:15:28 GMT
server
cloudflare
age
689347
etag
W/"627cb410-567d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7227db5bcc6b0225-ZRH
expires
Wed, 28 Jun 2023 16:39:09 GMT
21ad59dd-23a1-4556-b21f-7e02f527a282
https://thehackernews.com/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://thehackernews.com/21ad59dd-23a1-4556-b21f-7e02f527a282
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length
3743
python.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpWTWGWnd5_8WNFfUUi1_F_FzHSjI7D2mFONMt_Xr6GgeybL87WBPueIJtPOP4uaRC3QaWxLyxNUM2FaEWedDOkkdC-fwf1Le9Q_SnmhQm0o1rS3s4acCKwJJ4_yFcvysGUntPK-oZ0VrLaMlAK... 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpWTWGWnd5_8WNFfUUi1_F_FzHSjI7D2mFONMt_Xr6GgeybL87WBPueIJtPOP4uaRC3QaWxLyxNUM2FaEWedDOkkdC-fwf1Le9Q_SnmhQm0o1rS3s4acCKwJJ4_yFcvysGUntPK-oZ0VrLaMlAK4-Y4ZiTQGA7zsXbkXNR1mXYWGL6o7JDbbk0PFi4/w72-h72-p-k-no-nu/python.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db74e32218f93d9da40f157c5f75a05bc8f495ff4c388fbeb2d4b361a61fe883
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26322
cf-polished
origSize=3035, status=webp_bigger
x-forwarded-for
185.121.33.196
content-disposition
inline;filename="python.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3032
x-xss-protection
0
expires
Wed, 29 Jun 2022 09:20:27 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1ba5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bUMJnc45kumFiFvUV5J6%2Bd0ajXFIAuEkuxsv4hAsjdGTY0C0GzRcWuHo0f5325xqyPiZ6lyhVr0aCZH95sifmjjfqOmwtUjRJHmTjfXqk2vh%2FI8eC%2Fhb%2BENtSR2Jhch%2BiqvzZuIsXCl3nG1q9Y3c"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5c3dfe3752-MXP
access-control-expose-headers
Content-Length
ransomware.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjCYB-8ZAsSijLSXQ_z4mmq8d3nOdEZPULCRp23pGdO1D3xx-7QtBjDk-wRK1ehA-9IQkQjQ9auAnlQsGw1yU9c22oqjhiYtqUUFW5WgMSDyqQIAnwAp3S_NYGi0bzMs-GIabEn7chvsUQkCXugH... 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjCYB-8ZAsSijLSXQ_z4mmq8d3nOdEZPULCRp23pGdO1D3xx-7QtBjDk-wRK1ehA-9IQkQjQ9auAnlQsGw1yU9c22oqjhiYtqUUFW5WgMSDyqQIAnwAp3S_NYGi0bzMs-GIabEn7chvsUQkCXugHP2zHnX8GAv8RfwkqluD_LQDDfqkgU8X65zPshOp/w72-h72-p-k-no-nu/ransomware.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a06e8c1d2820d56a5f67b17c2f07634df91f4e1d9be6d0e64a80554c27bfcba
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26322
cf-polished
origSize=2035, status=webp_bigger
x-forwarded-for
185.121.33.196
content-disposition
inline;filename="ransomware.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1988
x-xss-protection
0
expires
Wed, 29 Jun 2022 09:20:27 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1bbd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQeFmH9OCT76o1Wh50ZlGxNBt6gBu4Udk357eNEXBTuqLFLvUc1x2AQnCcG7c6X5skbYoXpFqljIcmML4OVhhRmeBZgUNJKgt1m7SXAyIBo2UtXEfRvDI7%2BSHbzdDnutpM%2FstISX6grxO1h37T8D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5c3e013752-MXP
access-control-expose-headers
Content-Length
hacking.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEim4NFlgiedsZyM9nwoYZyVFg6NDuuooSW_q7ZeHdDb9c-nm4-fV2cZ6gwe2Qw3aeBydho972W0dJXA-6XkWQU2Zj04xgVPiu3gJoJh70MQgBnT_aY_qN1k1go36E2XRD6oe1BuRQFLz8N9817kp... 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEim4NFlgiedsZyM9nwoYZyVFg6NDuuooSW_q7ZeHdDb9c-nm4-fV2cZ6gwe2Qw3aeBydho972W0dJXA-6XkWQU2Zj04xgVPiu3gJoJh70MQgBnT_aY_qN1k1go36E2XRD6oe1BuRQFLz8N9817kpoUXk2pdVCpIEqyo820bqOR6_HxWEZUByMqpZhQl/w72-h72-p-k-no-nu/hacking.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd458c32f7959669c5d0c9af8b60d1b4bb8b5151b516a3001e75006e2359ae21
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26322
cf-polished
origSize=2678, status=webp_bigger
x-forwarded-for
185.121.33.196
content-disposition
inline;filename="hacking.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2674
x-xss-protection
0
expires
Wed, 29 Jun 2022 09:20:27 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1bad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tl%2FHNt9CkBfN7sSVnYw85xCzvo4%2BLdV2MAKEhLs%2BHFrZ%2B%2BWlwqkZ6As7YgWf60GSbRc49ut4pKPyOwHVlbZdHsyxTduJXh0XrTtU2MaFlRqq5vG71joFppVWJDcbpz%2BRuoZML2vT5tj8aRVhUcua"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5c3e023752-MXP
access-control-expose-headers
Content-Length
chinese-hacking-attacks.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg8eIEd6MaOuxL80C9D7z6dg84hZk41mrccfmc3B9Db4RPFpafZ_zQNEmB3AnPLB8EZ8oBHRBhgAsXDKWsBEpaiCyR-myLYK_lxjyDZeC4ig2BnL0K1EVC5hUJM6LxqwOD6QR7HXDpUcdjtRNyTm... 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg8eIEd6MaOuxL80C9D7z6dg84hZk41mrccfmc3B9Db4RPFpafZ_zQNEmB3AnPLB8EZ8oBHRBhgAsXDKWsBEpaiCyR-myLYK_lxjyDZeC4ig2BnL0K1EVC5hUJM6LxqwOD6QR7HXDpUcdjtRNyTm3Z8aH1IalORboRj4GOTO3uB-woKGOPGKtKNGGv2/w72-h72-p-k-no-nu/chinese-hacking-attacks.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
947ede7380870c4bc6842de3db04f871952195ce906a4573a92c822016fa9515
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26321
cf-polished
status=not_needed
x-forwarded-for
185.121.33.196
content-disposition
inline;filename="chinese-hacking-attacks.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2815
x-xss-protection
0
expires
Wed, 29 Jun 2022 09:20:28 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1ba1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BDGMvOqJV7kl%2B7JUyIahx69IgbjLogqzkEYOyK0n48VSdvAgzmBsdFv7qC1O26NRktzguwkeWgK49I7fMtF8ZnW1KiMKUqsmAUl2TavH2%2F3qIt7RaEYtMZmuhC34K68xpaSNQ7Eaq3kQpx06ZLk"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5c3e033752-MXP
access-control-expose-headers
Content-Length
nso.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjHOkvfzs7535fRtrbjxNjCL9r-rCkWTBO4zesnz9tNZ9hK8gjPp-RjZIlpcHla_ufM8JCKHAzeu5h4rCPVO43qSx5hxXYx8rKIV-sN-bcMPWDoQpXEeh5I8Urm3kmGLsBB1Gefy2fjlIRIseYpr... 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjHOkvfzs7535fRtrbjxNjCL9r-rCkWTBO4zesnz9tNZ9hK8gjPp-RjZIlpcHla_ufM8JCKHAzeu5h4rCPVO43qSx5hxXYx8rKIV-sN-bcMPWDoQpXEeh5I8Urm3kmGLsBB1Gefy2fjlIRIseYprP_eiejsJ8OkHWaoCXXxQlMTu3DBKW4BALRn3S9y/w72-h72-p-k-no-nu/nso.jpg
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9834f2bde632b419715af174d5de50cc8e35409b56d47a5e22d3c113de0828ff
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
26320
cf-polished
status=not_needed
x-forwarded-for
185.121.33.196
content-disposition
inline;filename="nso.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3892
x-xss-protection
0
expires
Wed, 29 Jun 2022 09:20:28 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"v1b93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aiWWd1cvyWicuhJOBRKt%2BrXsiwy%2BF%2FuL4zWl4XS0sjF17OEMwHaLCavR%2BeNWYrmmEQAKwkTVSkWCbCiCMvEaKahwngfT2nBAa11i8k6Pf%2BRndM%2BLvfKEDM4MZlWRrD%2Fqqa4q%2FdTmJXK6pV1aGHM5"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
vary
Accept-Encoding
cache-control
public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges
bytes
cf-ray
7227db5c3e043752-MXP
access-control-expose-headers
Content-Length
cookie.js
partner.googleadservices.com/gampad/ 		221 B
649 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=thehackernews.com&callback=_gfp_s_&client=ca-pub-7983783048239650
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
85c77ea2a40e27d5ef3c459bff8c51dd583a4460216f73681463dca944efd782
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=thehackernews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 664F 		67 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
578b4798c70b6063f9ef29fdc9ebce066a6fdf05f17b3864ed580318689757c9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
28031
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame CDC8 		68 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ff74c3c80f0fd12f106480d82e54f8eb99fbf5875a523165edc86458038e0c94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
27922
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 81D7 		93 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
818befe3ab9883bf318a409acf9ab052c99f148f8308b9f6aa125758f5d49765
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
32429
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 2F17 		176 KB
45 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1656430764&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349302&bpp=1&bdt=203&idt=259&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600%2C970x250&nras=1&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=264
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cc920382750ecec94b423d77811d5f90de64e5d6d64a727da6af81dce3dd86d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
45805
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:09 GMT
expires
Tue, 28 Jun 2022 16:39:09 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
quantcast.js
cdn.adpushup.com/pbuseridscripts/ 		450 B
348 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 28 Jun 2021 04:15:23 GMT
server
cloudflare
age
11874601
etag
W/"60d94cdb-1c2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7227db5cfe260225-ZRH
expires
Wed, 28 Jun 2023 16:39:09 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
6a39869b5c0a2e7540a1b80f8671462bb6d647f8989a65338decb01e934ec55c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28124
x-xss-protection
0
server
sffe
etag
"1257 / 51 of 1000 / last-modified: 1656414245"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 28 Jun 2022 16:39:09 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		140 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb513f6173396cc8dcef3ae1f88b0b8b11a1cd5b5e1142639c83e91c7ae26e08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 28 Jun 2022 16:28:25 GMT
via
1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront), 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified
Thu, 09 Jun 2022 19:19:58 GMT
server
AmazonS3
age
645
etag
W/"915836bd4f06d8d29dfc0840694722ed"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-pop
FRA6-C1, FRA56-C1
content-encoding
gzip
x-amz-cf-id
a1KDnJomU3I73mWwwTyltx5DC01v9XUSi3eZIWnl1DUiJk48FqI8dA==
sync
e3.adpushup.com/AdPushupFeedbackWebService/user/ 		70 B
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e3.adpushup.com/AdPushupFeedbackWebService/user/sync
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
ap-cookie-status
cookies ap_uid and ap_usid not set due to GDPR
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-robots-tag
noindex
content-length
70
expires
0
testmode
e3.adpushup.com/AdPushupFeedbackWebService/feedback/ 		70 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e3.adpushup.com/AdPushupFeedbackWebService/feedback/testmode?data=eyJjcmVhdGVkVFMiOjE2NTY0MzQzNDk2MDEsInBhY2tldElkIjoiMDAwMDkwOUMtNjM2NzIxZTUtODM0YS00ZGI3LTlmYjAtMDM3ZjhjYjkyYjNlIiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3p1b3JhdC1tYWx3YXJlLWhpamFja2luZy1ob21lLW9mZmljZS5odG1sIiwibW9kZSI6NCwiZXJyb3JDb2RlIjowLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-robots-tag
noindex
content-length
70
expires
0
feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 		70 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NTY0MzQzNDk2MDEsInBhY2tldElkIjoiMDAwMDkwOUMtNjM2NzIxZTUtODM0YS00ZGI3LTlmYjAtMDM3ZjhjYjkyYjNlIiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3p1b3JhdC1tYWx3YXJlLWhpamFja2luZy1ob21lLW9mZmljZS5odG1sIiwibW9kZSI6MiwiZXJyb3JDb2RlIjo3LCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-robots-tag
noindex
content-length
70
expires
0
testmode
e3.adpushup.com/AdPushupFeedbackWebService/feedback/ 		70 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e3.adpushup.com/AdPushupFeedbackWebService/feedback/testmode?data=eyJjcmVhdGVkVFMiOjE2NTY0MzQzNDk2MDYsInBhY2tldElkIjoiMDAwMDkwOUMtNjM2NzIxZTUtODM0YS00ZGI3LTlmYjAtMDM3ZjhjYjkyYjNlIiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3p1b3JhdC1tYWx3YXJlLWhpamFja2luZy1ob21lLW9mZmljZS5odG1sIiwibW9kZSI6NSwiZXJyb3JDb2RlIjoxLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-robots-tag
noindex
content-length
70
expires
0
feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 		70 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NTY0MzQzNDk2MDYsInBhY2tldElkIjoiMDAwMDkwOUMtNjM2NzIxZTUtODM0YS00ZGI3LTlmYjAtMDM3ZjhjYjkyYjNlIiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3p1b3JhdC1tYWx3YXJlLWhpamFja2luZy1ob21lLW9mZmljZS5odG1sIiwibW9kZSI6MSwiZXJyb3JDb2RlIjoxLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpbeyJzZWN0aW9uSWQiOiI5NjdlY2ZhZC1iZjZiLTQyOWUtOWEzOS05NzcwYzhiN2QxODgiLCJzZWN0aW9uTmFtZSI6IkFQX1RfUl9yZXNwb25zaXZlWHJlc3BvbnNpdmVfOTY3ZWMiLCJzdGF0dXMiOjEsIm5ldHdvcmsiOiJhZHBUYWdzIiwibmV0d29ya0FkVW5pdElkIjoiQURQXzM3MDIwX3Jlc3BvbnNpdmVYcmVzcG9uc2l2ZV85NjdlY2ZhZC1iZjZiLTQyOWUtOWEzOS05NzcwYzhiN2QxODgiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XX0%3D
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-robots-tag
noindex
content-length
70
expires
0
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4223a22cda8a8aefc71ef1c02f9fef94eb7c00b289c9b8d60ef08efe04f6b3dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
etag
"LJe/JP5aJNz/nd4+kfgdiQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Tue, 05 Jul 2022 16:39:09 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		0
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthehackernews.com&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 15:47:16 GMT
via
1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
server
Server
age
3112
x-cache
Hit from cloudfront
access-control-allow-origin
https://thehackernews.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
pEbobahKFvvqQh7tabSCvgh4G7ETMNzTpkVO89Z6qcYCG7-YvpEiTA==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
V0pVBg0mlfLR15rr7Wd2OdbBwvWb7BSE
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
36094
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 16 Jun 2022 07:15:00 GMT
server
AmazonS3
date
Tue, 28 Jun 2022 06:40:20 GMT
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
HqjfRmMUvxatJQ_9U2BEKT4_O8MpFkQc3WYqQ1qcBw5AwgsoNJkzyQ==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
493 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&pid=dnqvjNP9FYwRz&cb=0&ws=1600x1200&v=8.0.1&t=3000&slots=%5B%7B%22sd%22%3A%22ADP_37020_responsivexresponsive_00000001-01ee2dda-3266-4769-9c7e-b8d6b0c3032d%22%2C%22s%22%3A%5B%22730x290%22%2C%22728x280%22%2C%22728x250%22%2C%22728x90%22%2C%22690x90%22%2C%22690x250%22%2C%22690x280%22%2C%22675x90%22%2C%22675x280%22%2C%22675x250%22%2C%22670x90%22%2C%22670x280%22%2C%22670x250%22%2C%22650x90%22%2C%22650x280%22%2C%22650x250%22%2C%22650x150%22%2C%22630x90%22%2C%22630x280%22%2C%22630x250%22%2C%22602x100%22%2C%22600x90%22%2C%22600x280%22%2C%22600x250%22%2C%22580x90%22%2C%22570x90%22%2C%22550x150%22%2C%22468x60%22%2C%22336x280%22%2C%22320x50%22%2C%22320x100%22%2C%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F103512698%2F22055424785%22%7D%5D&schain=1.0%2C1!adpushup.com%2Caeb138a66c47c1d438a8907993e81712%2C1%2C%2C%2C&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-118.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
via
1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C1
x-amz-rid
JTNDNYEHCDTBTNX4Y3TX
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://thehackernews.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
YTQkBdMct6qH-AUn_zhaemr4Yp3jlv0brt_JBrGPyr50lblsD3pCJA==
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://thehackernews.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 28 Jun 2022 16:39:09 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1158
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220628
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
830fc1a1a04c9c07c4a5a574220105ba177da937c895bfab19fbdc47783fea9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
5893
x-jsd-version
1.0.1385
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19138-FRA, cache-itm18827-ITM
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"668-jAPxNAaVllog8tMf4+2E5IVnZoM"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7htql0zONcyCD2KHZqg9CYrVFv5eiTtjlFC%2FCJCIBD6Nc8MIQAISM5wL0dEbVE1TdwjTIGxK7rl79IeIHeAL4nrvO0fJcNSwd7EuD6Jy%2FGBPHsNKwjo7r9LbNRZPbbSqpmagiHm1LbQTaaZcBlQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
7227db5dcc412325-ZRH
access-control-expose-headers
*
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=ZRQMynwxejRVQzhOSjY2cHduUThoNWkrQ291R0VlWFRnTklsbGpjMmo4OW0ybitDK2pDN2pIdzF4M2w4Qi9RaE9ETnplRmRvV0xhZjZQRFJQWUF4OU9XczdaUnFjUUVoK1V0SXcxZDFSZHlKZDJ5TG1mSnpZSmlhYjR6bk...
340 B
614 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=ZRQMynwxejRVQzhOSjY2cHduUThoNWkrQ291R0VlWFRnTklsbGpjMmo4OW0ybitDK2pDN2pIdzF4M2w4Qi9RaE9ETnplRmRvV0xhZjZQRFJQWUF4OU9XczdaUnFjUUVoK1V0SXcxZDFSZHlKZDJ5TG1mSnpZSmlhYjR6bkcwYmV4NXhTeVQwMGt3aEczNGRESHNZWXZHM0FUeTZLV1M5N0x6ekRvRSs5TFNpeW91V1I5c21KbjFua2FmNUFkaUxZQ2NUTVVxcVc1VEgyRUp4cTZLK3U5VE5HS1MwZHFHZlJsbFdNaVM3UitpMFFTb3liV1o5eU9uRFo5TmdSTkkvM2huR2ZHfA&cppv=2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
b2c7cf5821a3249553c693c9d5767ad5097ea94b574c694ad83bbd9c784cf110
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2453
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:08 GMT
location
https://mug.criteo.com/sid?cpp=ZRQMynwxejRVQzhOSjY2cHduUThoNWkrQ291R0VlWFRnTklsbGpjMmo4OW0ybitDK2pDN2pIdzF4M2w4Qi9RaE9ETnplRmRvV0xhZjZQRFJQWUF4OU9XczdaUnFjUUVoK1V0SXcxZDFSZHlKZDJ5TG1mSnpZSmlhYjR6bkcwYmV4NXhTeVQwMGt3aEczNGRESHNZWXZHM0FUeTZLV1M5N0x6ekRvRSs5TFNpeW91V1I5c21KbjFua2FmNUFkaUxZQ2NUTVVxcVc1VEgyRUp4cTZLK3U5VE5HS1MwZHFHZlJsbFdNaVM3UitpMFFTb3liV1o5eU9uRFo5TmdSTkkvM2huR2ZHfA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1295
content-length
509
expires
0
v2
i.connectad.io/api/ 		0
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.connectad.io/api/v2
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
7227db5deadf233d-ZRH
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
prebid
ib.adnxs.com/ut/v3/ 		50 B
742 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:09 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
5f52b1e6-9a43-4550-bd63-85bbd927c392
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://thehackernews.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
50
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ads.yieldmo.com/exchange/ 		0
226 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=4.43.0&p=%5B%7B%22placement_id%22%3A%22ADP_37020_responsivexresponsive_00000001-01ee2dda-3266-4769-9c7e-b8d6b0c3032d%22%2C%22callback_id%22%3A%22692d7c2521426b%22%2C%22sizes%22%3A%5B%5B730%2C290%5D%2C%5B728%2C280%5D%2C%5B728%2C250%5D%2C%5B728%2C90%5D%2C%5B690%2C90%5D%2C%5B690%2C250%5D%2C%5B690%2C280%5D%2C%5B675%2C90%5D%2C%5B675%2C280%5D%2C%5B675%2C250%5D%2C%5B670%2C90%5D%2C%5B670%2C280%5D%2C%5B670%2C250%5D%2C%5B650%2C90%5D%2C%5B650%2C280%5D%2C%5B650%2C250%5D%2C%5B650%2C150%5D%2C%5B630%2C90%5D%2C%5B630%2C280%5D%2C%5B630%2C250%5D%2C%5B602%2C100%5D%2C%5B600%2C90%5D%2C%5B600%2C280%5D%2C%5B600%2C250%5D%2C%5B580%2C90%5D%2C%5B570%2C90%5D%2C%5B550%2C150%5D%2C%5B468%2C60%5D%2C%5B336%2C280%5D%2C%5B320%2C50%5D%2C%5B320%2C100%5D%2C%5B300%2C50%5D%2C%5B300%2C100%5D%2C%5B300%2C75%5D%2C%5B300%2C250%5D%2C%5B250%2C250%5D%2C%5B200%2C200%5D%5D%2C%22ym_placement_id%22%3A%222743550009650651584%22%7D%5D&page_url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&bust=1656434349702&pr=&scrd=1&dnt=false&description=Researchers%20warn%20of%20a%20new%20malware%2C%20dubbed%20ZuoRAT%2C%20targeting%20small%20office%2Fhome%20office%20routers%20(SOHO)%20as%20part%20of%20a%20sophisticated%20campaign.&title=ZuoRAT%20Malware%20Hijacking%20Home-Office%20Routers%20to%20Spy%20on%20Targeted%20Networks&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=ec4fbaef-46d1-4a12-b6cf-71b6c2494cc4&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpushup.com%22%2C%22sid%22%3A%22aeb138a66c47c1d438a8907993e81712%22%2C%22hp%22%3A1%7D%5D%7D
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.13.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-13-191.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://thehackernews.com
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://thehackernews.com
date
Tue, 28 Jun 2022 16:39:09 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid-request
a.teads.tv/hb/ 		16 B
249 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://thehackernews.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Tue, 28 Jun 2022 16:39:09 GMT
prebid
ib.adnxs.com/ut/v3/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
6735131b7f0a782cb83cb252e096e563af5c7005091f7d34d1818267d91f4fdf
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 28 Jun 2022 16:39:09 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
2a6cca4c-dde0-4e75-89e2-fac0c4ea37c4
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://thehackernews.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://thehackernews.com
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://thehackernews.com
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://thehackernews.com
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://thehackernews.com
date
Tue, 28 Jun 2022 16:39:09 GMT
access-control-allow-credentials
true
vary
Origin
adreq
ads.servenobid.com/ 		466 B
614 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=2194
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
fc6ee2790b09e7ace7e2b18939210d875c331d74b836ba2eef4fa49e1e820b40

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://thehackernews.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
v1
dmx.districtm.io/b/ 		0
0
prebid-request
onetag-sys.com/ 		15 B
364 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin
https://thehackernews.com
cache-control
no-transform, no-cache
access-control-allow-credentials
true
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
cdb
bidder.criteo.com/ 		0
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.0&cb=45440229267
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 28 Jun 2022 16:39:09 GMT
server
Finatra
vary
Origin
access-control-allow-origin
https://thehackernews.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
bid
ap.lijit.com/rtb/ 		24 B
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.43.0
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e9a311336c0e22fd9660896fdb6a74cf7f0549ccff067a29af7230eb25d43080

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 28 Jun 2022 16:39:09 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://thehackernews.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
prebid
prebid.media.net/rtb/ 		1 KB
881 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUPEPKI9
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a8b7537c5ef65691326e1e1e12de2e5e8fd095ecb2ccf77e66621661e3c3980c

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
c
prebid.a-mo.net/a/ 		0
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

x-nbr
1
date
Tue, 28 Jun 2022 16:39:09 GMT
server
envoy
vary
origin, Accept-Encoding
access-control-allow-origin
https://thehackernews.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
arj
adpushup-d.openx.net/w/1.0/ 		73 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adpushup-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e9aac271-f622-4da3-8274-dedd1db7b482&nocache=1656434349720&pubcid=ec4fbaef-46d1-4a12-b6cf-71b6c2494cc4&schain=1.0%2C1!adpushup.com%2Caeb138a66c47c1d438a8907993e81712%2C1%2C%2C%2C&aus=730x290%2C728x280%2C728x250%2C728x90%2C690x90%2C690x250%2C690x280%2C675x90%2C675x280%2C675x250%2C670x90%2C670x280%2C670x250%2C650x90%2C650x280%2C650x250%2C650x150%2C630x90%2C630x280%2C630x250%2C602x100%2C600x90%2C600x280%2C600x250%2C580x90%2C570x90%2C550x150%2C468x60%2C336x280%2C320x50%2C320x100%2C300x50%2C300x100%2C300x75%2C300x250%2C250x250%2C200x200&divids=ADP_37020_responsivexresponsive_00000001-01ee2dda-3266-4769-9c7e-b8d6b0c3032d&aucs=&auid=541218336
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/7f1e280 /
Resource Hash
9a92ad7d89ca4910e284faf6dcb836c1be6b19324b1d5b1c41f11011a6fcb238

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
server
OXGW/7f1e280
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://thehackernews.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 		213 B
399 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
9d131c4d19103618d0df68ac9031e1e80d2aaa5905d43b0f008f0007e9ac2c61

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
server
nginx
content-type
application/json
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
213
expires
0
auction
prebid-server.rubiconproject.com/openrtb2/ 		173 B
403 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.170.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-170-39.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
56e1c65da6e133331353398037d6c3ab057c730aeb483437bfa37ddd4d455bf6

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-prebid
pbs-java/1.91.0
content-type
application/json
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
167
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20616&site_id=332834&zone_id=1745264&size_id=15&alt_size_ids=2%2C1%2C13%2C14%2C16%2C19%2C43%2C44%2C117&rp_schain=1.0,1!adpushup.com,aeb138a66c47c1d438a8907993e81712,1,,,&eid_pubcid.org=ec4fbaef-46d1-4a12-b6cf-71b6c2494cc4%5E1&rf=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&tk_flint=pbjs_lite_v4.43.0&x_source.tid=468cee46-c99e-4247-9fa0-bba3ea4a790f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7347221198569214
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
d814910ea1e2da5b09b6a85ad4322afb58264458f57abdbec0868f71f07ff699

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:09 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://thehackernews.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
rules-p-54Nt-1NAaEEe0.js
rules.quantcount.com/ 		2 B
345 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:1800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 15:57:43 GMT
via
1.1 f2fa38e6635ded6d22a69d089217bc90.cloudfront.net (CloudFront)
server
AmazonS3
age
2486
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C1
content-length
2
x-amz-cf-id
zQH2-EvEtwf9MySqqH3c3OY-UDkksjYjG5ur-l1ulCtZn1ksHMSfGw==
pubads_impl_2022062301.js
securepubads.g.doubleclick.net/gpt/ 		374 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062301.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
d74b590fcc8d9c451b2ecba1c0e5bae3a1d00db30130e8da00c454e066fa8dde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1474
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
130467
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 08:36:27 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 28 Jun 2023 16:14:35 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		164 B
138 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=thehackernews.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
019d22d3e70ec460a085db138f131a9d77cb25175dd7eecb155305c270ed221c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
expires
Tue, 28 Jun 2022 16:39:09 GMT
pixel;r=1754383735;rf=0;a=p-54Nt-1NAaEEe0;url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d6...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1754383735;rf=0;a=p-54Nt-1NAaEEe0;url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-1230317118-1656434349769;pbc=ec4fbaef-46d1-4a12-b6cf-71b6c2494cc4;ns=0;ce=1;qjs=1;qv=623fd1d5-20220628141335;cm=;gdpr=0;ref=;d=thehackernews.com;dst=0;et=1656434349769;tzo=0;ogl=site_name.The%20Hacker%20News%2Clocale.en_US%2Ctype.article%2Ctitle.ZuoRAT%20Malware%20Hijacking%20Home-Office%20Routers%20to%20Spy%20on%20Targeted%20Networks%2Cimage.https%3A%2F%2Fthehackernews%252Ecom%2Fnew-images%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEg960bGMseqxbdnv3xqZUrW%2Cdescription.Researchers%20warn%20of%20a%20new%20malware%252C%20dubbed%20ZuoRAT%252C%20targeting%20small%20office%2Fhome%20of%2Curl.https%3A%2F%2Fthehackernews%252Ecom%2F2022%2F06%2Fzuorat-malware-hijacking-home-office%252Ehtml
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:09 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=ZRQMynwxejRVQzhOSjY2cHduUThoNWkrQ291R0VlWFRnTklsbGpjMmo4OW0ybitDK2pDN2pIdzF4M2w4Qi9RaE9ETnplRmRvV0xhZjZQRFJQWUF4OU9XczdaUnFjUUVoK1V0SXcxZDFSZHlKZDJ5TG1mSnpZSmlhYjR6bkcwYmV4NXhTeVQwMGt3aEczNGRESHNZWXZHM0FUeTZLV1M5N0x6ekRvRSs5TFNpeW91V1I5c21KbjFua2FmNUFkaUxZQ2NUTVVxcVc1VEgyRUp4cTZLK3U5VE5HS1MwZHFHZlJsbFdNaVM3UitpMFFTb3liV1o5eU9uRFo5TmdSTkkvM2huR2ZHfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 28 Jun 2022 16:39:08 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1211
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=thehackernews.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2571697556640926&correlator=1136263434872900&eid=21068767%2C42531608&output=ldjh&gdfp_req=1&vrg=2022062301&ptt=17&impl=fifs&iu_parts=103512698%3A22548988896%2C22055424785&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C730x290%7C728x280%7C728x250%7C728x90%7C690x90%7C690x250%7C690x280%7C675x90%7C675x280%7C675x250%7C670x90%7C670x280%7C670x250%7C650x90%7C650x280%7C650x250%7C650x150%7C630x90%7C630x280%7C630x250%7C602x100%7C600x90%7C600x280%7C600x250%7C580x90%7C570x90%7C550x150%7C468x60%7C336x280%7C320x50%7C320x100%7C300x50%7C300x100%7C300x75%7C300x250%7C250x250%7C200x200&fluid=height&ifi=5&adks=2691297053&sfv=1-0-38&ecs=20220628&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26adpushup_ran%3D1%26hb_ap_siteid%3D37020%26hb_ap_ran%3D1%26fluid%3D1%26refreshcount%3D0%26refreshrate%3D30%26hb_ap_format%3Dbanner%26hb_ap_pb%3D0.00%26hb_ap_adid%3D5450f45e92b1be1%26hb_ap_bidder%3Dappnexus&eri=1&cust_params=da%3Dadx%26outbrain%3Dtrue&sc=1&cookie=ID%3Dc777bc7eb4a2a7f4-22885b0cbfcd0013%3AT%3D1656434349%3ART%3D1656434349%3AS%3DALNI_MbCiaeEIFiz4RgSYmo5JFH7P-T40w&abxe=1&dt=1656434350071&lmt=1656430764&dlt=1656434349099&idt=696&biw=1600&bih=1200&adxs=269&adys=1343&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&frm=20&vis=1&scr_x=0&scr_y=0&psz=730x0&msz=730x0&fws=4&ohw=1600&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=false&btvi=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
0b6e5839c571fdce85ab2ef2fc6fc6304249c085bd67d0bd8e01751a67021f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9715
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8BD5 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Wed, 28 Jun 2023 16:39:10 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/ 		149 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cdd0ba6ab854b6871fb4bc92a001b2a251e3913a4c9cccf5755bcfb28739811f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54411
x-xss-protection
0
server
cafe
etag
324067836211169499
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 28 Jun 2022 16:39:10 GMT
fa287546e1d5bd0678894d5c227e456c.js
www.gstatic.com/mysidia/ Frame 81D7 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 09:05:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27209
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4351
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 00:04:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 26 Sep 2022 09:05:41 GMT
db2e47a9a3671f527cf86ca9ac22fc67.js
www.gstatic.com/mysidia/ Frame 81D7 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/db2e47a9a3671f527cf86ca9ac22fc67.js?tag=text/vanilla_highlight
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 09:05:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27209
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4277
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 00:04:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 26 Sep 2022 09:05:41 GMT
css
fonts.googleapis.com/ Frame 81D7 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 28 Jun 2022 15:38:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 28 Jun 2022 16:39:10 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Jun 2022 16:39:10 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 81D7 		2 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
875
x-xss-protection
0
server
cafe
etag
16974406330603315520
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:23 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 81D7 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
258
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8671
x-xss-protection
0
server
cafe
etag
18116328616323621410
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:34:52 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 81D7 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 81D7 		138 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43256
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1656329918998510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 28 Jun 2022 16:39:10 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 81D7 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:38:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:38:23 GMT
21b2dfe42abab24529e209ac1efa07c6.js
www.gstatic.com/mysidia/ Frame 81D7 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Thu, 23 Jun 2022 00:25:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
490417
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13060
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 00:04:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 21 Sep 2022 00:25:33 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=thehackernews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/ Frame 71F5 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
60816
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4414
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 27 Jun 2022 23:45:34 GMT
etag
10429905676100781186
expires
Mon, 11 Jul 2022 23:45:34 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
11982391094998490895
tpc.googlesyndication.com/simgad/ Frame CDC8 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/11982391094998490895?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk-ooPhW_3qMdbLK9KSJ-dA-PTOIA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46f169c5e3b44bc80033a16690df688f121af7089f8842b4c69d687446c5b97f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Sat, 25 Jun 2022 06:48:30 GMT
x-content-type-options
nosniff
age
294640
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51504
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 09:03:18 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 25 Jun 2023 06:48:30 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame CDC8 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
258
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8671
x-xss-protection
0
server
cafe
etag
18116328616323621410
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:34:52 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame CDC8 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CDC8 		138 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43256
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1656329918998510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 28 Jun 2022 16:39:10 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame CDC8 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:38:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:38:23 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame CDC8 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9b87ba9f38a8905c569f57b2e7f262a904383984fb76af355216f2cd31e856a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:14:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1499
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12977
x-xss-protection
0
server
cafe
etag
4929431275013645188
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:14:11 GMT
5221416263494655517
tpc.googlesyndication.com/simgad/ Frame 664F 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/5221416263494655517?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qna24CuZHmT6zEremT6nNGxjG_S8Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e14a8d7acd57fba2eee8db28de82e10957fa2d6e7b7296f3aa478a0895a200d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 21 Jun 2022 23:26:17 GMT
x-content-type-options
nosniff
age
580373
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24925
x-xss-protection
0
last-modified
Tue, 17 Aug 2021 18:45:03 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 21 Jun 2023 23:26:17 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 664F 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
258
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8671
x-xss-protection
0
server
cafe
etag
18116328616323621410
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:34:52 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 664F 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 664F 		138 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43256
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1656329918998510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 28 Jun 2022 16:39:10 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 664F 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:38:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:38:23 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 664F 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9b87ba9f38a8905c569f57b2e7f262a904383984fb76af355216f2cd31e856a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:14:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1499
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12977
x-xss-protection
0
server
cafe
etag
4929431275013645188
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:14:11 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame CDC8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CsPFprS67YsD_I5axYuerktgO57HF6Gr8ydfIjBCagv37-SMQASDn--UbYJXikIKgB6AB7LHDhgPIAQKpAq5yVFM7R6c-qAMByAPJBKoE_wFP0Jf2tvpYVXSzmeROxgc55nZE7dS0p7qVQ2Vwa2iwwZ-nb1RusQTFzXTw5EvMMhZU1ODwqSgetpC8yYbVAIKXO7teTWLWXbRX6jrAdEBjsAREN-fDED71jKA1wyqPQOXe6gB2W8A12koiE2uk7vJkJ5OkumqUHohXvIM1LA9XHI0V6aQkRpZU2T_QSvFUsGP-XIs08sndMDXwshHKUMnDP5uw4ha_TtZFstjQfC6kLBIP_9b2xYrxtnVkpWTk09O8CtvfNYBYLVcuEpbQvblFz46JkaJ6eaTSHQo9FGsQvxS0rENOTmeSBBco7Ad1dhrFEbjQp42jHfZ8YOLuwFXABP_6w46QBJIFBAgEGAGSBQQIBRgEoAYCgAf9wLmEAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEELvMDNIIEQiA4YBwEAEYHzIC6wI6AoBAgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTc5ODM3ODMwNDgyMzk2NTAYAA&sigh=01Kw3qSMmPI&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 28 Jun 2022 16:39:10 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 664F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CGgPWrS67YpG0IoLAgAfQoYbIDPGKvrZqiYut1v0PkI-o-GcQASDn--UbYJXikIKgB6ABs6iy-wHIAQKoAwHIA8kEqgSAAk_Qp8YawVisTQbCN2qGB-QK7Pmu0Uein69IHvjl2PpLFJLH_30IaaNBTv69FDT3NozNL_gyo2Nh_0LCqIoP6qpO-1XuvUgCClrIBl7CTHwwbB0eDBABeU6K0mGsCfG6rhvNRZgVdPvoz9J3mKufpN0e5VCF_jCYr_CsexE7E4PRsM-RJYV6FMsRfdxkZIVFFZvHoxvl3GMMoVgQEST19kj71ApctZLCNHRK_CQXKwVGgzVBFBG6AFS3FP3bcKgcgLLdYqlUq7enC06EeZ7qdAhLfV7srkuptXzR_QZQ4uL1-635zmfZiFOdwZ7Y9Ot2OCQyp4nugwEzShfvKR_R1XbABPXy99vsA5IFBAgEGAGSBQQIBRgEoAYCgAe1182EAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEP_uH9IIEQiA4YBwEAEYHzIC6wI6AoBAgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTc5ODM3ODMwNDgyMzk2NTAYAA&sigh=-xZmmu7EdpQ&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 28 Jun 2022 16:39:10 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 81D7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cgih9rS67YqqoJLmTiM0P-rGNkA_EjL2UatKg2NWpD_i36tuPDhABIOf75RtgleKQgqAHoAGtrpCfA8gBAagDAcgDwwSqBIsCT9D_XdykhvtucugXgKE4iEcXb2OcFxfV4jFrFRJlBn12nWtQGtfOLMcLe3XS5n4rpqPW_-c9C-xdQopHwBUy8iEvur5SzJNdv5FnnHC25RHtWtmYWRTyRtBNWEwOjLIyBv4GJNgkU5MoJfgoYXAew5yz86LnAXwLYlLV6iJtYNVHjkqdINGg8s9E-7hMNqDmPJDMugo0X5-WC7ZhBjGBbEmsqx2r7SbDyBV1PkJ3Hcdo0BHptjQJ9kIoIQU5Jxr2Miv5AZKvrmcmvaPojZUZYOLfR9gQIVvhUrIFqEkPN3XxaTcV8ZlBOuMGtmU0YDXc0RzkJxnHog2g93JVozlNtJ9d1j5f9LZlGP60wAT-gfLI7gOSBQQIBBgBkgUECAUYBKAGUYAHu9HvYKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIyOFNIIEQiA4YBwEAEYHzIC6wI6AoBAgAoByAsB2BMMiBQB0BUBmBYBgBcBshccChoIABIUcHViLTc5ODM3ODMwNDgyMzk2NTAYAA&sigh=zWRPENzyexQ&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 28 Jun 2022 16:39:10 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame F20F 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1845
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:08:25 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
css2
fonts.googleapis.com/ Frame 71F5 		4 KB
636 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 28 Jun 2022 15:05:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 28 Jun 2022 16:39:10 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Jun 2022 16:39:10 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 71F5 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 15:16:50 GMT
x-content-type-options
nosniff
age
4940
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 28 Jun 2023 15:16:50 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 71F5 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:30:50 GMT
x-content-type-options
nosniff
age
500
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 28 Jun 2023 16:30:50 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/elements/html/ Frame 71F5 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:31:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
437
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8263
x-xss-protection
0
server
cafe
etag
17157773748623750166
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:31:53 GMT
truncated
/ Frame 81D7 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2bc81af5a90390f156485f16407317ac1f9d688bfe60e0864f5e615738a60e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
s
googleads.g.doubleclick.net/pagead/drt/ Frame D217 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1845
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:08:25 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 80DF 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1845
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:08:25 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
redir.html
p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame BEE4 		247 B
964 B 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f3.1e100.net
Software
sffe /
Resource Hash
25f117953a288e35b233ce2dbd2506f26f2f4fd46aa36582973a8583b4068a8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
206
content-security-policy-report-only
script-src 'nonce-5kthN7iwgIBZJkF3z-cx7w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Mon, 02 Dec 2019 20:15:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 664F 		207 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4eb3c81616d946c4ec9a052ebc3f7797dc68f8d4ce02bf94bfba3ff8462a08ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame CDC8 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6a5da997ea6515ec99832851c9dff5a2df9395efdf0f4ebcf16f0f9c4c94e2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 81D7 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:44:44 GMT
x-content-type-options
nosniff
age
546866
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28288
x-xss-protection
0
last-modified
Wed, 01 Jun 2022 19:05:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 22 Jun 2023 08:44:44 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame F20F
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
fa287546e1d5bd0678894d5c227e456c.js
www.gstatic.com/mysidia/ Frame 6AE4 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 09:05:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27209
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4351
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 00:04:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 26 Sep 2022 09:05:41 GMT
74ef8cb7c81a147b0078185476199165.js
www.gstatic.com/mysidia/ Frame 6AE4 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d8e6138c7cf0944d755a4757f5c2b3803ede310e05af81ff90d4fe98bb6c4d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Thu, 23 Jun 2022 01:07:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
487904
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7278
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 00:04:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 21 Sep 2022 01:07:26 GMT
css
fonts.googleapis.com/ Frame 6AE4 		8 KB
893 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 28 Jun 2022 15:44:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 28 Jun 2022 16:39:10 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Jun 2022 16:39:10 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 6AE4 		2 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
875
x-xss-protection
0
server
cafe
etag
16974406330603315520
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:23 GMT
a44a0b8f447061e92ca19622c4392a02.js
www.gstatic.com/mysidia/ Frame 6AE4 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/a44a0b8f447061e92ca19622c4392a02.js?tag=analytics_pingback_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa3777d578531c63cb5b48a28d1f0135a9769ca2ee44ae916aadb341089140e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:45:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
546845
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2233
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 18:51:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 20 Sep 2022 08:45:05 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 6AE4 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:34:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
258
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8671
x-xss-protection
0
server
cafe
etag
18116328616323621410
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:34:52 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 6AE4 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6AE4 		138 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43256
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1656329918998510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 28 Jun 2022 16:39:10 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 6AE4 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:38:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:38:23 GMT
21b2dfe42abab24529e209ac1efa07c6.js
www.gstatic.com/mysidia/ Frame 6AE4 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Thu, 23 Jun 2022 00:25:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
490417
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13060
x-xss-protection
0
last-modified
Thu, 23 Jun 2022 00:04:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 21 Sep 2022 00:25:33 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame D217
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 80DF
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
iframe.html
p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame BEE4 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Requested by
Host: p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f3.1e100.net
Software
sffe /
Resource Hash
aca99e8c47b536ac95e599cef9520c362b66b97eeaee8a091eae136d79aa1e43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1862
content-security-policy-report-only
script-src 'nonce-LRPvH5Bl4gG_kO4d1TgW1g' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Thu, 29 Apr 2021 21:38:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
pagead2.googlesyndication.com/bg/ Frame F501 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349284&bpp=4&bdt=185&idt=228&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&correlator=5272209221354&frm=20&pv=2&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=fwo5H8wZ4R&p=https%3A//thehackernews.com&dtd=244
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:01:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
13077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13854
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 16:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Jun 2023 13:01:13 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AE4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgocCAEqGGxhcmdlLWJhbm5lci1ldGEtdmFuaWxsYQoKCAIqBnNlcnZlcgoaCAQqFm15c2lkaWFfYW5hbHl0aWNzX2V4cDEKDRArIQAAAAAAABRAMAQKDRADIQAAAMjMDEdAMAQSGkNKNzZnT2pLMFBnQ0ZibllFUWdkRW5JTzV3Ihp0ZXh0L3ZhbmlsbGFfdGV4dF9jbG9zZV92MigD
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AE4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgocCAEqGGxhcmdlLWJhbm5lci1ldGEtdmFuaWxsYQoKCAIqBnNlcnZlcgoaCAQqFm15c2lkaWFfYW5hbHl0aWNzX2V4cDEKDRANIQAAAACgmbk_MAQKCRAeKgMweDAwBAoJEBkqAzB4MDAEEhpDSjc2Z09qSzBQZ0NGYm5ZRVFnZEVuSU81dyIadGV4dC92YW5pbGxhX3RleHRfY2xvc2VfdjIoAw==
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame C409 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1845
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:08:25 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AE4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgocCAEqGGxhcmdlLWJhbm5lci1ldGEtdmFuaWxsYQoKCAIqBnNlcnZlcgoaCAQqFm15c2lkaWFfYW5hbHl0aWNzX2V4cDEKDRArIQAAAAAAACBAMAQKDRAQIQAAAAAAAAAAMAQKDRARIQAAAACA9dJAMAQKDRASIQAAAAAAACBAMAQKDRATIQAAAAAAABBAMAQKDRAXIQAAAJiZmVBAMAQSGkNKNzZnT2pLMFBnQ0ZibllFUWdkRW5JTzV3Ihp0ZXh0L3ZhbmlsbGFfdGV4dF9jbG9zZV92MigD
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AE4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgocCAEqGGxhcmdlLWJhbm5lci1ldGEtdmFuaWxsYQoKCAIqBnNlcnZlcgoaCAQqFm15c2lkaWFfYW5hbHl0aWNzX2V4cDEKDRAUIQAAAAAAiNRAMAQKDRAVIQAAAAAAACZAMAQKDRAWIQAAAAAAABRAMAQKDRAYIQAAAJqZOWJAMAQSGkNKNzZnT2pLMFBnQ0ZibllFUWdkRW5JTzV3Ihp0ZXh0L3ZhbmlsbGFfdGV4dF9jbG9zZV92MigD
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame C409
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:10 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
pagead2.googlesyndication.com/bg/ Frame BCCB 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:01:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
13077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13854
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 16:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Jun 2023 13:01:13 GMT
knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
pagead2.googlesyndication.com/bg/ Frame 7A99 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656430764&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349289&bpp=1&bdt=190&idt=265&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3829&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=eZiYvH5dn2&p=https%3A//thehackernews.com&dtd=269
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:01:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
13077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13854
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 16:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Jun 2023 13:01:13 GMT
knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
pagead2.googlesyndication.com/bg/ Frame C2A1 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656430764&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Fzuorat-malware-hijacking-home-office.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656434349288&bpp=1&bdt=189&idt=256&shv=r20220623&mjsv=m202206230101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5272209221354&frm=20&pv=1&ga_vid=1175869786.1656434350&ga_sid=1656434350&ga_hid=1901775345&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44763507%2C31067983%2C42531608&oid=2&pvsid=2571697556640926&tmod=2042014507&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=7H4N2tg8OA&p=https%3A//thehackernews.com&dtd=260
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:01:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
13077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13854
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 16:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Jun 2023 13:01:13 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220623&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
76fb12eb0785c8cdf4d06290fb8fcaf4692376bfc632e138665a381813076cec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10648
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 28 Jun 2022 16:39:10 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DA5A 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
397
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:32:33 GMT
expires
Wed, 28 Jun 2023 16:32:33 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame E95C 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e3fdeee3459c175cd67d06ba7be30a81b83436f837da0c82ce6cb39bcd14c2d5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OoSuZTiLY-4UHlzjwmczTw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-OoSuZTiLY-4UHlzjwmczTw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Tue, 28 Jun 2022 16:39:10 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
container.html
18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7EB8 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:10 GMT
expires
Wed, 28 Jun 2023 16:39:10 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
pagead2.googlesyndication.com/bg/ Frame DA5A 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:01:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
13077
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13854
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 16:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Jun 2023 13:01:13 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame E95C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220623&jk=2571697556640926&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame 3EA3 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGJ2RwMcBMAE&v=APEucNWyF7cdWmLptIK3wkJuGi9wuEsHkGtLfL3qNgW2LTxMVFmEXtJw0If2LWNzKHTifqVMlyywpQJH6JCwRkp-n4YQR7xdF5BQ8t0X4rTYCev4CrP1Dxk6Mo82G78-0HDnGCL-r5rFX4CVu5ZWVWGijp-2o7B_-qqo-35H8hcef6I2CDy_3xE
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:11 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 7EB8 		77 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVraWCP7hHbIGStYIo53ZrSJkRq6ugDtW9_aS5Ega9MSpDn1nFQOQGmFPhIP_TzxgqvqRqXs07iTNGC1DzMfOeLd-mhr2-Cku_BqS2_6BAl7cFKsbAWZZ1ZF0va1yfvp-2CqvMOeSZo5Ao8Yp3zK7ccqFCpA&dbm_d=AKAmf-AbHgdjcTcOGeRSpRdgqzWOzvvjSHtZ-iHr1X1k7RBrK0oebdCV-6RX6u9qVQcz29MPkYTUilwXJIoSMChpoNwFD9dbyWpS7thqihpEd-HGoIo-WyRizAtW3vPfSrZubYMcCg3lvOMY9Iw5NUrq9qF4vylpbIGrGGV0PkyyTndBx1rB3cII6LT5Nbn0q8OCjG6NpHGQIBFGsU1reaD-1IQes-eIjLDzoPstdSFNGZpmBef86cs8KsqnMDflni5jNq0QmEgRiu17p4HNXK6N5GSWBDgu43Pi_dyUGqCFVBq1aPYSb_1Y1GLX3arG66YziC3zLRjFAkNQ83jdy35Qt3nuZF7X-NnracoJYQBTcPF56zbE1eq4NjCdXprmuxx6lURuu0raOlVfOymba-My3toA3PAwRIKks_FfHzb37HabMp9ZEttJ3JOQ-R_Ljb6Nd9B_pjL5Z-xTfVQBJf-D4_phQ1xEf9lz3Wd4yTcVSoVUuWJvTUBPptaydcByIulc4vFYdxLGUK1omXs6hJNfEzfOBied3Bd0pTghUcooUGdFn82NsybnGROnWx4k0urh8-bBi5J90RiqNQI34_01FKKg9eJgOBldopwfDinaC9lBpNxvk8jmDrV8qB4zcY_-YxUI9p2LFBJdLls_Da14ggqrazpdRHrNkVw92whKd9XyDnwp7ToUcRPWY0pVBBVtDrwm30_CSjVdnLkE3ye6Ju5M2Hll9sB4rU4OHQXfKISORpXYSD-z74_QFzycNGaZDBqEeYLyY5jpFAaazvnGZwIWid04UEHcNKsEeIc_rLMN1bXog_iOyK9H8utzVErfgI4salVjb80eDsaHTsG0Tj-eoZqk5A7QuVjciCbHi_8H-fNISjYaohmoGReH1mHBtWIsSmNg05hJ3kJUg5IEyO2f4wtmGnmaAcnmi8IpY6Vjq-I44yA6zW9_sXOfuf6QYqvz3k_z-Xk1esPUg6O9r0gWJ2uq2CRHAewHndCA6Xtpsd51dya3Td5rDMDkaqTNT2lr-rWB9CpVUliXiK3icEbE6X3llpwNQypWN3vFYNgI4jfLTbk2s5FIrsTVu4NS0VkJEi1m2vcNQ2Pu3h4IfaF8OXOUs7WDatrsx7XhaPJKObgMzr2E_wk5S5Ct34ifW2oslEphpZCYRITKCy-9BxIkTcTNtuHyvRmWuk1ZYZXXezBePR8flt1IPquLcUw1l1Mxv7SH_qsHZmIIaY8sGpFauehryv_KTs56NP8HA0sQzit5MH4b59Z72aOPmUvaIbB2DjVVTYCZOHPi2Gp8YLcQDLt8LJ8pjwNi2sc0SZUc42u8S01Pl-n63_3p2DLrJKdXmorf8axLoG1K_K37yhLnbUTu21MRG2pcc0OE82igzHZxjjtZZi2EXCJDzJKVDpegD7-jr324UgUtZUS_c7jcpdd5Ix0H92phK-htJmQ-Drv30X089vXS30p1NH_FaDGj1efqEKfVQEYjO0lAFDMPLaUMGP3baXjzckEmlMKDWBfGONnsvzeuRLRnNYuGcAyTDn8qqpCTtdQicqUJOaQg004qcpOuk4oXG2AUYEsP0-3C7Y0tJnaHg-NPyP3fkwqlS53RyiS1Zg1Now0dILtgjLQvrVKB_aC3MMTvoebn3uF2Np7pjOyJn3BLXlpMQXJFn0rMnEnlJdOEBI4CUQv2X39IvmvdSJzeqsJz4EVVyC0eCvvWuBkCnqP1SJWPLFmlHfEDBw4SIprT4PYyhamSI390DLkVk2LHcdhQDj5KLtXAy3gS8sjsV-JujpGEkm_Q-aE5Jim3ppscvTphUhwzwkwe9riiuejXvVF_N5qrBrg2oKXpZgSYo2c7DshPPdnpG1AxrEULASmoICepQDWT-Iv_JK62ZMgzMU6AjBquYkcXNV8QsHd1N1n9v_MecViOfWJhFYza2lVEWkOMF1OOcpOZPPDc1nPcHoXm9WaiC62l7hWhIrZkCXgYuipODMGPit3Il0SLM8Al7r8Bi4mEFFUREki11L4bL6N4o57UjNsL4xzuQjcNRsygfAoou2-btwAziz6vw8HISWmI4w1mH_xOYNAXlmp5CLJBsWLnyFMBLZnhmXFbxTLj4wEC9nhCZZsn73efwVADDoj6_T_QYAZoMa07b8wh3I2RUa5aUrEIwmYyGbfQrUGf_h5vyFCBhtyT1N7V2qU-MUnhpNBS4LR7ewjpY68zwMrNcdreLavKTVVz3tUo77lnjXF0W6rH04-r-mgBO2UAgkwNW-6gXfzHZUhE6GHQuuYz2IuSl91kymdjhOX7kQz45jrSJ1ZTorLI6PEmWxGU22voB8K1ZyOLVUuf0ahCAN5e8e0dW_5e5V6eV9j1tW9NVeSpfZUyJTnbNVNWOeuEczwz3VThRN7K3EtjF7_g3BOxciP7T5Yxd2hXQZvxVLIXl6_ryVSRX-Wd6O3i0FXg0KZVsFAZwMRZzXMSX6flBMoi7mVMMbsv3PhLR-O4AiQOQqXktljRhBuflYKNbPZA4qG-ICO6pignsFiDc8KP2A3i1Y_ePxmBItX9juOwFJSpoM9cqrBz_wBuS-4PLCzVjiE9RMFmSZnOrZceoBBaRqZvalRFsLexrSG35EfqI5-yj1LDXEKB6USnq7s-EvrAOO26B5y79biUVcURIQ9G_4_L3x8bD5IEQfP_nWdiYR-sFMxGxLKmGps0CX61RQm1gG-Awwzs003M-rjY_YiU_LD6TAE9uarJLcmtSFXT8ZHmulG79tJsfLgXhNJXOCUrEJd11ODoHCywRImnT5BLMf3enXyjjzUKnYGSd-D4_d3GjjJp1YePDusg-AyOeS3cgDVR5X0Cvs5v1bQk1UDzt1ds_20UmeW7Q6gWJTRNlhNd_ApsDBp8QT9gqWZ5Kn4yWMZJTq51HB9jXv6N9VHN8RLuBt-Y778WjNU19HKaKXCQA1DokXd7Mlxs8T0OHBKh7-WBm78SHWct0L9IvxaB2J0OI7pH8fHo-DoML2JBnYA-Ahz0N94DnUXkrFNDz1gk_WcDQD5ELijTZY50im2QPRFeIwMYxmHBCqSGpRTseyYsrWYxXQWHnE_6B8EOsuzTS-7rbytQvm5ZLNo8SkIs_oqtK1eAk3TQVmft5rOaqQX-CyvXe_1uxeM-uPXOxWKWTxho52qi9pLrWK7y8Y3EzOPa59HNBTLsUBzoXIMZGQ1nQxOfolr5VN4InYZ46mBI8A3cZCZF6n2gVZ3HvJpWhpTT3ra39W9WjDf4RCQvNPAtAh6c0XcMsxPUHaI6k9wDFu0WRRJRp92iiUu1JoSHyF_12v3hwMM29lt6JmnYJhGRNGNU9vja2LBg2U_VgO_KZ6xp5g21iiP5A3Albr-1BQL0CbmSdscLB7sl2EE-YqEeSExPmQeOOx-MohU3Q1RGWyKuNxco3l6l-w&cid=CAASJeRo4VP_fz5bwEqe5qqvamXP2Yl6v3CrNNhGsBL0vaCSvYM9FIc&rfl=1%2Chttps%253A%252F%252Fthehackernews.com%252F2022%252F06%252Fzuorat-malware-hijacking-home-office.html%240
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e0234786153a5a1d7882ee5c914e9f868fa393e7962c28ef1ab6832ba4393d69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33211
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7EB8 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BQjOuUhCUYr2O5Aiq9c8i7SOAc4aoQibS5AgDPJ2k3aiHg7VO4owtPwTPBOWH8EFULv5a5uqo6ooPT7KaxBuqewWOOTmSO-oCm6RNjw8v7ke3qgII
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 7EB8 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:37:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:37:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7EB8 		138 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43256
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1656329918998510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 28 Jun 2022 16:39:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 7EB8 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:38:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
48
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7309
x-xss-protection
0
server
cafe
etag
16921397534319471551
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:38:23 GMT
l
www.google.com/ads/measurement/ Frame 7EB8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRtRw2pjEIp0PW18qpqcKyInyKphndV1tWa8DNc27Jk7U2diYYjDj1UPuyFnA8f_mQU9ZVSj8lEWCjFoUwgCe1cZZi0wQ
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers
rum
dsum-sec.casalemedia.com/ Frame 3EA3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1
43 B
944 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGJ2RwMcBMAE&v=APEucNWyF7cdWmLptIK3wkJuGi9wuEsHkGtLfL3qNgW2LTxMVFmEXtJw0If2LWNzKHTifqVMlyywpQJH6JCwRkp-n4YQR7xdF5BQ8t0X4rTYCev4CrP1Dxk6Mo82G78-0HDnGCL-r5rFX4CVu5ZWVWGijp-2o7B_-qqo-35H8hcef6I2CDy_3xE
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray
7227db66887f9b1f-FRA
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bGocr92LzidAE1jFl7KKRoVvKTx9x%2BIy7%2B4v2Pbs%2BPDvvrW%2BsxKjm4VpVHSX6uedgkWlL7ill14xuLyIgZW2sYlcV9NZR1tJPQ1Ojc4IUweVt0xm6sLYTLrO34z0WdbYpeCsVQpmc3gcwA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 3EA3
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yrsur-Vf9Shq6qpSh6Q.LgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1&google_hm=2
43 B
907 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGJ2RwMcBMAE&v=APEucNWyF7cdWmLptIK3wkJuGi9wuEsHkGtLfL3qNgW2LTxMVFmEXtJw0If2LWNzKHTifqVMlyywpQJH6JCwRkp-n4YQR7xdF5BQ8t0X4rTYCev4CrP1Dxk6Mo82G78-0HDnGCL-r5rFX4CVu5ZWVWGijp-2o7B_-qqo-35H8hcef6I2CDy_3xE
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray
7227db66e91a9b1f-FRA
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LoQL15P5LObw6lnu8D7TguNXOlFFrfEAEUscTmtGBc9BQTSxzvIz50nZ0aubW8n3%2B0QGC2nXNgvhlxSWG7NU40GMjR123i%2Fepes3mlo6NBV3YQCaXjHzDC5VZCdxETg9eTFIeVH0%2F2ugBw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhuIohRg9gJbNiDMqIxngM&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 3EA3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEEcIDkilNQmqM7tAH456X5s&google_cver=1
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEEcIDkilNQmqM7tAH456X5s&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGJ2RwMcBMAE&v=APEucNWyF7cdWmLptIK3wkJuGi9wuEsHkGtLfL3qNgW2LTxMVFmEXtJw0If2LWNzKHTifqVMlyywpQJH6JCwRkp-n4YQR7xdF5BQ8t0X4rTYCev4CrP1Dxk6Mo82G78-0HDnGCL-r5rFX4CVu5ZWVWGijp-2o7B_-qqo-35H8hcef6I2CDy_3xE
Protocol
HTTP/1.1
Server
185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:11 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
05fe6cd0-fa95-4cbc-8627-0a19e28762db
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEEcIDkilNQmqM7tAH456X5s&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3EA3
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2ODA4MTczNzA1MTg4NDI4Nw%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2ODA4MTczNzA1MTg4NDI4Nw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGJ2RwMcBMAE&v=APEucNWyF7cdWmLptIK3wkJuGi9wuEsHkGtLfL3qNgW2LTxMVFmEXtJw0If2LWNzKHTifqVMlyywpQJH6JCwRkp-n4YQR7xdF5BQ8t0X4rTYCev4CrP1Dxk6Mo82G78-0HDnGCL-r5rFX4CVu5ZWVWGijp-2o7B_-qqo-35H8hcef6I2CDy_3xE
Protocol
H2
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:11 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
24c3ff73-43fc-434e-be26-4edf6dd08e72
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM2ODA4MTczNzA1MTg4NDI4Nw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 7EB8 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
Origin
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 19:19:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
76766
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 28 Jun 2022 19:19:45 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220623/r20110914/elements/html/ Frame 7EB8 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220623/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVraWCP7hHbIGStYIo53ZrSJkRq6ugDtW9_aS5Ega9MSpDn1nFQOQGmFPhIP_TzxgqvqRqXs07iTNGC1DzMfOeLd-mhr2-Cku_BqS2_6BAl7cFKsbAWZZ1ZF0va1yfvp-2CqvMOeSZo5Ao8Yp3zK7ccqFCpA&dbm_d=AKAmf-AbHgdjcTcOGeRSpRdgqzWOzvvjSHtZ-iHr1X1k7RBrK0oebdCV-6RX6u9qVQcz29MPkYTUilwXJIoSMChpoNwFD9dbyWpS7thqihpEd-HGoIo-WyRizAtW3vPfSrZubYMcCg3lvOMY9Iw5NUrq9qF4vylpbIGrGGV0PkyyTndBx1rB3cII6LT5Nbn0q8OCjG6NpHGQIBFGsU1reaD-1IQes-eIjLDzoPstdSFNGZpmBef86cs8KsqnMDflni5jNq0QmEgRiu17p4HNXK6N5GSWBDgu43Pi_dyUGqCFVBq1aPYSb_1Y1GLX3arG66YziC3zLRjFAkNQ83jdy35Qt3nuZF7X-NnracoJYQBTcPF56zbE1eq4NjCdXprmuxx6lURuu0raOlVfOymba-My3toA3PAwRIKks_FfHzb37HabMp9ZEttJ3JOQ-R_Ljb6Nd9B_pjL5Z-xTfVQBJf-D4_phQ1xEf9lz3Wd4yTcVSoVUuWJvTUBPptaydcByIulc4vFYdxLGUK1omXs6hJNfEzfOBied3Bd0pTghUcooUGdFn82NsybnGROnWx4k0urh8-bBi5J90RiqNQI34_01FKKg9eJgOBldopwfDinaC9lBpNxvk8jmDrV8qB4zcY_-YxUI9p2LFBJdLls_Da14ggqrazpdRHrNkVw92whKd9XyDnwp7ToUcRPWY0pVBBVtDrwm30_CSjVdnLkE3ye6Ju5M2Hll9sB4rU4OHQXfKISORpXYSD-z74_QFzycNGaZDBqEeYLyY5jpFAaazvnGZwIWid04UEHcNKsEeIc_rLMN1bXog_iOyK9H8utzVErfgI4salVjb80eDsaHTsG0Tj-eoZqk5A7QuVjciCbHi_8H-fNISjYaohmoGReH1mHBtWIsSmNg05hJ3kJUg5IEyO2f4wtmGnmaAcnmi8IpY6Vjq-I44yA6zW9_sXOfuf6QYqvz3k_z-Xk1esPUg6O9r0gWJ2uq2CRHAewHndCA6Xtpsd51dya3Td5rDMDkaqTNT2lr-rWB9CpVUliXiK3icEbE6X3llpwNQypWN3vFYNgI4jfLTbk2s5FIrsTVu4NS0VkJEi1m2vcNQ2Pu3h4IfaF8OXOUs7WDatrsx7XhaPJKObgMzr2E_wk5S5Ct34ifW2oslEphpZCYRITKCy-9BxIkTcTNtuHyvRmWuk1ZYZXXezBePR8flt1IPquLcUw1l1Mxv7SH_qsHZmIIaY8sGpFauehryv_KTs56NP8HA0sQzit5MH4b59Z72aOPmUvaIbB2DjVVTYCZOHPi2Gp8YLcQDLt8LJ8pjwNi2sc0SZUc42u8S01Pl-n63_3p2DLrJKdXmorf8axLoG1K_K37yhLnbUTu21MRG2pcc0OE82igzHZxjjtZZi2EXCJDzJKVDpegD7-jr324UgUtZUS_c7jcpdd5Ix0H92phK-htJmQ-Drv30X089vXS30p1NH_FaDGj1efqEKfVQEYjO0lAFDMPLaUMGP3baXjzckEmlMKDWBfGONnsvzeuRLRnNYuGcAyTDn8qqpCTtdQicqUJOaQg004qcpOuk4oXG2AUYEsP0-3C7Y0tJnaHg-NPyP3fkwqlS53RyiS1Zg1Now0dILtgjLQvrVKB_aC3MMTvoebn3uF2Np7pjOyJn3BLXlpMQXJFn0rMnEnlJdOEBI4CUQv2X39IvmvdSJzeqsJz4EVVyC0eCvvWuBkCnqP1SJWPLFmlHfEDBw4SIprT4PYyhamSI390DLkVk2LHcdhQDj5KLtXAy3gS8sjsV-JujpGEkm_Q-aE5Jim3ppscvTphUhwzwkwe9riiuejXvVF_N5qrBrg2oKXpZgSYo2c7DshPPdnpG1AxrEULASmoICepQDWT-Iv_JK62ZMgzMU6AjBquYkcXNV8QsHd1N1n9v_MecViOfWJhFYza2lVEWkOMF1OOcpOZPPDc1nPcHoXm9WaiC62l7hWhIrZkCXgYuipODMGPit3Il0SLM8Al7r8Bi4mEFFUREki11L4bL6N4o57UjNsL4xzuQjcNRsygfAoou2-btwAziz6vw8HISWmI4w1mH_xOYNAXlmp5CLJBsWLnyFMBLZnhmXFbxTLj4wEC9nhCZZsn73efwVADDoj6_T_QYAZoMa07b8wh3I2RUa5aUrEIwmYyGbfQrUGf_h5vyFCBhtyT1N7V2qU-MUnhpNBS4LR7ewjpY68zwMrNcdreLavKTVVz3tUo77lnjXF0W6rH04-r-mgBO2UAgkwNW-6gXfzHZUhE6GHQuuYz2IuSl91kymdjhOX7kQz45jrSJ1ZTorLI6PEmWxGU22voB8K1ZyOLVUuf0ahCAN5e8e0dW_5e5V6eV9j1tW9NVeSpfZUyJTnbNVNWOeuEczwz3VThRN7K3EtjF7_g3BOxciP7T5Yxd2hXQZvxVLIXl6_ryVSRX-Wd6O3i0FXg0KZVsFAZwMRZzXMSX6flBMoi7mVMMbsv3PhLR-O4AiQOQqXktljRhBuflYKNbPZA4qG-ICO6pignsFiDc8KP2A3i1Y_ePxmBItX9juOwFJSpoM9cqrBz_wBuS-4PLCzVjiE9RMFmSZnOrZceoBBaRqZvalRFsLexrSG35EfqI5-yj1LDXEKB6USnq7s-EvrAOO26B5y79biUVcURIQ9G_4_L3x8bD5IEQfP_nWdiYR-sFMxGxLKmGps0CX61RQm1gG-Awwzs003M-rjY_YiU_LD6TAE9uarJLcmtSFXT8ZHmulG79tJsfLgXhNJXOCUrEJd11ODoHCywRImnT5BLMf3enXyjjzUKnYGSd-D4_d3GjjJp1YePDusg-AyOeS3cgDVR5X0Cvs5v1bQk1UDzt1ds_20UmeW7Q6gWJTRNlhNd_ApsDBp8QT9gqWZ5Kn4yWMZJTq51HB9jXv6N9VHN8RLuBt-Y778WjNU19HKaKXCQA1DokXd7Mlxs8T0OHBKh7-WBm78SHWct0L9IvxaB2J0OI7pH8fHo-DoML2JBnYA-Ahz0N94DnUXkrFNDz1gk_WcDQD5ELijTZY50im2QPRFeIwMYxmHBCqSGpRTseyYsrWYxXQWHnE_6B8EOsuzTS-7rbytQvm5ZLNo8SkIs_oqtK1eAk3TQVmft5rOaqQX-CyvXe_1uxeM-uPXOxWKWTxho52qi9pLrWK7y8Y3EzOPa59HNBTLsUBzoXIMZGQ1nQxOfolr5VN4InYZ46mBI8A3cZCZF6n2gVZ3HvJpWhpTT3ra39W9WjDf4RCQvNPAtAh6c0XcMsxPUHaI6k9wDFu0WRRJRp92iiUu1JoSHyF_12v3hwMM29lt6JmnYJhGRNGNU9vja2LBg2U_VgO_KZ6xp5g21iiP5A3Albr-1BQL0CbmSdscLB7sl2EE-YqEeSExPmQeOOx-MohU3Q1RGWyKuNxco3l6l-w&cid=CAASJeRo4VP_fz5bwEqe5qqvamXP2Yl6v3CrNNhGsBL0vaCSvYM9FIc&rfl=1%2Chttps%253A%252F%252Fthehackernews.com%252F2022%252F06%252Fzuorat-malware-hijacking-home-office.html%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:38:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
29
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:38:42 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 7EB8 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVraWCP7hHbIGStYIo53ZrSJkRq6ugDtW9_aS5Ega9MSpDn1nFQOQGmFPhIP_TzxgqvqRqXs07iTNGC1DzMfOeLd-mhr2-Cku_BqS2_6BAl7cFKsbAWZZ1ZF0va1yfvp-2CqvMOeSZo5Ao8Yp3zK7ccqFCpA&dbm_d=AKAmf-AbHgdjcTcOGeRSpRdgqzWOzvvjSHtZ-iHr1X1k7RBrK0oebdCV-6RX6u9qVQcz29MPkYTUilwXJIoSMChpoNwFD9dbyWpS7thqihpEd-HGoIo-WyRizAtW3vPfSrZubYMcCg3lvOMY9Iw5NUrq9qF4vylpbIGrGGV0PkyyTndBx1rB3cII6LT5Nbn0q8OCjG6NpHGQIBFGsU1reaD-1IQes-eIjLDzoPstdSFNGZpmBef86cs8KsqnMDflni5jNq0QmEgRiu17p4HNXK6N5GSWBDgu43Pi_dyUGqCFVBq1aPYSb_1Y1GLX3arG66YziC3zLRjFAkNQ83jdy35Qt3nuZF7X-NnracoJYQBTcPF56zbE1eq4NjCdXprmuxx6lURuu0raOlVfOymba-My3toA3PAwRIKks_FfHzb37HabMp9ZEttJ3JOQ-R_Ljb6Nd9B_pjL5Z-xTfVQBJf-D4_phQ1xEf9lz3Wd4yTcVSoVUuWJvTUBPptaydcByIulc4vFYdxLGUK1omXs6hJNfEzfOBied3Bd0pTghUcooUGdFn82NsybnGROnWx4k0urh8-bBi5J90RiqNQI34_01FKKg9eJgOBldopwfDinaC9lBpNxvk8jmDrV8qB4zcY_-YxUI9p2LFBJdLls_Da14ggqrazpdRHrNkVw92whKd9XyDnwp7ToUcRPWY0pVBBVtDrwm30_CSjVdnLkE3ye6Ju5M2Hll9sB4rU4OHQXfKISORpXYSD-z74_QFzycNGaZDBqEeYLyY5jpFAaazvnGZwIWid04UEHcNKsEeIc_rLMN1bXog_iOyK9H8utzVErfgI4salVjb80eDsaHTsG0Tj-eoZqk5A7QuVjciCbHi_8H-fNISjYaohmoGReH1mHBtWIsSmNg05hJ3kJUg5IEyO2f4wtmGnmaAcnmi8IpY6Vjq-I44yA6zW9_sXOfuf6QYqvz3k_z-Xk1esPUg6O9r0gWJ2uq2CRHAewHndCA6Xtpsd51dya3Td5rDMDkaqTNT2lr-rWB9CpVUliXiK3icEbE6X3llpwNQypWN3vFYNgI4jfLTbk2s5FIrsTVu4NS0VkJEi1m2vcNQ2Pu3h4IfaF8OXOUs7WDatrsx7XhaPJKObgMzr2E_wk5S5Ct34ifW2oslEphpZCYRITKCy-9BxIkTcTNtuHyvRmWuk1ZYZXXezBePR8flt1IPquLcUw1l1Mxv7SH_qsHZmIIaY8sGpFauehryv_KTs56NP8HA0sQzit5MH4b59Z72aOPmUvaIbB2DjVVTYCZOHPi2Gp8YLcQDLt8LJ8pjwNi2sc0SZUc42u8S01Pl-n63_3p2DLrJKdXmorf8axLoG1K_K37yhLnbUTu21MRG2pcc0OE82igzHZxjjtZZi2EXCJDzJKVDpegD7-jr324UgUtZUS_c7jcpdd5Ix0H92phK-htJmQ-Drv30X089vXS30p1NH_FaDGj1efqEKfVQEYjO0lAFDMPLaUMGP3baXjzckEmlMKDWBfGONnsvzeuRLRnNYuGcAyTDn8qqpCTtdQicqUJOaQg004qcpOuk4oXG2AUYEsP0-3C7Y0tJnaHg-NPyP3fkwqlS53RyiS1Zg1Now0dILtgjLQvrVKB_aC3MMTvoebn3uF2Np7pjOyJn3BLXlpMQXJFn0rMnEnlJdOEBI4CUQv2X39IvmvdSJzeqsJz4EVVyC0eCvvWuBkCnqP1SJWPLFmlHfEDBw4SIprT4PYyhamSI390DLkVk2LHcdhQDj5KLtXAy3gS8sjsV-JujpGEkm_Q-aE5Jim3ppscvTphUhwzwkwe9riiuejXvVF_N5qrBrg2oKXpZgSYo2c7DshPPdnpG1AxrEULASmoICepQDWT-Iv_JK62ZMgzMU6AjBquYkcXNV8QsHd1N1n9v_MecViOfWJhFYza2lVEWkOMF1OOcpOZPPDc1nPcHoXm9WaiC62l7hWhIrZkCXgYuipODMGPit3Il0SLM8Al7r8Bi4mEFFUREki11L4bL6N4o57UjNsL4xzuQjcNRsygfAoou2-btwAziz6vw8HISWmI4w1mH_xOYNAXlmp5CLJBsWLnyFMBLZnhmXFbxTLj4wEC9nhCZZsn73efwVADDoj6_T_QYAZoMa07b8wh3I2RUa5aUrEIwmYyGbfQrUGf_h5vyFCBhtyT1N7V2qU-MUnhpNBS4LR7ewjpY68zwMrNcdreLavKTVVz3tUo77lnjXF0W6rH04-r-mgBO2UAgkwNW-6gXfzHZUhE6GHQuuYz2IuSl91kymdjhOX7kQz45jrSJ1ZTorLI6PEmWxGU22voB8K1ZyOLVUuf0ahCAN5e8e0dW_5e5V6eV9j1tW9NVeSpfZUyJTnbNVNWOeuEczwz3VThRN7K3EtjF7_g3BOxciP7T5Yxd2hXQZvxVLIXl6_ryVSRX-Wd6O3i0FXg0KZVsFAZwMRZzXMSX6flBMoi7mVMMbsv3PhLR-O4AiQOQqXktljRhBuflYKNbPZA4qG-ICO6pignsFiDc8KP2A3i1Y_ePxmBItX9juOwFJSpoM9cqrBz_wBuS-4PLCzVjiE9RMFmSZnOrZceoBBaRqZvalRFsLexrSG35EfqI5-yj1LDXEKB6USnq7s-EvrAOO26B5y79biUVcURIQ9G_4_L3x8bD5IEQfP_nWdiYR-sFMxGxLKmGps0CX61RQm1gG-Awwzs003M-rjY_YiU_LD6TAE9uarJLcmtSFXT8ZHmulG79tJsfLgXhNJXOCUrEJd11ODoHCywRImnT5BLMf3enXyjjzUKnYGSd-D4_d3GjjJp1YePDusg-AyOeS3cgDVR5X0Cvs5v1bQk1UDzt1ds_20UmeW7Q6gWJTRNlhNd_ApsDBp8QT9gqWZ5Kn4yWMZJTq51HB9jXv6N9VHN8RLuBt-Y778WjNU19HKaKXCQA1DokXd7Mlxs8T0OHBKh7-WBm78SHWct0L9IvxaB2J0OI7pH8fHo-DoML2JBnYA-Ahz0N94DnUXkrFNDz1gk_WcDQD5ELijTZY50im2QPRFeIwMYxmHBCqSGpRTseyYsrWYxXQWHnE_6B8EOsuzTS-7rbytQvm5ZLNo8SkIs_oqtK1eAk3TQVmft5rOaqQX-CyvXe_1uxeM-uPXOxWKWTxho52qi9pLrWK7y8Y3EzOPa59HNBTLsUBzoXIMZGQ1nQxOfolr5VN4InYZ46mBI8A3cZCZF6n2gVZ3HvJpWhpTT3ra39W9WjDf4RCQvNPAtAh6c0XcMsxPUHaI6k9wDFu0WRRJRp92iiUu1JoSHyF_12v3hwMM29lt6JmnYJhGRNGNU9vja2LBg2U_VgO_KZ6xp5g21iiP5A3Albr-1BQL0CbmSdscLB7sl2EE-YqEeSExPmQeOOx-MohU3Q1RGWyKuNxco3l6l-w&cid=CAASJeRo4VP_fz5bwEqe5qqvamXP2Yl6v3CrNNhGsBL0vaCSvYM9FIc&rfl=1%2Chttps%253A%252F%252Fthehackernews.com%252F2022%252F06%252Fzuorat-malware-hijacking-home-office.html%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:36:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
174
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10545
x-xss-protection
0
server
cafe
etag
4672069523611413616
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 12 Jul 2022 16:36:17 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 7EB8 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Mon, 27 Jun 2022 11:54:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
103483
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 27 Jun 2023 11:54:28 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 0201 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
11579
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 13:26:12 GMT
etag
48472445140208031
expires
Wed, 29 Jun 2022 13:26:12 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 7EB8 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3634f1a35e2b5d996dce033a08e1096a5cf18a57b0519cdb1332330405d2d389

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 074F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
93681
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 27 Jun 2022 14:37:50 GMT
expires
Tue, 27 Jun 2023 14:37:50 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame 0201
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cve...
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cmpZZ2ZYV3YxTzZlZjU1&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cver=1&google_push=ARnp8GAJePw_iCpHcBB3wGwOLO_7nTtUSYi78Y1a_y6Gw4l...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cmpZZ2ZYV3YxTzZlZjU1&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cver=1&google_push=ARnp8GAJePw_iCpHcBB3wGwOLO_7nTtUSYi78Y1a_y6Gw4lPD-7kzDxgES7MuCybg83DLorf2oF-d4uyeR3zBeVaxLI9zb42gHw
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:10 GMT
Server
PingMatch/658332f#658332fc5aaa95d8a9be88d89d84d3c319923363 i-0aa046f85b99a54d2@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cmpZZ2ZYV3YxTzZlZjU1&google_gid=CAESEHvQOHA5A4T0-RkLvkmSgO4&google_cver=1&google_push=ARnp8GAJePw_iCpHcBB3wGwOLO_7nTtUSYi78Y1a_y6Gw4lPD-7kzDxgES7MuCybg83DLorf2oF-d4uyeR3zBeVaxLI9zb42gHw
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0201
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEOH-SxjdP56mtl3NuCMtZzg&google_cver=1&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZ...
  • https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEOH-SxjdP56mtl3NuCMtZzg&google_cver=1&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1...
  • https://p.rfihub.com/cm?in=1&pub=20513&ssp=google
  • https://x.bidswitch.net/sync?dsp_id=119&user_id=5109685623550794859&expires=30&ssp=google
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZHoIKb8M&google_hm=Jvz7g4b9Ss2E_sHpZQ9icg==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZHoIKb8M&google_hm=Jvz7g4b9Ss2E_sHpZQ9icg==
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ARnp8GAR1V3sZKnJMAlBRoAithhME7Fz66_SUBb-1bHTOx4-O2nivxWJc635TAZzKTVS7VjM8KpcmGXY4-nqS1zCzPsZHoIKb8M&google_hm=Jvz7g4b9Ss2E_sHpZQ9icg==
Date
Tue, 28 Jun 2022 16:39:11 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 0201
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAJ9y_gwppg5qf-SJqw-F7A&google_cver=1&google_push=ARnp8GA86FtsLMoQOlI3zUBYue1m4hfZSHHvkMCwDqqwkf7vvaIsn1ntnhZykozgYeW7nG9PItz...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==&google_push=ARnp8GA86FtsLMoQOlI3zUBYue1m4hfZSHHvkMCwDqqwkf7vvaIsn1ntnhZykozgYeW7nG9PItzL4CICbOMfJrq1oSCF99Tj8w
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==&google_push=ARnp8GA86FtsLMoQOlI3zUBYue1m4hfZSHHvkMCwDqqwkf7vvaIsn1ntnhZykozgYeW7nG9PItzL4CICbOMfJrq1oSCF99Tj8w
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==&google_push=ARnp8GA86FtsLMoQOlI3zUBYue1m4hfZSHHvkMCwDqqwkf7vvaIsn1ntnhZykozgYeW7nG9PItzL4CICbOMfJrq1oSCF99Tj8w
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
pixel
cm.g.doubleclick.net/ Frame 0201
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOJnrF-LJcJwy03KRsDM1kM&google_cver=1&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOJnrF-LJcJwy03KRsDM1kM&google_cver=1&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2eAtAeEyLG4&google_hm=E4yHtGZHG9dPubt8SWiNgHBV
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2eAtAeEyLG4&google_hm=E4yHtGZHG9dPubt8SWiNgHBV
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Tue, 28 Jun 2022 16:39:11 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ARnp8GAOfhH65Y0nJyJERq8NlczitzQwmQV6oiC4GFuIu4kxOiT40xrjccSjBE9HCUHO0Uz7iOJB_mABi4C6uVUU2eAtAeEyLG4&google_hm=E4yHtGZHG9dPubt8SWiNgHBV
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
pixel
cm.g.doubleclick.net/ Frame 0201
Redirect Chain
  • https://match.360yield.com/match/ebda?google_gid=CAESEIhNCaOl-uWbYcCREkPZg6A&google_cver=1&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT8EORil...
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEIhNCaOl-uWbYcCREkPZg6A&google_cver=1&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ref5RamjTui5r5dbY6_5mw&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLC...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ref5RamjTui5r5dbY6_5mw&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT8EORilimSu0
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ref5RamjTui5r5dbY6_5mw&google_push=ARnp8GC6X0MrDw2odMaaciDzPA-gZn6DKsJru41VuKOXpg9_UFsMKnZbIzU_291VgaWdFYed0_sG4FC7ma2dGLCT8EORilimSu0
date
Tue, 28 Jun 2022 16:39:11 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
sync
ssbsync.smartadserver.com/api/ Frame 0201 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEME6kqzPTP9Vew7eVXIyGoE&google_cver=1&google_push=ARnp8GCQ0_Dd0iFrYRmlvB-j39rZ-bYNBXiLtVfHHzf6HEl4wYgn1et2yavjP-AFqWHcq1wD3wLu-cXfIS6y5a8QK7Pgf2bslhY
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:10 GMT
content-length
0
pixel
cm.g.doubleclick.net/ Frame 0201
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuLKTJiCI7-Nm1CIXAZ81I&google_cver=1&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Q...
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuLKTJiCI7-Nm1CIXAZ81I&google_cver=1&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Q...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS04WV9vTWdoRTJ1RmNDOVU2ZVBxZjRjNkIxRkMzd1FpdH5B&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774v...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS04WV9vTWdoRTJ1RmNDOVU2ZVBxZjRjNkIxRkMzd1FpdH5B&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Qotvx81aeD5J04PrJHBpQOvBuo
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS04WV9vTWdoRTJ1RmNDOVU2ZVBxZjRjNkIxRkMzd1FpdH5B&google_push=ARnp8GBuQeB3trD_QlVIsHkq8QrWHdS3kuru6sSSSxR9-QOWizvcc774va2eQ7IonT93qIcq2Qotvx81aeD5J04PrJHBpQOvBuo
date
Tue, 28 Jun 2022 16:39:11 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
attr
cm.g.doubleclick.net/pixel/ Frame 0201 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IMXq_Hvz0qeO5iIzkQcuZTmmMhFjFfN37L97fH5zYBgYf5tmDSf1Fz-oTx1xpOr32iqaZHCA
Requested by
Host: 18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
URL: https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:11 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
generate_204
tpc.googlesyndication.com/ Frame DA5A 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?aJrD6g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
index.html
s0.2mdn.net/9758430/1649322212218/ Frame 813F 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/9758430/1649322212218/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
99e63adb6563215d7eba25985f80123836e3ab8bf26066ca466b904e43fa653d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
6676
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
1771
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 14:47:55 GMT
expires
Wed, 29 Jun 2022 14:47:55 GMT
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 7EB8 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPKAtZCtXU9bde8Kra2mg3VYobQY2W6Z0vgQb8hLkMGJVxaBBkqGmCh0aMV7q4_3SEhNOcB5bTDVwPOQuIP4ti8Tw-J8VBTZnzMh0dKUcGBKL7o9CXsWS2fHhgbLTcZhh7neceDDScFdvhl5_e_mvt3g4mrai_e2D2YRuwUdNYst6z39RSg0CiUeR7etob_wG2PyLcHtutH5k6rWtG4lWCAMkaz7w7ZLt_8snzBQTMgWrXWo1yNcVKkK03k0fEcXsBv2HsJwMuKAnysVF4I0sFiZjY81XMMVAtQ7IMcJDQyjSlWDo8jqIvC9hQkC0BIa2zFZ-hr4MowUTKzbH3b-EhA5mww4_UY0YOT5MKwD3MPyJKGCiyW2Qi1VC8JIfXPcM5hhpSl0GjO2hLMWPNuYYfjD0tvndlZpnTPvEksZtLkWTYe3vX2tAbsvRm7JIRL8ECRkm8FUGNmNM8P8ChEZHCfySnWXKkiFHE12d7T6xrseIshsphw__qoDTFBE7Y-zK4qwf1WG3DmCyID_vxvBSckp_g7Sv9V8erwR0On9VNeQOOJjqbp1afIkSpgoJTPintU1Ib2O15PZEXfW2ptUhwTDrrM3soSckt40SPHykmpEI2Jmj3qV4aEvE81cvc4ctNcQQSuGDAyf9UZP8FT84O9oyHatsA7FYTnwtMSb6ltrRFxpUI8geyJGv0myLI8fUQg2bPxQ_vIxfAYMBinRnPazMe2JgDrwi_j7vFOaXZzovlVJvw95uMcX1cIOLEsm82JLxAdOLWHp_mB9ifI6FjXdJjz37YUJm1CDBAQNEqyfVt2a2dpBTRadUjxjApDs1DHseJbx4n4kPU1gQ0DjrHOe1vmd5SeL572rh9_UdrGuyOKO2POcLwpL6nF2f0ldeV7ga47J2ycQl27k2V87nJHt7Tc0OOmIuF7jZ7joRwSzOovU7HI3D06dgXvNF_HOrWVXHx5rThecDJj9q5bG8rhtTAd5FK9C5e3VXEOzoCTs5OnRyV1XkYY2RZh-2YBXqajwW-JtSfLVgcnx-WsrDsXP77bfABXRA7FfrDOAv07WRSUeNO1mfX5qis4tmfvvP_WFtIzDVEllqnYGxkPXq9MeV9Nc3b8aGiwuaiq6NiCjsQsx-X_f7wl1o8iHpEv0E12tDNNJkkrpEgZTKa7ypb9XC7jtH1-pWVW6_yY7tDp0QEisrhQA0WB3QhpX1oqt9KYr2YNrGP18wRPtsoyZ8H_noYLVY2qV45HvrQkiQPtEDHNsk906IIrLPvuMOdIB8jepbOkJQ6wGlnHPYOtbPDuJn9Y3tVRA3dlWW-OufHTQtwHCZFxpQejA&sai=AMfl-YTjChdSxyaAl4bcReyAm8ItlNm5Zv5Xmdv0AVZp1TCCvIkNExAmSWQqfHmEoL9rZpIu7kFuiSQSH94zjpKEfluSBkM51x8Aoh9XZNrtxC2CDpWw_l7s7FXu11UI10jT6R_t70mImnEXjHc3A93_JOxwrFeutr69PH8602WwCYsC71pWP19Cazh36JwDhAOsx1Rku38s_U2UEDODKe2r0JipPyM&sig=Cg0ArKJSzIEFZM1TgkxBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=103&cbvp=1&cstd=100&cisv=r20220623.41135&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Tue, 28 Jun 2022 16:39:11 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
pagead2.googlesyndication.com/bg/ Frame 074F 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/knGWWo7aSa0uHovcfrgOqEbwt81bmGsp9O44qLiKOUk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:01:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
13078
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13854
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 16:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 28 Jun 2023 13:01:13 GMT
stylesheet.min.css
s0.2mdn.net/9758430/1649322212218/css/ Frame 813F 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/9758430/1649322212218/css/stylesheet.min.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c8dd576008904c2abf79e599887306e9e70868bf06e47ded094af8d7c4d9b18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6676
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2030
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:55 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 813F 		60 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 28 Jun 2022 16:39:11 GMT
m_1.jpg
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/m_1.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36c233db45c2d14ec9f471338ca33b1deb2719da3ea5e35423be6f33769f266f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15603
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
siegel.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/siegel.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a17e4dd87ec2f81ba855b13cf8b26bd6d642177b6fca4ccdfc337bf9434bbff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11344
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
b_1_1.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		323 B
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_1_1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5d0ba43bc8cca87233a21d93849fe441996b6ba3c640ac3dcb66fa8482fa267
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
323
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
b_1_2.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		412 B
436 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_1_2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8627f9f4c7c6a31b0ed6ffc74747fd3e63f49597a28a562d0de2dc3c64d988eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 13:16:18 GMT
x-content-type-options
nosniff
age
12173
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
412
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 13:16:18 GMT
b_1_3.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		325 B
349 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_1_3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b034852b79e00d513d2e6f0c24b78548d5b93e5fa1bee14cf4fb0e993c08fee1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_1_1.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_1_1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4eb3bf0e95edb01e7a5e768b20d63652c93209f9b40057d38bee8167d6fbc4df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1149
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_1_2.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_1_2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
196fe267bdb45d06ecfc71e3cb04368fb9276cfab9eee9425e18cad21065cb8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1738
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_1_3.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_1_3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63373f7ce59c6f1c9565d715c57f8facf0893b55d22ea415a8a7fd89ece9ce2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1055
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
b_2_1.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		294 B
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_2_1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3f78d369ad746345d84c0d8687af256cc89555753b13c5d57d8163147f564a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
294
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
b_2_2.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		323 B
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_2_2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ddd432ff4f3e54e17657cbde29be2b9940a9ed5f2c40a13e64a220422f14a6c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
323
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
b_2_3.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		324 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_2_3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4537e3db3838b573f7f8a52040d0ed16c99f4243bfc47ccb2f260d94d1574759
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
324
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
b_2_4.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		286 B
310 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/b_2_4.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
016500055c8f906d46fcf713e1cfb1347acda80f2dd555cd9d29f46b16753726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
286
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_2_1.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_2_1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8ec1dff5de6151d858f1881894ed5773e0aa763ef68668f9401aef7c68da050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1739
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_2_2.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_2_2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4769052b599cae202fc2db4386a69dca70f65646f73bd70176b2c620a20f35f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1157
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_2_3.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_2_3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dfff74e4f7007cf891d3e2b2c3d5dbd83b5b20dbca04c059c2c347cde78d907d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1344
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_2_4.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_2_4.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9ca50334454efbe48e41079d2642716c1f146b104f1402b12950950440a84e9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1148
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
txt_3_1.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/txt_3_1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd48644621ce664291165b116aae412a4d4c9a21691898c170668c7201d45458
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4453
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
cta.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		812 B
836 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/cta.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa6a0f055c1a84aecfb4bea1968553781a8a97c365e81772578caaeb49fcff23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
812
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
logo.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da901cbe02a913678937d595afd8b155def20f93c1e4022b41a5abf181389262
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2286
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
logo_w.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/logo_w.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95e1bfe26a06989ebf97234422fe908ce4d6a63aa19ac0f700113872fcdbce6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:59 GMT
x-content-type-options
nosniff
age
6672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2292
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:59 GMT
pvm.min.js
s0.2mdn.net/9758430/1649322212218/js/ Frame 813F 		10 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/9758430/1649322212218/js/pvm.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d873ab8a4ce65352f83f0910fe9d4bc63b969afd3a28c7266f23a49061ae83e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:47:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6675
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2129
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:47:56 GMT
bubblespritesheettiny.png
s0.2mdn.net/9758430/1649322212218/img/ Frame 813F 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/9758430/1649322212218/img/bubblespritesheettiny.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758430/1649322212218/css/stylesheet.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f66b785c4dbc16aef40b7f55d8935e3038823fc74408efe3ef2b16c82c5587e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9758430/1649322212218/css/stylesheet.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 14:48:00 GMT
x-content-type-options
nosniff
age
6671
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14559
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 09:03:32 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 29 Jun 2022 14:48:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 7EB8 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPKAtZCtXU9bde8Kra2mg3VYobQY2W6Z0vgQb8hLkMGJVxaBBkqGmCh0aMV7q4_3SEhNOcB5bTDVwPOQuIP4ti8Tw-J8VBTZnzMh0dKUcGBKL7o9CXsWS2fHhgbLTcZhh7neceDDScFdvhl5_e_mvt3g4mrai_e2D2YRuwUdNYst6z39RSg0CiUeR7etob_wG2PyLcHtutH5k6rWtG4lWCAMkaz7w7ZLt_8snzBQTMgWrXWo1yNcVKkK03k0fEcXsBv2HsJwMuKAnysVF4I0sFiZjY81XMMVAtQ7IMcJDQyjSlWDo8jqIvC9hQkC0BIa2zFZ-hr4MowUTKzbH3b-EhA5mww4_UY0YOT5MKwD3MPyJKGCiyW2Qi1VC8JIfXPcM5hhpSl0GjO2hLMWPNuYYfjD0tvndlZpnTPvEksZtLkWTYe3vX2tAbsvRm7JIRL8ECRkm8FUGNmNM8P8ChEZHCfySnWXKkiFHE12d7T6xrseIshsphw__qoDTFBE7Y-zK4qwf1WG3DmCyID_vxvBSckp_g7Sv9V8erwR0On9VNeQOOJjqbp1afIkSpgoJTPintU1Ib2O15PZEXfW2ptUhwTDrrM3soSckt40SPHykmpEI2Jmj3qV4aEvE81cvc4ctNcQQSuGDAyf9UZP8FT84O9oyHatsA7FYTnwtMSb6ltrRFxpUI8geyJGv0myLI8fUQg2bPxQ_vIxfAYMBinRnPazMe2JgDrwi_j7vFOaXZzovlVJvw95uMcX1cIOLEsm82JLxAdOLWHp_mB9ifI6FjXdJjz37YUJm1CDBAQNEqyfVt2a2dpBTRadUjxjApDs1DHseJbx4n4kPU1gQ0DjrHOe1vmd5SeL572rh9_UdrGuyOKO2POcLwpL6nF2f0ldeV7ga47J2ycQl27k2V87nJHt7Tc0OOmIuF7jZ7joRwSzOovU7HI3D06dgXvNF_HOrWVXHx5rThecDJj9q5bG8rhtTAd5FK9C5e3VXEOzoCTs5OnRyV1XkYY2RZh-2YBXqajwW-JtSfLVgcnx-WsrDsXP77bfABXRA7FfrDOAv07WRSUeNO1mfX5qis4tmfvvP_WFtIzDVEllqnYGxkPXq9MeV9Nc3b8aGiwuaiq6NiCjsQsx-X_f7wl1o8iHpEv0E12tDNNJkkrpEgZTKa7ypb9XC7jtH1-pWVW6_yY7tDp0QEisrhQA0WB3QhpX1oqt9KYr2YNrGP18wRPtsoyZ8H_noYLVY2qV45HvrQkiQPtEDHNsk906IIrLPvuMOdIB8jepbOkJQ6wGlnHPYOtbPDuJn9Y3tVRA3dlWW-OufHTQtwHCZFxpQejA&sai=AMfl-YTjChdSxyaAl4bcReyAm8ItlNm5Zv5Xmdv0AVZp1TCCvIkNExAmSWQqfHmEoL9rZpIu7kFuiSQSH94zjpKEfluSBkM51x8Aoh9XZNrtxC2CDpWw_l7s7FXu11UI10jT6R_t70mImnEXjHc3A93_JOxwrFeutr69PH8602WwCYsC71pWP19Cazh36JwDhAOsx1Rku38s_U2UEDODKe2r0JipPyM&sig=Cg0ArKJSzIEFZM1TgkxBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=222&vt=11&dtpt=119&dett=3&cstd=100&cisv=r20220623.41135&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 28 Jun 2022 16:39:11 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame CDC8 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss6WODyuzkGkIhgI7dWY8GzA8-L-4jvFTa_9XmWwdtq42lEgIKplKfJIa2JBdfuGDMpJyCWcVVZ-NdmgwjaCLy757Iv_h0L2vAv5RWMFvH8WJvKKjeLv96g5aXIPxAGNsnxBk8klg&sai=AMfl-YQs1Psz6syXD0ykmeLh_gcnapU7QY3qglzyQ3GrHxKVnA50MfyXTQv8Og8d3xpU1vDmvu5mTIRaw-6z&sig=Cg0ArKJSzDAAqU_fEZgJEAE&id=lidar2&mcvt=1000&p=0,0,600,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=0.75&if=1&vu=1&app=0&itpl=4&adk=2877078529&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656434349549&rpt=759&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 664F 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuJED-zkkwKXcDnuyo8YSCjSBTWGAGElVWqUWTvRFjScGqamLD8zH6t1IiTlUspBwtgD-C9xQz5luPfYTzMuueba3V_VNTJYcESDuS3QNLeHs7svrfnS6HVS0ybhM6RDwezT1RlaA&sai=AMfl-YTBsC8OU9rmGR_dOnSAdERu3O_HKketSFPjGqQ50PNFSEGzsXYDFd-h4u8fq_sjNUN-n0duX3bnHUQu&sig=Cg0ArKJSzDksFLJA0j4UEAE&id=lidar2&mcvt=1001&p=0,0,250,300&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=455978357&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656434349530&rpt=760&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 074F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVJdcry67YuOZAaTZ7_UP4_SziAoAAAAAOAHgBAI&bg=!ZWalZiLNAAa8IIBmnCA7ACkAdvg8WlvKOtzLUqgAeUh0oyzVoLr68dTqCAP1XkaiKqHGHxotJyj1sQIAAABvUgAAAAFoAQcKAGgSzxBCoJj0dOmSjR-NSC7GnFM8awPHmtL2lafHklWR5_09lFR39t0wLt-HIz8VAF1rNn8rmsv0KLDEe6NsL1PNNUU-8dpic9ZCw_iaTppxSevojdyEWh5pundWHNMrs2ZkRp1TK2XYkZkC9NWnFsY1R2LLzzBceliZrl48SgURJTS1wrKa3d25bw0OzYJTVXeaFxUYOidn4giByBq11AobjdzjappzSGmXfPt3LlV2sWPevg4PvXEYe8fDnARMcHx7S4azafYwhH9vAE5NpDFU1uw3sS-w1CAQNf1bBj3LEcuzHW5OFwJMcLLB_EBJaI4ihFN5KEoPjZLPKM6Xv6y_Cmh06E8_yUHaR3ywv2gpJnGDSgPcHCbQbMbGtTtyMfphcWbgeJ3OiEjb1lSSSSgKr2UPJvbMalTy4MUsuqptSMO4QqN1PNuo_HCoilkP9P5zP3JtqqMzr9xp5z7aqUnAOQO6PzkAZBV_RyPr7hDXQ8Xiod6OPjlAKx5e3HnYr8j8rKAq5so4OHvCH2wzMjMtFVyapNtufdeNIFQGml77qC94GFRh0P-kp8F19YuN1K3-0YkNVApXTR--n4uMz2fCB6hBjROMRIVQMW7zZJXjgjnZ_TzXIiDGHOOvEL1-CVyZkMb1Fi_CkokEBvAIk3DzrWS7YWHfcg7VFzqTgntXm7gWMCVaXetwKZP3JVUdpo8WUmrR6j7PVuKQaX-4INaWlpz9a4pBTaACrHHINzaEQmTtU0cV4kxXWGX7uNPOdgBlphgmgX82OPntNJI4nw316YrNn2sR0_1qJQuwnle0JogFTMbRts-u9WZOdAOxQSGmorv3HzNUAKmIloUymcWcvFlD809sHFal7QGvaGxFbm5z3UyT6BI5EIg3SApcVCHMa_v8evTfKiszPgVF1o621a4FmYKIojSe4kijxci4UzuKEtpIN-ewreCSszSa0Vyq2nEfpU5xSiLTaAIU7EThmfLwL6yZRqdiYYBqeKOLgg0B-evgyshMB4MaX319z_9aRZmxhetVHUPDs1qAGvN9KcGkm_eXrTj59aoylRVNAcuTfqkmoANcoxnPDCBgWldC0e1uiJDTjGcnx3hYZSkgzJ2NSYV90p8QB71-g83HuAEQAhbfaLh03GV23a_NIw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:11 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220623&jk=2571697556640926&bg=!JSalJmLNAAa8IIBmnCA7ACkAdvg8WoZcNNVaq0tqf9_vCSxu2JnXpLIeIOMciY69JwzccqvZK_Y5IwIAAACdUgAAAAFoAQeZAqkTkV4XccgGRXAgZSLUi-zXmM-2ELv2EDOjZq2__ZTx7vjF4h5OK1djrOHTMjZ2e0hOZrTf6s_FHvGrOgJTdVCuxyd2MBcawQcPrTQStaPYow1F4PyKoGVhNe_qE46Xd2ISW84t3DlC4UvCKIhzA4f7P3jkuI_lszi5pD-80qpyUnd0fbVncVu9c7gy2sdV66_BBAXQo6Jy9A6_4hI2H3yYmsoAQj1PK-RrDC0xVSlfbD8YdJq6bvlI3VMueHPvdYcFRTi1C5-rhUJsIn4WFIxz9y_m8iiQk9gUQ66J3KmnU6ZxrRhjCsTf38zkaWliw2MHF3jxtb7J3l2j7lTrJ3z95PPbZPpezhcoOpn7xcLIZt-XUUEERRQmUBgcmQPnGsK6bPIXQExg2mM6A58I5BgmslNL5VxgvCETL9qOCBAhJlevQncPKFd4CYr59-JVQFK2CXn4_pujs7iPwXhkH21xvJzL0cVM17hcb84ysqjt6La-piXDznJ92OyElbrl_kMh9D7Lhd0SbRdYmXoBSNjlq8OeEiMz_RccaWlM2QG0yVTPY9dzd3iH6ZaC2OWVAw_UrwzD6AAVioKFArkqXnrD-NynpUCDe8lSwRgGQDs2bAmSs3xOiGbWkpyB-SbvKkEKRRBU9wv45S_8NhjzKQ8zfXnfLEJ15Ry-_sClwMfY7dq5EcorlnHs3Cq6WSfj5IgOBez6vUMSaBb4f2kET591j6_qTQY4nxTHWGtArZhignHCabc3JPaoIyvx8KHMa_lvpGh28ZEX76yVrAvE-k6-W5VccIN5-48PoBLUcbkDpdGvcbSJnLglLsvwYRoJ2S6-jpSXHsPnMci3M438omLWbJraSaYZf4zaCbiisc4agTsgHfbWVfbfn38bFGOXxOujal7VsJTbzGE
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers
publishertag.prebid.js
static.criteo.net/js/ld/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:12 GMT
content-encoding
gzip
last-modified
Tue, 03 May 2022 11:21:00 GMT
server
nginx
etag
W/"6271101c-15b58"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Wed, 29 Jun 2022 16:39:12 GMT
syncframe
gum.criteo.com/ Frame 85D4 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=thehackernews.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
6f87cd86c391c6361adca474b987f3e4b6d81d281795120c584d0a0c1ca7f5ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-length
6144
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:12 GMT
server-processing-duration-in-ticks
1854
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
publishertag.prebid.js
static.criteo.net/js/ld/ 		87 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:12 GMT
content-encoding
gzip
last-modified
Tue, 03 May 2022 11:21:00 GMT
server
nginx
etag
W/"6271101c-15b58"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Wed, 29 Jun 2022 16:39:12 GMT
rid
match.adsrvr.org/track/ 		63 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
ee72651b4c9310330d7d1ac416e7705b69f7e3604d7103f251b2a2deec99f906

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://thehackernews.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Thu, 28 Jul 2022 16:39:13 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F8F8 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143701
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:13 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Thu, 30 Jun 2022 08:34:14 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 9A3E 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 28 Jun 2022 16:39:13 GMT
ETag
"623de86a-cf34"
Expires
Wed, 29 Jun 2022 16:39:15 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame CAC8 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUPEPKI9&prvid=2034%2C2033%2C2031%2C172%2C2030%2C173%2C251%2C175%2C132%2C178%2C2029%2C233%2C255%2C2028%2C2027%2C3017%2C214%2C236%2C3016%2C237%2C337%2C338%2C70%2C51%2C97%2C55%2C99%2C77%2C3012%2C2043%2C2040%2C141%2C186%2C222%2C244%2C201%2C3007%2C246%2C345%2C4%2C203%2C10000%2C80%2C108%2C229%2C9%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
552540ec23d3e9bc622261a2e12b6133981a89d651de1976189fe1721e81b741
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8295
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:13 GMT
expires
Thu, 30 Jun 2022 16:39:13 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
index.html
cdn.districtm.io/ids/ Frame 8FC0 		116 B
433 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-56.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
64568
content-length
116
content-type
text/html
date
Mon, 27 Jun 2022 22:43:07 GMT
etag
"517f2062d883c0ee35479a2da0c50b8c"
last-modified
Thu, 20 May 2021 02:18:27 GMT
server
AmazonS3
via
1.1 5f2bb43f258333f4156847ce1f482ee6.cloudfront.net (CloudFront)
x-amz-cf-id
vNdgZqOnLA_vjaBWh2gyfzG4pe0L6tb-qLMyyYEFf3T3WOB-EC1FMQ==
x-amz-cf-pop
TXL50-P4
x-cache
Hit from cloudfront
sync.html
public.servenobid.com/ Frame 3534 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:49::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8e85d380b3f0593cf9f1b5a8329131112d4cc7a4baf56ad9cbfa31cd3bc41ed

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=86400
content-encoding
br
content-type
text/html
date
Tue, 28 Jun 2022 16:39:12 GMT
etag
"eb37e18cf286a8e286b2758ea6e68eac"
last-modified
Tue, 28 Jun 2022 00:48:41 GMT
server
AmazonS3
x-amz-id-2
zZBxitA0LzYNIvINDJChptM/L853Ck7PCVNveAC9XXVTl8dHGgdV4hnUfwnj9DQ12j10l/dtZIg=
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:04730458-8ed6-4370-aa4e-52547ecd202c
x-amz-meta-codebuild-content-md5
a125e70f379be5f5d28b35ef5ba1d06e
x-amz-meta-codebuild-content-sha256
859be15d6e78171a31ed0e7d0fe9c672344fe3ce19277e01f8b94f747c41d762
x-amz-request-id
TG0BKW5NQQDWVYFZ
x-azure-ref
0sS67YgAAAAD7DhoyESbITo/A0/mDGILNRlJBMjMxMDUwNDIwMDQ3ADg0ZTdkZmEyLTE0NDItNDMzNC1iMzRmLWU0MmQzZjdkZGFkOQ==
x-azure-ref-originshield
0pia7YgAAAABG2vp4gOxJRJp6i2TGTVpTRlJBMjMxMDUwNDE3MDIxADg0ZTdkZmEyLTE0NDItNDMzNC1iMzRmLWU0MmQzZjdkZGFkOQ==
x-cache
TCP_HIT
pd
u.openx.net/w/1.0/ Frame 3A2B 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/7f1e280 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 28 Jun 2022 16:39:13 GMT
server
OXGW/7f1e280
vary
Accept, Accept-Encoding
via
1.1 google
connectmyusers.php
cdn.connectad.io/ Frame E049 		1 KB
810 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=86400 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
7227db74d9d8233d-ZRH
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:13 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Wed, 29 Jun 2022 16:39:13 GMT
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 86B6 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 28 Jun 2022 16:39:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
/
onetag-sys.com/usync/ Frame E679 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1656434349750
Requested by
Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
/
onetag-sys.com/usync/ 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/usync/?tag=img
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-store
sid
mug.criteo.com/ Frame 85D4
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=thehackernews.com&sn=ChromeSyncframe&so=3&topUrl=thehackernews.com&bundle=k73kd180MUcyMzFnYmxpZ1BteGJmVWhiT2k1RU1GeWc2ODhXN2VLcmFrd3FKWFpk...
  • https://mug.criteo.com/sid?cpp=1Wcdu3wyUldKdVpxc1dWNmp6RlBzLzRnNi9WcndSanA3MEpNMXNDK3Vxa2dqcTNha2VjSzF5UW1tanZKZkRSMmpTMzRwZm5PRkRjYWwwZzhZbG8xZnFWbXNvOC9FWGNTdjFtRDU4VmtoUnozTzUyaGhEd1JiTkh0Tkhsan...
447 B
647 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=1Wcdu3wyUldKdVpxc1dWNmp6RlBzLzRnNi9WcndSanA3MEpNMXNDK3Vxa2dqcTNha2VjSzF5UW1tanZKZkRSMmpTMzRwZm5PRkRjYWwwZzhZbG8xZnFWbXNvOC9FWGNTdjFtRDU4VmtoUnozTzUyaGhEd1JiTkh0TkhsanMvU1ZMK05FaUtPZ0QyM3pPKzFVcmltS0NoZ1U1TXZkYzBUSUdHSERtYm9qaFRpZDFaeGhyRlJDbnBOd0FMd2JPaHV2b1AwbXl3MG5BckFCZ3RydWplMURINWlQbTl0K3AwVVFrb0g5bStmbFZjUFlRdzRxT1hub3NHczlwZi84UUFJWDR1eVFOMWJBT3AzenBGSDdSUWgxTHI2Z1RCTHg4M3I3TzM4Z2VpQlhOTGdNNmZncz18&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
85dce0d17e0f7cc589034d2e87f98733726d7bafc7ea56cb74521dc7e3b53cd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:12 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
4986
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:12 GMT
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=1Wcdu3wyUldKdVpxc1dWNmp6RlBzLzRnNi9WcndSanA3MEpNMXNDK3Vxa2dqcTNha2VjSzF5UW1tanZKZkRSMmpTMzRwZm5PRkRjYWwwZzhZbG8xZnFWbXNvOC9FWGNTdjFtRDU4VmtoUnozTzUyaGhEd1JiTkh0TkhsanMvU1ZMK05FaUtPZ0QyM3pPKzFVcmltS0NoZ1U1TXZkYzBUSUdHSERtYm9qaFRpZDFaeGhyRlJDbnBOd0FMd2JPaHV2b1AwbXl3MG5BckFCZ3RydWplMURINWlQbTl0K3AwVVFrb0g5bStmbFZjUFlRdzRxT1hub3NHczlwZi84UUFJWDR1eVFOMWJBT3AzenBGSDdSUWgxTHI2Z1RCTHg4M3I3TzM4Z2VpQlhOTGdNNmZncz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1343
content-length
567
expires
0
1
sync-eu.connectad.io/syncer/ Frame 2075 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-eu.connectad.io/syncer/1
Requested by
Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://cdn.connectad.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
7227db756aba233d-ZRH
date
Tue, 28 Jun 2022 16:39:13 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
via
1.1 google
idsync.d5cb6b96.js
cdn.districtm.io/ids/ Frame 8FC0 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/idsync.d5cb6b96.js
Requested by
Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.119.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-119-56.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
196b425485c119046eada45bc1a473e6c35f7f8c5a94824873535de823af517f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.districtm.io/ids/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 06:40:32 GMT
via
1.1 5f2bb43f258333f4156847ce1f482ee6.cloudfront.net (CloudFront)
last-modified
Thu, 20 May 2021 02:18:27 GMT
server
AmazonS3
age
35922
etag
"74ede07ef946dc2316f86b2661cf2dd3"
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
TXL50-P4
accept-ranges
bytes
content-length
3302
x-amz-cf-id
I5Sp7rpmVfmeFlURhM9E9XU9xfwcb4w_4XDth41EglDM8L6BQeC0FQ==
usync.js
eus.rubiconproject.com/ Frame 86B6 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
fef367fa79c884472fd20d613828ea3be4b87cbdc09df3ca04dabe697b6e87aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 16:39:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=43734
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9456
Expires
Wed, 29 Jun 2022 04:48:07 GMT
async_usersync
ib.adnxs.com/ Frame 9A3E 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:13 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
04d35aa9-4a9a-4afb-a964-4c268eae6791
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
buyers
dmx.districtm.io/s/v1/ Frame 8FC0 		0
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B03E 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143701
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:13 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Thu, 30 Jun 2022 08:34:14 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
13926
g2.gumgum.com/usync/ Frame 67F1 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.252.251.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-252-251-45.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2b66c7678f692adabdc745e463565563ac05d34170a9e797dceb043a994223af

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Tue, 28 Jun 2022 16:39:13 GMT
etag
W/"0d1726279a865378a733e8032d1ca3967"
server
nginx
timing-allow-origin
*
/
onetag-sys.com/usync/ Frame D39D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame FFAC 		889 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
149ff6c3df9243a59a8c8cf7d471abbd3128666f44483f8838c2bdec576a8904

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
889
content-type
text/html
date
Tue, 28 Jun 2022 16:39:13 GMT
usermatch
ssum-sec.casalemedia.com/ Frame E24A 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1bc685f30892168924d5ce0fe7188cfe2707fb4542db5c20884ef987a3a53c00

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7227db76ecdd9122-FRA
content-encoding
br
content-type
text/html
date
Tue, 28 Jun 2022 16:39:13 GMT
dropped-udsids
39|241|230|46|4|73|47|206
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SydnsnJlVSWSJECSv6Vf%2FmNiGOjNWJ8WgHcx%2Bn0lSsUozxYruecnSKqFk88cHOq8h9l1bTckwzVoYgezdbti%2FFFLOAl1IJjoD7vTCpn4UaWCtuJ7asOoodH4qZRjg3xe4WW%2BxwuiCjKiGA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Is-Traffic-Usersync, Accept-Encoding
sync.php
pixel.rubiconproject.com/exchange/ Frame 3534 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=3368081737051884287
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=3368081737051884287
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:13 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
3278bd01-3c4b-4dbf-b921-e8dbd0e09a92
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=3368081737051884287
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ads.servenobid.com/sync?pid=310&uid=E4yHtGZHG9dPubt8SWiNgHBV
0
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=E4yHtGZHG9dPubt8SWiNgHBV
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:13 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=E4yHtGZHG9dPubt8SWiNgHBV
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap1ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame 3534 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 28 Jun 2022 16:39:13 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNGFiNjQ2NjktZmNkZi00OTRlLWI1MTktYjcxMTRiYTlkZTY0IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNi0yOFQxNjozOToxNC4wNzM1MDZaIn0=
0
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNGFiNjQ2NjktZmNkZi00OTRlLWI1MTktYjcxMTRiYTlkZTY0IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNi0yOFQxNjozOToxNC4wNzM1MDZaIn0=
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNGFiNjQ2NjktZmNkZi00OTRlLWI1MTktYjcxMTRiYTlkZTY0IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNi0yOFQxNjozOToxNC4wNzM1MDZaIn0=
Pragma
no-cache
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
generic
match.adsrvr.org/track/cmf/ Frame 3534
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1656434353758
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2252640054
70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2252640054
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
Tengine
etag
RX87c2289763f8406cb797abfa0b7bd187003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2252640054
cache-control
no-store, no-cache, must-revalidate
content-type
text/html
expires
0
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5109685623550794859
0
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5109685623550794859
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5109685623550794859
Date
Tue, 28 Jun 2022 16:39:13 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame 3534 		0
0
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=cd550b43-407d-4a88-8014-5ca0afa0500b&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=cd550b43-407d-4a88-8014-5ca0afa0500b&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=cd550b43-407d-4a88-8014-5ca0afa0500b&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
date
Tue, 28 Jun 2022 16:39:13 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
csync
sync2.resetdigital.co/ Frame 3534 		0
0
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID
  • https://ads.servenobid.com/sync?pid=346&uid=62b58476-ff76-1bde-7f93-5510a765426c
0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=346&uid=62b58476-ff76-1bde-7f93-5510a765426c
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=346&uid=62b58476-ff76-1bde-7f93-5510a765426c
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:14 GMT
cache-control
no-store
content-length
0
vary
origin
expires
0
sync
ads.servenobid.com/ Frame 3534
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58632/occ
  • https://ads.servenobid.com/sync?pid=339&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
0
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=339&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=339&uid=y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
date
Tue, 28 Jun 2022 16:39:13 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
ecm3
s.amazon-adsystem.com/ Frame 86B6
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=p2ly3307RvKTDXpk3akdBQ&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p2ly3307RvKTDXpk3akdBQ
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p2ly3307RvKTDXpk3akdBQ
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
669SQB7YPF5AC424SQE7
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p2ly3307RvKTDXpk3akdBQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 86B6
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRZRThTOE4tMjItMk9CVw==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 86B6
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4YE8S8N-22-2OBW&sigv=1&esig=2~7a66eebbc3dd1bb7a6b5ae8e5e1ce31f02d6ab23
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4YE8S8N-22-2OBW&sigv=1&esig=2~7a66eebbc3dd1bb7a6b5ae8e5e1ce31f02d6ab23
Protocol
H2
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L4YE8S8N-22-2OBW&sigv=1&esig=2~7a66eebbc3dd1bb7a6b5ae8e5e1ce31f02d6ab23
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 86B6
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4YE8S8N-22-2OBW
0
707 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4YE8S8N-22-2OBW
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: E20E0DB321044AD68C4CAB21AA57F8E5 Ref B: VIEEDGE2513 Ref C: 2022-06-28T16:39:13Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXihK1Cec0216DLLAa/0g==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4YE8S8N-22-2OBW
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 86B6 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 86B6
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGMwODRhYjNhODhkYmNlNzgxNTVjOGNiZTkzMjRjOWMzNmZhNTJhNg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGMwODRhYjNhODhkYmNlNzgxNTVjOGNiZTkzMjRjOWMzNmZhNTJhNg
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGMwODRhYjNhODhkYmNlNzgxNTVjOGNiZTkzMjRjOWMzNmZhNTJhNg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 86B6
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=USpcNgdtRHirGiNWZcMnuA&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=USpcNgdtRHirGiNWZcMnuA
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=USpcNgdtRHirGiNWZcMnuA
Protocol
HTTP/1.1
Server
52.94.220.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:15 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
3290X75MXAY51K81W4MC
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=USpcNgdtRHirGiNWZcMnuA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 86B6
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEO40xRqCBCArTyI5Cp6q0Gk&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEO40xRqCBCArTyI5Cp6q0Gk&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEO40xRqCBCArTyI5Cp6q0Gk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame F8F8 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=50355977&p=158261&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
4996c01a5d260236b5d196a0d1851d6bdd80c051302769200a3436303a600541

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
ads.servenobid.com/ Frame FFAC 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=4077581924694820654&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame FFAC
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
  • https://c1.adform.net/serving/cookie/match?CC=1&party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=8982777071185948856&gdpr=0&gdpr_consent=
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=8982777071185948856&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
nginx
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=8982777071185948856&gdpr=0&gdpr_consent=
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
dcm
s.amazon-adsystem.com/ Frame FFAC
Redirect Chain
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USE...
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4077581924694820654&gdpr=0&gdpr_consent=
  • https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4077581924694820654&gdpr=0&gdpr_consent=&dcc=t
43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4077581924694820654&gdpr=0&gdpr_consent=&dcc=t
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QR1B7JCQX41PTZBC4H2B
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TCXKKB4SX0G8K9HXNX7D
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=4077581924694820654&gdpr=0&gdpr_consent=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame FFAC
Redirect Chain
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3466632763
70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3466632763
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
Tengine
etag
RX87c2289763f8406cb797abfa0b7bd187003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3466632763
cache-control
no-store, no-cache, must-revalidate
content-type
text/html
expires
0
/
rtb-csync.smartadserver.com/redir/ Frame FFAC
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=30&p=273&cp=smartortb&cu=1&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D79%26partneruserid%3D%40%40CRITEO_USERID%40%4...
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=bf4edff5-8146-4784-9abf-ef5d06b55bf2&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=bf4edff5-8146-4784-9abf-ef5d06b55bf2&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:12 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=79&partneruserid=bf4edff5-8146-4784-9abf-ef5d06b55bf2&gdpr=0&gdpr_consent=
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1624098
content-length
0
expires
Tue, 28 Jun 2022 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame E24A 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
dcm
s.amazon-adsystem.com/ Frame E24A
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8KF67QMC6T1SJW8CEHK3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
EZPKCAA1C7HHAT1Q3411
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E24A 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
getuid
secure.adnxs.com/ Frame E24A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers
rum
dsum-sec.casalemedia.com/ Frame E24A
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4077810862758296985
43 B
913 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4077810862758296985
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray
7227db77c9bc9b1f-FRA
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBXAiNlZlLyyDXLUd%2BimlcDlLOmEWYxGNGvuqklJbPgWi736csoGrkrGwfmUFxjAZEDkH%2F7rh9%2Bcl2mNLvXfAe9x20FloE7z9HI%2Fr3mFTMf%2BvqGW2yqNTpu1HAfUgiATbyME%2BPuIDA7oxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4077810862758296985
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame E24A 		43 B
990 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:ea85:e49c:e259:daf9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
crum
dsum-sec.casalemedia.com/ Frame E24A
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=rjYgfXWv1O6ef55&gdpr=1
43 B
911 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=rjYgfXWv1O6ef55&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray
7227db7748db9b1f-FRA
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNtp%2BnHJqjlxjDyFez0dQ8l9u%2BRfe2umszx2TfQbTioHBfzK%2BAvwO%2BRvPJcFteBbYsNKdC18d4UxrEoFMMzjFUiWPMGptoe2MqBTANUhbk5dA5k4A6FvbWuH%2BznXKbpjUEtMFEIQlBw3Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:12 GMT
Server
PingMatch/658332f#658332fc5aaa95d8a9be88d89d84d3c319923363 i-0aa046f85b99a54d2@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=rjYgfXWv1O6ef55&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
ups.analytics.yahoo.com/ups/55940/ Frame E24A 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ads.servenobid.com/ Frame E24A 		0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=3368081737051884287
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=3368081737051884287
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:13 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e4fdde3f-f67f-4573-a1ca-b1cd635c6d8b
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://usersync.gumgum.com/usersync?b=apn&i=3368081737051884287
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_351be818-9fb4-4649-9c82-b06f47c69c65&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=b690b301-0c00-4f1e-9256-16c8720657ad&ssp=gumgum2
  • https://usersync.gumgum.com/usersync?b=bsw&i=26fcfb83-86fd-4acd-84fe-c1e9650f6272
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=bsw&i=26fcfb83-86fd-4acd-84fe-c1e9650f6272
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Location
//usersync.gumgum.com/usersync?b=bsw&i=26fcfb83-86fd-4acd-84fe-c1e9650f6272
Date
Tue, 28 Jun 2022 16:39:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cookie-sync
sync.outbrain.com/ Frame 67F1
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
  • https://usersync.gumgum.com/usersync?b=obn&i=ENC%28ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_351be818-9fb4-4649-9c82-b06f47c69c65&obuid=ENC(ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://ib.adnxs.com/getuid?https://sync.outbrain.com/cookie-sync?p=appnexus&uid=$UID&obUid=ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e
  • https://sync.outbrain.com/cookie-sync?p=appnexus&uid=3368081737051884287&obUid=ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=appnexus&uid=3368081737051884287&obUid=ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
64.202.112.31 Harrodsburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
no-cache
X-TraceId
e78e8b8c88db76bb7c60f38d97279d8d
Content-Length
0

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
df055b05-f1a1-4cd5-a72d-2dc5be6a28b0
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.outbrain.com/cookie-sync?p=appnexus&uid=3368081737051884287&obUid=ghzkIfMt8qzR3WNzgs5vgBdFyFwb_lQ7GPfpBhXxX7Nt_ASjRI6hVHHJs9gjC72e
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=8a29998a-78c1-485c-8c82-3e8aad97d376
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=8a29998a-78c1-485c-8c82-3e8aad97d376
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

date
Tue, 28 Jun 2022 16:39:13 GMT
content-encoding
gzip
server
OXGW/7f1e280
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://usersync.gumgum.com/usersync?b=opx&i=8a29998a-78c1-485c-8c82-3e8aad97d376
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c3d69bf6-fd6f-43a1-5fe0-f2ac6d204028$ip$217.64.151.68
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-c3d69bf6-fd6f-43a1-5fe0-f2ac6d204028$ip$217.64.151.68
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-c3d69bf6-fd6f-43a1-5fe0-f2ac6d204028$ip$217.64.151.68
Date
Tue, 28 Jun 2022 16:39:14 GMT
Connection
keep-alive
Content-Length
127
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=oth&i=y-fFBA.jpE2pcJMOQttKZhRYU13kU.LmtWnZfq~A
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=oth&i=y-fFBA.jpE2pcJMOQttKZhRYU13kU.LmtWnZfq~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

date
Tue, 28 Jun 2022 16:39:13 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://usersync.gumgum.com/usersync?b=oth&i=y-fFBA.jpE2pcJMOQttKZhRYU13kU.LmtWnZfq~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
  • https://usersync.gumgum.com/usersync?b=vnt&i=d8420abf-f700-11ec-b2fc-c7b778ea8869
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=d8420abf-f700-11ec-b2fc-c7b778ea8869
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=d8420abf-f700-11ec-b2fc-c7b778ea8869
Date
Tue, 28 Jun 2022 16:39:13 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
d8420ac0-f700-11ec-b2fc-c7b778ea8869
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://usersync.gumgum.com/usersync?b=snc&i=GDPR
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

date
Tue, 28 Jun 2022 16:39:14 GMT
via
1.1 varnish
server
nginx
age
0
location
https://usersync.gumgum.com/usersync?b=snc&i=GDPR
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
459780255
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
content-length
0
142
match.deepintent.com/usersync/ Frame 67F1 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
content-length
0
server
c
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_351be818-9fb4-4649-9c82-b06f47c69c65&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://stags.bluekai.com/site/23178?id=Csmhk_WLusl4XDsIFNVU&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LO...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2Q3TNVUGWX2XJR2XG3BULBCHGSKGJZLFK...
  • https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Csmhk_WLusl4XDsIFNVU&us_privacy=1---
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Csmhk_WLusl4XDsIFNVU&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
P3p
CP="We do not support P3P header."
Location
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Csmhk_WLusl4XDsIFNVU&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
123
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=ade7f945-a9a3-4ee8-b9af-975b63aff99b
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=ade7f945-a9a3-4ee8-b9af-975b63aff99b
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=ade7f945-a9a3-4ee8-b9af-975b63aff99b
date
Tue, 28 Jun 2022 16:39:14 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
generic
match.adsrvr.org/track/cmf/ Frame 67F1
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8369460078
70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8369460078
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
server
Tengine
etag
RX87c2289763f8406cb797abfa0b7bd187003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8369460078
cache-control
no-store, no-cache, must-revalidate
content-type
text/html
expires
0
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=JPR8IJ5tp3qy&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=JPR8IJ5tp3qy&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:15 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=JPR8IJ5tp3qy&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-5fbd64586c-nwbts
expires
-1
usersync
usersync.gumgum.com/ Frame 67F1
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=sad&i=4077581924694820654
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=4077581924694820654
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=4077581924694820654
date
Tue, 28 Jun 2022 16:39:13 GMT
content-length
0
sync
ads.servenobid.com/ Frame 67F1 		0
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_351be818-9fb4-4649-9c82-b06f47c69c65
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.150.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-150-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
usersync.gumgum.com/ Frame F40F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=948262bb-2eb2-4f00-b50b-765a1ceb9c1e&gdpr=0&gdpr_consent=
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=948262bb-2eb2-4f00-b50b-765a1ceb9c1e&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 28 Jun 2022 16:39:14 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Tue, 28 Jun 2022 16:39:14 GMT
Expires
Tue, 28 Jun 2022 16:39:13 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4475 c1dc35a master hkg-pixel-x19 config:1.0.0
location
https://usersync.gumgum.com/usersync?b=mmh&i=948262bb-2eb2-4f00-b50b-765a1ceb9c1e&gdpr=0&gdpr_consent=
usersync
usersync.gumgum.com/ Frame A99B
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj
  • https://usersync.gumgum.com/usersync?b=atm&i=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 28 Jun 2022 16:39:14 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Tue, 28 Jun 2022 16:39:13 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=&_test=YrsusQAMNXsBzgAj
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4022-HHN
x-timer
S1656434354.993071,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame FBF6 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8zNTFiZTgxOC05ZmI0LTQ2NDktOWM4Mi1iMDZmNDdjNjljNjU=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Tue, 28 Jun 2022 16:39:13 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 112C 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=143701
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 28 Jun 2022 16:39:13 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Thu, 30 Jun 2022 08:34:14 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame AA63 		70 B
264 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Tue, 28 Jun 2022 16:39:13 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usersync
usersync.gumgum.com/ Frame CD50
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
  • https://cs.emxdgt.com/umcheck?apnxid=3368081737051884287&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
  • https://usersync.gumgum.com/usersync?b=emx&uid=3368081737051884287brt055491656434354128832f1
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=emx&uid=3368081737051884287brt055491656434354128832f1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 28 Jun 2022 16:39:14 GMT
Expires
0
Pragma
no-cache

Redirect headers

content-length
0
content-type
text/html
date
Tue, 28 Jun 2022 16:39:13 GMT
location
https://usersync.gumgum.com/usersync?b=emx&uid=3368081737051884287brt055491656434354128832f1
usersync
usersync.gumgum.com/ Frame AABF
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=YrsussCo5soAAKRjES8AAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=YrsussCo5soAAKRjES8AAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Tue, 28 Jun 2022 16:39:14 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Tue, 28 Jun 2022 16:39:14 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=YrsussCo5soAAKRjES8AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
2
X-SO-Cluster-ID
61
X-SO-HostName
m-ad189.dc4p.scaleout.jp
X-SO-IP
217.64.151.68
X-SO-Key
YrsussCo5soAAKRjES8AAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":61,"gdpr":true,"ipv4":"0.0.0.0","key":"YrsussCo5soAAKRjES8AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad189"}
X-SO-LB-Hostname
a-tgng40006.dc2p.scaleout.jp
X-SO-Upstream-ID
m-ad189
usersync
rtb.gumgum.com/ Frame 0279
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=0enamG20Hr2thHMYAukN&pi=gumgum&tc=1
35 B
209 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=0enamG20Hr2thHMYAukN&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.92.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-92-79.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Tue, 28 Jun 2022 16:39:14 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Tue, 28 Jun 2022 16:39:13 GMT Tue, 28 Jun 2022 16:39:13 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=0enamG20Hr2thHMYAukN&pi=gumgum&tc=1
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame ED77
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 28 Jun 2022 16:39:13 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Tue, 28 Jun 2022 16:39:13 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usync.js
eus.rubiconproject.com/ Frame ED77 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
fef367fa79c884472fd20d613828ea3be4b87cbdc09df3ca04dabe697b6e87aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 16:39:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jun 2022 17:17:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=43734
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9456
Expires
Wed, 29 Jun 2022 04:48:07 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame ED77 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L4YE8S8N-22-2OBW
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif
match
c1.adform.net/serving/cookie/ Frame C517 		35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?party=14&cid=7F3DC454-3AD7-40EC-B7CC-69105588C503
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Tue, 28 Jun 2022 16:39:14 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame E58A
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=
1 B
451 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Tue, 28 Jun 2022 16:39:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Tue, 28 Jun 2022 16:39:14 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YrsusQAMNXsBzgAj&gdpr=0&gdpr_consent=
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4022-HHN
x-timer
S1656434354.314779,VS0,VE0
redir
rtb-csync.smartadserver.com/ Frame 129B
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGZGtFN0ZkbDBBQUE3MXRxNUppUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAFdkE7Fdl0AAA71tq5JiQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAFdkE7Fdl0AAA71tq5JiQ&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFdkE7Fdl0AAA71tq5JiQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
43 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFdkE7Fdl0AAA71tq5JiQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Tue, 28 Jun 2022 16:39:15 GMT
transfer-encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Tue, 28 Jun 2022 16:39:15 GMT
Server
nginx
location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFdkE7Fdl0AAA71tq5JiQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
strict-transport-security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 27B5
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&gdpr=0&gdpr_consent=
42 B
342 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 28 Jun 2022 16:39:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Tue, 28 Jun 2022 16:39:14 GMT
Expires
Tue, 28 Jun 2022 16:39:13 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4475 c1dc35a master hkg-pixel-x6 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&gdpr=0&gdpr_consent=
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F8F8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=fz3EVDrXQOy3zGkQVYjFAw%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=143700
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Thu, 30 Jun 2022 08:34:14 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
420486.gif
idsync.rlcdn.com/ Frame F8F8 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/420486.gif?partner_uid=7F3DC454-3AD7-40EC-B7CC-69105588C503
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
SPug
image4.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=739162bb-2eb2-4400-9348-a251f8bf2e82
0
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=739162bb-2eb2-4400-9348-a251f8bf2e82
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Tue, 28 Jun 2022 16:39:14 GMT
Server
MT3 4475 c1dc35a master hkg-pixel-x6 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=739162bb-2eb2-4400-9348-a251f8bf2e82
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 28 Jun 2022 16:39:13 GMT
Pug
image2.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=N0YzREM0NTQtM0FENy00MEVDLUI3Q0MtNjkxMDU1ODhDNTAz&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDV12gbrNsAmZ-zlJ9EHRq8&google_cver=1
42 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDV12gbrNsAmZ-zlJ9EHRq8&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDV12gbrNsAmZ-zlJ9EHRq8&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame F8F8 		43 B
612 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Mon, 27 Jun 2022 16:39:14 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4077810862758296985&gdpr=0&gdpr_consent=&us_privacy=
1 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4077810862758296985&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4077810862758296985&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
generic
match.adsrvr.org/track/cmf/ Frame F8F8 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 16:39:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
7F3DC454-3AD7-40EC-B7CC-69105588C503
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame F8F8 		43 B
990 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/7F3DC454-3AD7-40EC-B7CC-69105588C503?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:ea85:e49c:e259:daf9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7F3DC454-3AD7-40EC-B7CC-69105588C503&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fSIsMLVE2uUSGmzzCMzVK5EhE12t_Ek-~A&gdpr=0&gdpr_consent=
0
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fSIsMLVE2uUSGmzzCMzVK5EhE12t_Ek-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-fSIsMLVE2uUSGmzzCMzVK5EhE12t_Ek-~A&gdpr=0&gdpr_consent=
date
Tue, 28 Jun 2022 16:39:14 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d8420abf-f700-11ec-b2fc-c7b778ea8869&gdpr=0&gdpr_consent=
1 B
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d8420abf-f700-11ec-b2fc-c7b778ea8869&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:13 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=d8420abf-f700-11ec-b2fc-c7b778ea8869&gdpr=0&gdpr_consent=
Date
Tue, 28 Jun 2022 16:39:13 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
d85c4946-f700-11ec-aa8d-45b80e638bcc
Pug
image2.pubmatic.com/AdServer/ Frame F8F8
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3368081737051884287&gdpr=0&gdpr_consent=
42 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3368081737051884287&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 16:39:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
83bf1080-4e3e-496b-9d54-073826e8d6fc
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3368081737051884287&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 9A3E 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 16:39:14 GMT
X-Proxy-Origin
217.64.151.68; 217.64.151.68; 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
67266353-3dde-45d9-8f2d-74a0a087390f
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dmx.districtm.io
URL
https://dmx.districtm.io/b/v1
Domain
dmx.districtm.io
URL
https://dmx.districtm.io/s/v1/buyers
Domain
sync.go.sonobi.com
URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Domain
sync2.resetdigital.co
URL
https://sync2.resetdigital.co/csync?pid=durationmedia&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D345%26uid%3DBUYER_USER_ID

Verdicts & Comments Add Verdict or Comment

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| zarazData object| zaraz object| adsbygoogle object| adpushup string| share_url string| share_title object| lazySizes function| head function| defer function| deferscript object| dataLayer function| setImmediate function| clearImmediate function| $ function| jQuery object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint string| currentState function| _apPbJsChunk object| _apPbJs object| _pbjsGlobals object| mnet string| nobidVersion object| nobid function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| googletag object| hbAnalytics object| apstag object| adpTags object| _qevents boolean| apstagLOADED object| Criteo function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| google_llp object| GoogleGcLKhOms object| google_image_requests object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_prebid_123 object| Criteo_prebid_123

102 Cookies

Domain/Path Name / Value
thehackernews.com/2022/06 Name: _ga4s
Value: 1
thehackernews.com/2022/06 Name: _ga4sid
Value: 901704988
.thehackernews.com/ Name: _ga4
Value: 4f9a60b1-d311-4364-895e-716f447880b3
thehackernews.com/ Name: __AP_SESSION__
Value: 66471402-ac77-4332-8f5e-9b70513eaede
thehackernews.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.thehackernews.com/ Name: _pubcid
Value: ec4fbaef-46d1-4a12-b6cf-71b6c2494cc4
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.quantserve.com/ Name: mc
Value: 62bb2ead-c0575-8a8d4-eeb19
.thehackernews.com/ Name: __qca
Value: P0-1230317118-1656434349769
.adnxs.com/ Name: icu
Value: ChgIm_VtEAoYASABKAEwrd3slQY4AUABSAEQrd3slQYYAA..
.adnxs.com/ Name: uuid2
Value: 3368081737051884287
.rubiconproject.com/ Name: khaos
Value: L4YE8S8N-22-2OBW
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qoH3AeuRzeSBGWQ0NNjmqbPd94gXYLevqJ/7NKKQBF2wava5ll4E6fm9x5A7tZTyZts7SrQMA2MP+BxGCOXoSK1B7LZVvBDjjLc6UO785F0Pw==
thehackernews.com/ Name: cto_bidid
Value: Win_v19jYWVLelg0Z2xxQ0JLUUFwakpvenc1ZFhTSWpZa0hxODdUUVdhdG9JN0lwNWhUYjNuTUd2UDZHZkY5cDVnNVd6cENncFI0THl5V1l3MUpTM042a05QdyUzRCUzRA
thehackernews.com/ Name: cto_bundle
Value: k73kd180MUcyMzFnYmxpZ1BteGJmVWhiT2k1RU1GeWc2ODhXN2VLcmFrd3FKWFpkRDZDMUglMkJ6bUdKSE10SGVDWUc5eEJIeWNoRU03cGsxJTJGUHcwUm84UnpNd0Y0SW1OUSUyQkdsUXB5TXFLbHc1Tjh6Sm92RU9kWGVENXdyR1dlM3ByUXZGaw
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: IDE
Value: AHWqTUkwkMa1-cRFUuNLLWgqlct_f3RVhXjcOD3bGj4zGUnTaip2LI2FuNl0Q0w38Lw
.thehackernews.com/ Name: __gads
Value: ID=c777bc7eb4a2a7f4:T=1656434349:S=ALNI_MaTlbTNyIk7dghqT7UzsLTd98keiA
.casalemedia.com/ Name: CMID
Value: Yrsur-Vf9Shq6qpSh6Q.LgAA
.casalemedia.com/ Name: CMPS
Value: 5141
.casalemedia.com/ Name: CMPRO
Value: 5141
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E>@kCQn1!]tbPl1M>e)ZlrFUfJ+tGXxoX_HYCAEwc8.HTA:_Q8/nd[IJrl_/%7NHq3l63If)y3KL9D3I?+Q7w2<D
.lijit.com/ Name: ljt_reader
Value: E4yHtGZHG9dPubt8SWiNgHBV
.yahoo.com/ Name: A3
Value: d=AQABBK8uu2ICEDr1Kxe3-HLhGH968_KiF5sFEgEBAQGAvGLFYgAAAAAA_eMAAA&S=AQAAAvel9PWRhVZJNutxDKv0Ccw
.bidswitch.net/ Name: tuuid
Value: 26fcfb83-86fd-4acd-84fe-c1e9650f6272
.bidswitch.net/ Name: c
Value: 1656434351
.bidswitch.net/ Name: tuuid_lu
Value: 1656434351
.w55c.net/ Name: wfivefivec
Value: rjYgfXWv1O6ef55
.w55c.net/ Name: matchgoogle
Value: 5
.360yield.com/ Name: tuuid
Value: ade7f945-a9a3-4ee8-b9af-975b63aff99b
.360yield.com/ Name: tuuid_lu
Value: 1656434351
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0sDSzMDUzMjY1NTC3NLEwtRTiM9T1LyixSHUqjIrIN8gEACZ3VUIlAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0sDSzMDUzMjY1NTC3NLEwtRTiM9T1LyixSHUqjIrIN8gEACZ3VUIlAAAA
.criteo.com/ Name: uid
Value: bf4edff5-8146-4784-9abf-ef5d06b55bf2
thehackernews.com/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-06-28T16%3A39%3A13%22%7D
.thehackernews.com/ Name: cto_bundle
Value: VqUNd180MUcyMzFnYmxpZ1BteGJmVWhiT2kwckdQYUxFTlptekhHb1RFQlMwNHJnUDZVQkxqSjJsa3AyZ0lOWU51M1dYRnZ1WmRhbThGUmh1ZU5QejVvJTJCTHRNUmtGR29VMlRSbXV2NkVsOEdQJTJGSGM3aUpuS2ZzUUtzWm9kb3M4TFV0dlBheGRVOG1wRnpkVlEweHJKbCUyQk1nWGlYQjdyOEUlMkYwM3ZQRzBpSmZvUlpobyUzRA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFvFwmtoZmpmYmxibGpoZGF0ShzBNzY3NAAAbuJU-CAAAAA
.smartadserver.com/ Name: pid
Value: 4077581924694820654
.ads.pubmatic.com/ Name: KCCH
Value: YES
.servenobid.com/ Name: pid_312
Value: 3368081737051884287
.servenobid.com/ Name: pid_339
Value: y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
.servenobid.com/ Name: pid_327
Value: cd550b43-407d-4a88-8014-5ca0afa0500b
.servenobid.com/ Name: pid_337
Value: y-BPx9bOxE2uEjhj1FcfniSq6kziXOBxWL79dK6yY-~A
.servenobid.com/ Name: pid_324
Value: 5109685623550794859
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.casalemedia.com/ Name: CMST
Value: YrsusWK7LrEA
.casalemedia.com/ Name: CMRUM3
Value: 2762bb2eb10b40&ce62bb2eb105a0&2d62bb2eaf05a0CAESEDhuIohRg9gJbNiDMqIxngM&f162bb2eb105a0&e662bb2eb12760&2e62bb2eb105a0&4962bb2eb105a0&0462bb2eb105a0&2f62bb2eb105a0
.servenobid.com/ Name: pid_317
Value: 4077581924694820654
.w55c.net/ Name: matchcasale
Value: 5
.gumgum.com/ Name: vst
Value: e_351be818-9fb4-4649-9c82-b06f47c69c65
.servenobid.com/ Name: pid_310
Value: E4yHtGZHG9dPubt8SWiNgHBV
.servenobid.com/ Name: pid_333
Value: Yrsur_Vf9Shq6qpSh6Q-LgAAFBUAAAIB
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-87c22897-63f8-406c-b797-abfa0b7bd187-003%22%2C%22zdxidn%22%3A%221506%22%2C%22nxtrdr%22%3A%22https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D%22%7D
.servenobid.com/ Name: pid_309
Value: e_351be818-9fb4-4649-9c82-b06f47c69c65
.openx.net/ Name: i
Value: aeb802a3-f953-4ffd-b12f-e68f01e0e1cd|1656434353
.turn.com/ Name: uid
Value: 4077810862758296985
.creativecdn.com/ Name: u
Value: 0enamG20Hr2thHMYAukN
.creativecdn.com/ Name: ts
Value: 1656434353
.adform.net/ Name: C
Value: 1
.casalemedia.com/ Name: CMTS
Value: 3164
.sportradarserving.com/ Name: zuuid
Value: b690b301-0c00-4f1e-9256-16c8720657ad
.sportradarserving.com/ Name: c
Value: 1656434353
.sportradarserving.com/ Name: zuuid_lu
Value: 1656434353
.adform.net/ Name: uid
Value: 8982777071185948856
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1656434353
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YrsusQAMNXsBzgAj
.smartadserver.com/ Name: csync
Value: 22:8982777071185948856
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&16a551f2-97b1-4299-8fc8-88b12c4c07e7"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTY0MzQzNTM7MjswMjG6F9ITBXTXKCfZScfBWXMqZI/dYd7ma8pL/gQAdzqPlw==
.linkedin.com/ Name: lidc
Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2569:u=1:x=1:i=1656434353:t=1656520753:v=2:sig=AQGnDs75yc2uGFHIjSqX6Ae_WNqoAgAx"
.yieldlift.com/ Name: xuids
Value: eyJ4dWlkIjoiNGFiNjQ2NjktZmNkZi00OTRlLWI1MTktYjcxMTRiYTlkZTY0IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNi0yOFQxNjozOToxNC4wNzM1MDZaIn0=
.emxdgt.com/ Name: euid
Value: 055491656434354128832f1
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.servenobid.com/ Name: pid_314
Value: eyJ4dWlkIjoiNGFiNjQ2NjktZmNkZi00OTRlLWI1MTktYjcxMTRiYTlkZTY0IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNi0yOFQxNjozOToxNC4wNzM1MDZaIn0=
.emxdgt.com/ Name: eapn_id
Value: 3368081737051884287
.outbrain.com/ Name: obuid
Value: 3a26de9d-3f31-48fd-b12d-e2158853dc1d
.zemanta.com/ Name: zuid
Value: Csmhk_WLusl4XDsIFNVU
.disqus.com/ Name: zeta-ssp-user-id
Value: 62b58476-ff76-1bde-7f93-5510a765426c
.ipredictive.com/ Name: cu
Value: d8420abf-f700-11ec-b2fc-c7b778ea8869|1656434354191
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-c3d69bf6-fd6f-43a1-5fe0-f2ac6d204028.h4MchYiE%2FPbpWvEqZEacwyEetBz3XJ%2BA%2F6BV0elUPIQ
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Aw9ab9v1vQ6Ff4PKsbSBAKNlAl0Q.m0k8Yg8d3sOdZ7DQAu8yr4McuKwc99xAl10t8Wi4iRo
.servenobid.com/ Name: pid_346
Value: 62b58476-ff76-1bde-7f93-5510a765426c
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 7F3DC454-3AD7-40EC-B7CC-69105588C503
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 158261:2
.pubmatic.com/ Name: DPSync3
Value: 1656460800%3A174%7C1657584000%3A197_201%7C1656979200%3A164
.pubmatic.com/ Name: SyncRTB3
Value: 1657584000%3A13_54_22_71_166_7_104_220_3_21%7C1656979200%3A2_223
.analytics.yahoo.com/ Name: IDSYNC
Value: "18yx~25ps:196n~25ps:18z8~25ps"
.simpli.fi/ Name: suid
Value: 80E0D45E18DF41A5B56DFE4D3248ABCC
.bidr.io/ Name: bito
Value: AAFdkE7Fdl0AAA71tq5JiQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YrsusQAMNXsBzgAj&KRTB&22978-YrsusQAMNXsBzgAj&KRTB&23194-YrsusQAMNXsBzgAj&KRTB&23209-YrsusQAMNXsBzgAj
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-4077810862758296985&KRTB&23150-4077810862758296985
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-d8420abf-f700-11ec-b2fc-c7b778ea8869&KRTB&23011-d8420abf-f700-11ec-b2fc-c7b778ea8869&KRTB&23355-d8420abf-f700-11ec-b2fc-c7b778ea8869
.outbrain.com/ Name: apnxs
Value: 3368081737051884287
.mathtag.com/ Name: uuid
Value: 5a6462bb-2eb2-4900-a615-1f5ef6b1cee8
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&KRTB&16736-uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&KRTB&23019-uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8&KRTB&23208-uid:5a6462bb-2eb2-4900-a615-1f5ef6b1cee8
.pubmatic.com/ Name: PugT
Value: 1656434354
.amazon-adsystem.com/ Name: ad-id
Value: A7-hrBf7Dk6pgEDe_hgf4fo

5 Console Messages

Source Level URL
Text
network error URL: https://dmx.districtm.io/b/v1
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://dmx.districtm.io/s/v1/buyers
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://idsync.rlcdn.com/420486.gif?partner_uid=7F3DC454-3AD7-40EC-B7CC-69105588C503
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

18274b9cc2b8c7553f666027e75e2aff.safeframe.googlesyndication.com
a.sportradarserving.com
a.teads.tv
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
adpushup-d.openx.net
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cdn.adpushup.com
cdn.connectad.io
cdn.districtm.io
cdn.jsdelivr.net
cdnjs.cloudflare.com
ce.lijit.com
cm.g.doubleclick.net
code.jquery.com
contextual.media.net
creativecdn.com
cs.emxdgt.com
dis.criteo.com
dmx.districtm.io
dsum-sec.casalemedia.com
e3.adpushup.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
i.connectad.io
ib.adnxs.com
id.rlcdn.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
match.360yield.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
p4-e44tmti5kpcms-pgfv5rn65sbegsnm-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prebid.media.net
public.servenobid.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.criteo.net
sync-eu.connectad.io
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.technoratimedia.com
sync2.resetdigital.co
tg.socdm.com
thehackernews.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
web.hb.ad.cpe.dotomi.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
x.yieldlift.com
dmx.districtm.io
sync.go.sonobi.com
sync2.resetdigital.co
103.229.206.241
104.18.18.126
104.18.19.126
104.36.113.107
104.36.113.23
104.92.74.8
142.250.184.226
142.250.185.98
142.250.186.162
142.250.186.99
147.75.85.234
150.136.25.38
151.101.130.49
169.197.150.7
169.50.137.184
178.250.0.163
178.250.0.165
178.250.2.146
18.156.0.31
18.192.170.39
18.195.155.181
18.197.223.14
18.64.119.56
185.184.8.90
185.33.221.87
185.33.221.89
185.64.189.112
185.86.139.101
185.86.139.115
193.0.160.128
198.148.27.140
198.47.127.20
2.18.232.7
2.18.235.93
2001:4de0:ac18::1:a:3b
2001:678:cb4:bbbb::11
202.241.208.56
209.54.180.3
213.19.147.45
216.52.2.48
23.205.235.133
23.35.236.188
23.35.236.201
23.97.225.52
2600:9000:206f:1800:6:44e3:f8c0:93a1
2602:803:c003:200::41
2606:4700:10::ac43:8ae
2606:4700:20::ac43:4615
2606:4700:4400::6812:2209
2606:4700::6810:5914
2606:4700::6811:180e
2620:116:800d:21:c5a4:625:6563:a5bb
2620:1ec:22::14
2620:1ec:49::45
2a00:1288:80:807::2
2a00:1450:4001:800::2002
2a00:1450:4001:800::2003
2a00:1450:4001:802::2001
2a00:1450:4001:80b::2006
2a00:1450:4001:80f::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a02:2638:1::13
2a02:2638::3
2a02:fa8:8806:13::1460
2a05:d018:d29:3601:ea85:e49c:e259:daf9
34.107.148.139
34.196.179.83
34.233.85.84
34.247.233.198
34.252.251.45
34.254.13.191
34.98.64.218
35.156.141.29
35.244.159.8
35.244.174.68
37.157.5.142
51.89.9.251
52.0.133.126
52.16.238.87
52.210.150.207
52.215.3.215
52.223.40.198
52.28.125.64
52.51.92.79
52.59.94.57
52.94.220.185
54.226.216.14
64.202.112.255
64.202.112.31
65.9.71.118
69.173.144.138
69.192.160.219
72.251.249.14
016500055c8f906d46fcf713e1cfb1347acda80f2dd555cd9d29f46b16753726
019d22d3e70ec460a085db138f131a9d77cb25175dd7eecb155305c270ed221c
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60
0b6e5839c571fdce85ab2ef2fc6fc6304249c085bd67d0bd8e01751a67021f97
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f46567d3913857de0723b7efb8737672353d3ac6c0470a44d2017a9806b7bf2
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12f5b1274ab0a4ac91ed51e6dc47ae3c1a7494346aa2cc6c9dde8749006bd7e9
149ff6c3df9243a59a8c8cf7d471abbd3128666f44483f8838c2bdec576a8904
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
196b425485c119046eada45bc1a473e6c35f7f8c5a94824873535de823af517f
196fe267bdb45d06ecfc71e3cb04368fb9276cfab9eee9425e18cad21065cb8d
1bc685f30892168924d5ce0fe7188cfe2707fb4542db5c20884ef987a3a53c00
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
25f117953a288e35b233ce2dbd2506f26f2f4fd46aa36582973a8583b4068a8c
26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
2a17e4dd87ec2f81ba855b13cf8b26bd6d642177b6fca4ccdfc337bf9434bbff
2b66c7678f692adabdc745e463565563ac05d34170a9e797dceb043a994223af
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3634f1a35e2b5d996dce033a08e1096a5cf18a57b0519cdb1332330405d2d389
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36c233db45c2d14ec9f471338ca33b1deb2719da3ea5e35423be6f33769f266f
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40c521c64b2d083d7fcb658a185feabfc8e0dd2092b2e650f301933bdc58d456
41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a
4223a22cda8a8aefc71ef1c02f9fef94eb7c00b289c9b8d60ef08efe04f6b3dd
426fe7d10574f970a159f294dc54b597f9d10316a3daba427554e434b27866ee
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4537e3db3838b573f7f8a52040d0ed16c99f4243bfc47ccb2f260d94d1574759
46f169c5e3b44bc80033a16690df688f121af7089f8842b4c69d687446c5b97f
4769052b599cae202fc2db4386a69dca70f65646f73bd70176b2c620a20f35f6
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4996c01a5d260236b5d196a0d1851d6bdd80c051302769200a3436303a600541
4a06e8c1d2820d56a5f67b17c2f07634df91f4e1d9be6d0e64a80554c27bfcba
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4eb3bf0e95edb01e7a5e768b20d63652c93209f9b40057d38bee8167d6fbc4df
4eb3c81616d946c4ec9a052ebc3f7797dc68f8d4ce02bf94bfba3ff8462a08ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
552540ec23d3e9bc622261a2e12b6133981a89d651de1976189fe1721e81b741
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56e1c65da6e133331353398037d6c3ab057c730aeb483437bfa37ddd4d455bf6
578b4798c70b6063f9ef29fdc9ebce066a6fdf05f17b3864ed580318689757c9
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d873ab8a4ce65352f83f0910fe9d4bc63b969afd3a28c7266f23a49061ae83e
5e8873d76f8a5192aa8f516c89b7391217d8f1af46620e01a0ac4bb0f1921a20
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63373f7ce59c6f1c9565d715c57f8facf0893b55d22ea415a8a7fd89ece9ce2c
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6735131b7f0a782cb83cb252e096e563af5c7005091f7d34d1818267d91f4fdf
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c
6a39869b5c0a2e7540a1b80f8671462bb6d647f8989a65338decb01e934ec55c
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d8e6138c7cf0944d755a4757f5c2b3803ede310e05af81ff90d4fe98bb6c4d5
6f87cd86c391c6361adca474b987f3e4b6d81d281795120c584d0a0c1ca7f5ba
73f85b949987db91e6d2e4b11a8b5ee5ab0737277bcf2887724e9ce76d38f6fe
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
76fb12eb0785c8cdf4d06290fb8fcaf4692376bfc632e138665a381813076cec
7c8dd576008904c2abf79e599887306e9e70868bf06e47ded094af8d7c4d9b18
818befe3ab9883bf318a409acf9ab052c99f148f8308b9f6aa125758f5d49765
830fc1a1a04c9c07c4a5a574220105ba177da937c895bfab19fbdc47783fea9c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
85c77ea2a40e27d5ef3c459bff8c51dd583a4460216f73681463dca944efd782
85dce0d17e0f7cc589034d2e87f98733726d7bafc7ea56cb74521dc7e3b53cd7
8627f9f4c7c6a31b0ed6ffc74747fd3e63f49597a28a562d0de2dc3c64d988eb
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9271965a8eda49ad2e1e8bdc7eb80ea846f0b7cd5b986b29f4ee38a8b88a3949
947ede7380870c4bc6842de3db04f871952195ce906a4573a92c822016fa9515
95e1bfe26a06989ebf97234422fe908ce4d6a63aa19ac0f700113872fcdbce6b
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9834f2bde632b419715af174d5de50cc8e35409b56d47a5e22d3c113de0828ff
99e63adb6563215d7eba25985f80123836e3ab8bf26066ca466b904e43fa653d
9a92ad7d89ca4910e284faf6dcb836c1be6b19324b1d5b1c41f11011a6fcb238
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b87ba9f38a8905c569f57b2e7f262a904383984fb76af355216f2cd31e856a7
9ca50334454efbe48e41079d2642716c1f146b104f1402b12950950440a84e9a
9d131c4d19103618d0df68ac9031e1e80d2aaa5905d43b0f008f0007e9ac2c61
9d64f4662969ecae048bd993de6d91ef6296d12a7c059a08589c6bddb4a21875
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
a315c734f4b5ae401c7081178c38d1a3e441e9d63e011272e087632ba3f5ade5
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8b7537c5ef65691326e1e1e12de2e5e8fd095ecb2ccf77e66621661e3c3980c
a8e85d380b3f0593cf9f1b5a8329131112d4cc7a4baf56ad9cbfa31cd3bc41ed
aa3777d578531c63cb5b48a28d1f0135a9769ca2ee44ae916aadb341089140e1
aa6a0f055c1a84aecfb4bea1968553781a8a97c365e81772578caaeb49fcff23
aca99e8c47b536ac95e599cef9520c362b66b97eeaee8a091eae136d79aa1e43
ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2
b034852b79e00d513d2e6f0c24b78548d5b93e5fa1bee14cf4fb0e993c08fee1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c7cf5821a3249553c693c9d5767ad5097ea94b574c694ad83bbd9c784cf110
b3f78d369ad746345d84c0d8687af256cc89555753b13c5d57d8163147f564a5
b6a5da997ea6515ec99832851c9dff5a2df9395efdf0f4ebcf16f0f9c4c94e2e
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c2bc81af5a90390f156485f16407317ac1f9d688bfe60e0864f5e615738a60e9
c5d0ba43bc8cca87233a21d93849fe441996b6ba3c640ac3dcb66fa8482fa267
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd
c8ec1dff5de6151d858f1881894ed5773e0aa763ef68668f9401aef7c68da050
cc920382750ecec94b423d77811d5f90de64e5d6d64a727da6af81dce3dd86d0
cd458c32f7959669c5d0c9af8b60d1b4bb8b5151b516a3001e75006e2359ae21
cd48644621ce664291165b116aae412a4d4c9a21691898c170668c7201d45458
cdd0ba6ab854b6871fb4bc92a001b2a251e3913a4c9cccf5755bcfb28739811f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d74b590fcc8d9c451b2ecba1c0e5bae3a1d00db30130e8da00c454e066fa8dde
d783f014d2564161910b9d880cff11a972a1ab67c43f05e550b44c886c944b75
d814910ea1e2da5b09b6a85ad4322afb58264458f57abdbec0868f71f07ff699
d8b5fb8f1b636e9c5a84c979fb2e691704769dda054f789a6515000f6a971c6a
da901cbe02a913678937d595afd8b155def20f93c1e4022b41a5abf181389262
db74e32218f93d9da40f157c5f75a05bc8f495ff4c388fbeb2d4b361a61fe883
ddd432ff4f3e54e17657cbde29be2b9940a9ed5f2c40a13e64a220422f14a6c0
dfff74e4f7007cf891d3e2b2c3d5dbd83b5b20dbca04c059c2c347cde78d907d
e0234786153a5a1d7882ee5c914e9f868fa393e7962c28ef1ab6832ba4393d69
e14a8d7acd57fba2eee8db28de82e10957fa2d6e7b7296f3aa478a0895a200d4
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d
e3fdeee3459c175cd67d06ba7be30a81b83436f837da0c82ce6cb39bcd14c2d5
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e9a311336c0e22fd9660896fdb6a74cf7f0549ccff067a29af7230eb25d43080
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
edb6236234478fe65d3f22cd56f653050b2ac4574b3928574bc673b0d006aea6
ee72651b4c9310330d7d1ac416e7705b69f7e3604d7103f251b2a2deec99f906
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f66b785c4dbc16aef40b7f55d8935e3038823fc74408efe3ef2b16c82c5587e0
f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
fb513f6173396cc8dcef3ae1f88b0b8b11a1cd5b5e1142639c83e91c7ae26e08
fc6ee2790b09e7ace7e2b18939210d875c331d74b836ba2eef4fa49e1e820b40
fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f
fef367fa79c884472fd20d613828ea3be4b87cbdc09df3ca04dabe697b6e87aa
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff74c3c80f0fd12f106480d82e54f8eb99fbf5875a523165edc86458038e0c94