commerceshiftcctv.com Open in urlscan Pro
148.163.121.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Submission: On November 17 via api (November 17th 2020, 6:29:47 pm UTC) from US

Summary HTTP 72 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 28 IPs in 5 countries across 18 domains to perform 72 HTTP transactions. The main IP is 148.163.121.21, located in Phoenix, United States and belongs to IOFLOOD, US. The main domain is commerceshiftcctv.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 9th 2020. Valid for: 3 months.

This is the only time commerceshiftcctv.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	148.163.121.21 148.163.121.21	53755 (IOFLOOD) (IOFLOOD)
4	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
2	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
3	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
3	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE)
3	2600:9000:212... 2600:9000:2127:c000:1a:6635:8d40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c03::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:817::2008	15169 (GOOGLE) (GOOGLE)
1	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
1	52.202.214.97 52.202.214.97	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
72	28

9 148.163.121.21 (Phoenix, United States)

ASN53755 (IOFLOOD, US)
PTR: corporate.viplus1.noc401.com

commerceshiftcctv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

cdn.shortpixel.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2127:c000:1a:6635:8d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

script.fixel.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c03::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.214.97 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-214-97.compute-1.amazonaws.com

api.fixelapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	541 B
9	commerceshiftcctv.com commerceshiftcctv.com	250 KB
8	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	197 KB
5	google.com www.google.com adservice.google.com analytics.google.com	1 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	191 KB
4	google.de www.google.de adservice.google.de	507 B
4	googletagmanager.com www.googletagmanager.com	155 KB
4	google-analytics.com www.google-analytics.com	52 KB
3	facebook.net connect.facebook.net	97 KB
3	fixel.ai script.fixel.ai	7 KB
3	shortpixel.ai cdn.shortpixel.ai	337 KB
2	facebook.com www.facebook.com	344 B
2	fontawesome.com use.fontawesome.com	89 KB
1	fixelapp.com api.fixelapp.com	390 B
1	googletagservices.com www.googletagservices.com	28 KB
1	googleadservices.com partner.googleadservices.com	648 B
1	jquery.com code.jquery.com	8 KB
1	googleoptimize.com www.googleoptimize.com	28 KB
72	18

	Domain	Requested by
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com commerceshiftcctv.com
9	commerceshiftcctv.com	commerceshiftcctv.com
6	pagead2.googlesyndication.com	commerceshiftcctv.com pagead2.googlesyndication.com
4	www.googletagmanager.com	commerceshiftcctv.com www.googleoptimize.com
4	www.google-analytics.com	commerceshiftcctv.com www.google-analytics.com
3	fonts.gstatic.com	commerceshiftcctv.com
3	connect.facebook.net	commerceshiftcctv.com connect.facebook.net
3	www.google.de	commerceshiftcctv.com
3	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
3	script.fixel.ai	commerceshiftcctv.com script.fixel.ai
3	www.google.com	commerceshiftcctv.com
3	cdn.shortpixel.ai	commerceshiftcctv.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	www.facebook.com	commerceshiftcctv.com connect.facebook.net
2	use.fontawesome.com	commerceshiftcctv.com use.fontawesome.com
1	api.fixelapp.com	script.fixel.ai
1	www.gstatic.com	www.google.com
1	analytics.google.com	www.googletagmanager.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	commerceshiftcctv.com
1	www.googleoptimize.com	commerceshiftcctv.com
72	24

This site contains links to these domains. Also see Links.

Domain
www.yelp.com
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
api.whatsapp.com
www.pinterest.com
www.tumblr.com
www.themehorse.com
wordpress.org
www.youtube.com

Subject Issuer	Validity	Valid
commerceshiftcctv.com cPanel, Inc. Certification Authority	`2020-11-09` - `2021-02-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.shortpixel.ai Sectigo RSA Domain Validation Secure Server CA	`2020-01-28` - `2022-01-27`	2 years	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
script.fixel.ai Amazon	`2020-04-11` - `2021-05-11`	a year	crt.sh
www.google.de GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-01-30`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
api.fixelapp.com Amazon	`2020-10-02` - `2021-11-02`	a year	crt.sh

This page contains 15 frames:

Primary Page: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Frame ID: D861397D37194EED360A814CFD45283E
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/zrt_lookup.html
Frame ID: 9EF1916B632594B43F15A091E5A44AD8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&adk=1812271804&adf=3025194257&lmt=1605637750&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&ea=0&flash=0&pra=5&wgl=1&dt=1605637749917&bpp=15&bdt=1110&idt=155&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4874235729004&frm=20&pv=2&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=53&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=177
Frame ID: EF68EF18FFB28194EE6831A9E65086BF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2293505319&adf=2110453180&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749933&bpp=32&bdt=1126&idt=181&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=JSafMGsiY5&p=https%3A//commerceshiftcctv.com&dtd=191
Frame ID: 8A040E75A38559DD50CACC2C221D69B1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=1376048409&adf=2963991666&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749965&bpp=1&bdt=1158&idt=206&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=1961&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=2OpjfVKqvS&p=https%3A//commerceshiftcctv.com&dtd=211
Frame ID: DD764AEE725AFE2C8AB39E5026BF2C66
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=494790495&adf=1231044767&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749966&bpp=1&bdt=1160&idt=220&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=2428&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=3&fsb=1&xpc=CAHMOjjZNh&p=https%3A//commerceshiftcctv.com&dtd=224
Frame ID: 5BAB40FD8766CF0EB044F742BA988D16
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=3112048941&adf=2703010858&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749967&bpp=1&bdt=1160&idt=318&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=2957&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=4&uci=a!4&btvi=4&fsb=1&xpc=znvK6ZqWGA&p=https%3A//commerceshiftcctv.com&dtd=322
Frame ID: 269905D6C4997B69E45F06A34F5263CF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=351110480&adf=2986032747&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749968&bpp=1&bdt=1161&idt=330&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=5&uci=a!5&fsb=1&xpc=95WAuEdHO5&p=https%3A//commerceshiftcctv.com&dtd=334
Frame ID: A8207109F8079FD2AE7BD65EA9EEA9DB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=1632635426&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=353&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MfvHgSp1SP&p=https%3A//commerceshiftcctv.com&dtd=390
Frame ID: A61E76590FAA3CA5E3D17AA0E719B33D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=2061591614&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=400&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D37b2bd5c131c84df-2274597f71a600ae%3AT%3D1605637750%3ART%3D1605637750%3AS%3DALNI_MbNsmkeCMkyEXjJ6sfOHnXtOuB6Lw&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=958&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=7&uci=a!7&fsb=1&xpc=d68vjja5Mb&p=https%3A//commerceshiftcctv.com&dtd=403
Frame ID: 78451D3EB6253D266DBB60D7690DF324
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/zrt_lookup.html?fsb=1
Frame ID: 214D71F37E05BF19CF6890E2BA89694F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=351110480&adf=2986032747&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749968&bpp=1&bdt=1161&idt=330&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=5&uci=a!5&fsb=1&xpc=95WAuEdHO5&p=https%3A//commerceshiftcctv.com&dtd=334
Frame ID: 007E1C0177AEC30A078EECF020C33FD5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=1632635426&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=353&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MfvHgSp1SP&p=https%3A//commerceshiftcctv.com&dtd=390
Frame ID: EFE285EECB525B6C9AD9CE3FB89555F0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=2061591614&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=400&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D37b2bd5c131c84df-2274597f71a600ae%3AT%3D1605637750%3ART%3D1605637750%3AS%3DALNI_MbNsmkeCMkyEXjJ6sfOHnXtOuB6Lw&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=958&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=7&uci=a!7&fsb=1&xpc=d68vjja5Mb&p=https%3A//commerceshiftcctv.com&dtd=403
Frame ID: 5CE8058E152F154ECCDB67B85BF52361
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 9438557E6F6D4E500338F8F03B0AF707
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

72
Requests

100 %
HTTPS

81 %
IPv6

18
Domains

24
Subdomains

28
IPs

5
Countries

1443 kB
Transfer

3291 kB
Size

0
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.yelp.com/
Title: Yelp

Search URL Search Domain Scan URL

URL: https://www.facebook.com/commerceshiftcctv
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/wordpress
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/explore/tags/wordcamp/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/Commerceshitgh
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/commerceshift_cctv/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/commerceshiftcctv
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Latest+ModPipe+Point+of+Sale+%28POS%29+Malware+Targeting+Hotels+and+Restaurants.%20https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/share.php?u=https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/&media=https://commerceshiftcctv.com/wp-content/uploads/2020/11/shutterstock_290498753.jpg&description=A+new+type+of+modular+backdoor+that+targets+Oracle+point-of-sale+%28POS%29+restaurant+management+applic

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Latest+ModPipe+Point+of+Sale+%28POS%29+Malware+Targeting+Hotels+and+Restaurants.%20-%20https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/%20

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/send?app_id=&link=https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/&redirect_uri=https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share?v=3&u=https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/&t=Latest+ModPipe+Point+of+Sale+%28POS%29+Malware+Targeting+Hotels+and+Restaurants.&s=A+new+type+of+modular+backdoor+that+targets+Oracle+point-of-sale+%28POS%29+restaurant+management+applic

Search URL Search Domain Scan URL

URL: https://www.themehorse.com/
Title: Theme Horse

Search URL Search Domain Scan URL

URL: http://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/commerceshiftcctv/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/commecershiftcctv/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCvTuL9UclAiVIRCvFEG9MMA?view_as=subscriber

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

72 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/ 83 KB
20 KB 1913ms
1350ms Document
text/html 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: 2d34ab93d0f86492171011b94488c4368d5d367af7b23434d36b4f53e54926c4

Request headers

:method: GET
:authority: commerceshiftcctv.com
:scheme: https
:path: /2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=UTF-8
link: <https://commerceshiftcctv.com/wp-json/>; rel="https://api.w.org/" <https://commerceshiftcctv.com/wp-json/wp/v2/posts/753>; rel="alternate"; type="application/json" <https://commerceshiftcctv.com/?p=753>; rel=shortlink
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Tue, 17 Nov 2020 18:29:08 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4400
date: Tue, 17 Nov 2020 17:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 17 Nov 2020 19:15:48 GMT

GET
H2 200 wpo-minify-header-19fe15fd.min.css
commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/ 81 KB
16 KB 489ms
187ms Stylesheet
text/css 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-19fe15fd.min.css
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: ba5366d10fa341b50b3460262ab48b6080c282ffd8f2d0360be9ba4aa4cd4ee6

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: br
last-modified: Sat, 14 Nov 2020 09:30:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 15833
expires: Tue, 24 Nov 2020 18:29:09 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.12.0/css/ 56 KB
14 KB 182ms
51ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.0/css/all.css
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 22:46:05 GMT
server: NetDNA-cache/2.2
status: 200
etag: W/"500d1a92f875b1d96d37a3a3f8f0438c"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 wpo-minify-header-b580219c.min.css
commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/ 264 KB
39 KB 496ms
195ms Stylesheet
text/css 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-b580219c.min.css
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: bcbf9921cbf415b125ac7e7be3dc773564a8e657067c5a2b688fa41bf4b2e1e5

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: br
last-modified: Sat, 14 Nov 2020 09:30:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 39920
expires: Tue, 24 Nov 2020 18:29:09 GMT

GET
H2 200 wpo-minify-header-1a332ab1.min.js Show response
commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/ 110 KB
37 KB 810ms
508ms Script
application/javascript 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-1a332ab1.min.js
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: d070675177bf222025ef444e63c4d6083567e17fcd74ab5a46c4562018e1a734

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: br
last-modified: Sat, 14 Nov 2020 09:30:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 38209
expires: Tue, 24 Nov 2020 18:29:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 36ms
33ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-169324927-1

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ffd35361c5610e7939b11cb512d45a7906d2be8967f7f04bf9da6e023d1d622a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38695
x-xss-protection: 0
last-modified: Tue, 17 Nov 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Nov 2020 18:29:09 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 71 KB
28 KB 41ms
21ms Script
application/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-MJKQDN8

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0c3c3fde8520286fe96d4d8f707cdfd0aa3b8d9bf7c639f830bf0440c9af7cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:08 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28657
x-xss-protection: 0
last-modified: Tue, 17 Nov 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Nov 2020 18:29:08 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 130 KB
45 KB 49ms
28ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e06bd3e59ab212eae94d6f655be84d5dac9f7c4197a18025dc698997f2f9db8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 45470
x-xss-protection: 0
server: cafe
etag: 8753707554556602051
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 17 Nov 2020 18:29:09 GMT

GET
H2 200 shutterstock_290498753.jpg
cdn.shortpixel.ai/client/q_lqip,ret_wait,w_1000,h_638/https://commerceshiftcctv.com/wp-content/uploads/2020/11/ 1003 B
944 B 256ms
103ms Image
image/svg+xml 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.shortpixel.ai/client/q_lqip,ret_wait,w_1000,h_638/https://commerceshiftcctv.com/wp-content/uploads/2020/11/shutterstock_290498753.jpg
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 4c47178a03de17de309efcc73496673c02c267f60e267839086b7287398945ae

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: gzip
last-modified: Sat, 14 Nov 2020 09:44:50 GMT
server: nginx
status: 200
etag: "1605347090"
vary: Accept-Encoding
x-tag: Domain:commerceshiftcctv.com
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2302368, s-maxage=2302368
accept-ranges: bytes
link: <https://commerceshiftcctv.com/wp-content/uploads/2020/11/shutterstock_290498753.jpg>; rel="canonical"
content-length: 531
x-hw: 1605637749.cds030.lo4.hn,1605637749.cds245.lo4.s,1605637750.dop201.fr8.t,1605637750.cds163.fr8.c,1605637750.cds245.lo4.s,1605637750.dop136.fr8.t,1605637750.cds163.fr8.c,1605637750.cds245.lo4.p

GET
H2 200 lazysizes.min.js Show response
commerceshiftcctv.com/wp-content/plugins/autoptimize/classes/external/js/ 9 KB
4 KB 649ms
347ms Script
application/javascript 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.7.8
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: 57135994acd82a57e8341534e7056af792a0b3a82415e67846dc914a1727308b

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: br
last-modified: Sun, 11 Oct 2020 12:27:13 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3908
expires: Tue, 24 Nov 2020 18:29:10 GMT

GET
H2 200 jquery-ui.css
code.jquery.com/ui/1.12.1/themes/base/ 35 KB
8 KB 30ms
9ms Stylesheet
text/css 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: gzip
last-modified: Wed, 14 Sep 2016 16:34:16 GMT
server: nginx
status: 200
etag: W/"57d97c08-8c85"
vary: Accept-Encoding
x-hw: 1605637749.dop217.fr8.t,1605637749.cds254.fr8.hn,1605637749.cds272.fr8.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 8323

GET
H2 200 wpo-minify-footer-a7745651.min.js Show response
commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/ 121 KB
33 KB 494ms
187ms Script
application/javascript 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-footer-a7745651.min.js
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: 9e85e71fed09071549c2b4e9806c19ae1c412c554ba7e5faad60e12b13d03391

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: br
last-modified: Sat, 14 Nov 2020 09:30:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 34045
expires: Tue, 24 Nov 2020 18:29:10 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 28ms
24ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5a9ddb90d20977b46b3dd65e9253a815a46a375459a628fb6f07754904f5f4c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38494
x-xss-protection: 0
last-modified: Tue, 17 Nov 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Nov 2020 18:29:09 GMT

GET
H2 200 wpo-minify-footer-69f039a2.min.js Show response
commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/ 90 KB
24 KB 492ms
189ms Script
application/javascript 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-footer-69f039a2.min.js
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: 1b7409ac667ca9a920b40449d58b9f07722ec0699db3eb43fa84912033b289da

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: br
last-modified: Sat, 14 Nov 2020 09:30:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 24067
expires: Tue, 24 Nov 2020 18:29:10 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 914 B
675 B 20ms
16ms Script
text/javascript 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=wpcf_onloadCallback&render=explicit&ver=5.5.3

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

151c08c84b27c81c7652616be3a319477090dc7e509f503869b29b9800ace0dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 583
x-xss-protection: 1; mode=block
expires: Tue, 17 Nov 2020 18:29:09 GMT

GET
H2 200 Fixel.min.js Show response
script.fixel.ai/script/ 18 KB
6 KB 31ms
9ms Script
application/javascript 2600:9000:2127:c000:1a:6635:8d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.fixel.ai/script/Fixel.min.js?src=WP&ver=5.5.3
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:c000:1a:6635:8d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 64abad78d1c743e3d5ca7bbbb01389f7dfbb94726fd7b88b9c17eb847531f049

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: SabWSrCoXmcHv82IRmn2rtE5329sxq39
content-encoding: gzip
etag: "da0f709d4237e2cacc4cc835dca4014e"
last-modified: Thu, 22 Oct 2020 08:22:45 GMT
server: AmazonS3
age: 429
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
date: Tue, 17 Nov 2020 18:22:46 GMT
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: aAA6l8n41fyDzLCPvRf3vX0ue8WWjxbQPLB8BkNyfWlmx--Pfv7GaQ==
via: 1.1 df0aa1ee2f3a5b8f1aa2a31aa4b7db86.cloudfront.net (CloudFront)

GET
H2 200 wpo-minify-footer-2152050d.min.js Show response
commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/ 6 KB
2 KB 648ms
346ms Script
application/javascript 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-footer-2152050d.min.js
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: 254541661d18ad79e7589d7a8757de0553f61c6c275bfad32b02d7d5857658bf

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: br
last-modified: Sat, 14 Nov 2020 09:30:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2168
expires: Tue, 24 Nov 2020 18:29:10 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
71 B 13ms
12ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=151720228&t=pageview&_s=1&dl=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&ul=en-us&de=UTF-8&dt=ModPipe%20Point%20of%20Sale%20(POS)%20Malware%20Targeting%20Hotels%20and%20Restaurants.%20%7C%20Technology%20News%20And%20Cyber%20Security%20Company%20in%20Ghana%20-%20Commerceshift%20CCTV&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=2089298376&gjid=1029987729&cid=122472324.1605637749&tid=UA-169324927-1&_gid=531124526.1605637749&_r=1&_slc=1&z=1489723197

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
91 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c03::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-169324927-1&cid=122472324.1605637749&jid=2089298376&gjid=1029987729&_gid=531124526.1605637749&_u=IEBAAAAAAAAAAC~&z=323327141

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c03::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 17 Nov 2020 18:29:09 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 35ms
33ms Image
image/gif 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-169324927-1&cid=122472324.1605637749&jid=2089298376&_u=IEBAAAAAAAAAAC~&z=820149053

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:09 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 34ms
32ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-169324927-1&cid=122472324.1605637749&jid=2089298376&_u=IEBAAAAAAAAAAC~&z=820149053

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:09 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 71 KB
28 KB 47ms
46ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MJKQDN8

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee55a9e91a48182e960291471fb1ede651c19804bb58dfce8b4203220b339592

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28635
x-xss-protection: 0
last-modified: Tue, 17 Nov 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Nov 2020 18:29:09 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 89 KB
23 KB 7ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4620c7cc7faa4ded84a43c1c0a8623d2fa293fe1b821790911229aa02601f7c0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23272
x-xss-protection: 0
pragma: public
x-fb-debug: KfC/YJIfv1a4pWRZZnSwkBNqghSgXq3GdHnC5AE2hAgin9wccoaaAQJ76bNscxpOttrvW6E/a4EV8yKl0FIfgQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 17 Nov 2020 18:29:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5620fd3acd4874ee2d86b7cc4ac77997940fb53e8faf51aa640573805c71cfce

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOmCnqEu92Fr1Mu4mxM.woff
fonts.gstatic.com/s/roboto/v20/ 20 KB
20 KB 7ms
6ms Font
font/woff 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://commerceshiftcctv.com
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 12 Nov 2020 22:39:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 416965
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20268
x-xss-protection: 0
expires: Fri, 12 Nov 2021 22:39:44 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc-.woff
fonts.gstatic.com/s/roboto/v20/ 20 KB
20 KB 9ms
8ms Font
font/woff 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

806ea46c426af8fc24e5cf42a210228739696933d36299eb28aee64f69fc71f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://commerceshiftcctv.com
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 18:32:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
server: sffe
age: 259025
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20356
x-xss-protection: 0
expires: Sun, 14 Nov 2021 18:32:04 GMT

GET
H2 200 fontawesome-webfont.woff2
commerceshiftcctv.com/wp-content/themes/newscard/assets/library/font-awesome/fonts/ 75 KB
75 KB 637ms
335ms Font
font/woff2 148.163.121.21
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: https://commerceshiftcctv.com/wp-content/themes/newscard/assets/library/font-awesome/fonts/fontawesome-webfont.woff2
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 148.163.121.21 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: corporate.viplus1.noc401.com
Software: LiteSpeed /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://commerceshiftcctv.com
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
last-modified: Sat, 14 Nov 2020 09:27:18 GMT
server: LiteSpeed
vary: User-Agent
content-type: font/woff2
status: 200
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 77160
expires: Tue, 24 Nov 2020 18:29:10 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc-.woff
fonts.gstatic.com/s/roboto/v20/ 20 KB
20 KB 37ms
22ms Font
font/woff 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://commerceshiftcctv.com
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 11:20:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
server: sffe
age: 25702
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20464
x-xss-protection: 0
expires: Wed, 17 Nov 2021 11:20:47 GMT

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.12.0/webfonts/ 74 KB
75 KB 145ms
48ms Font
font/woff2 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.12.0/css/all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b

Request headers

Origin: https://commerceshiftcctv.com
Referer: https://use.fontawesome.com/releases/v5.12.0/css/all.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
last-modified: Tue, 10 Dec 2019 22:46:48 GMT
server: NetDNA-cache/2.2
status: 200
etag: "822d94f19fe57477865209e1242a3c63"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 75936

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 11 KB
5 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.28

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3bea34f20c813024f046166fb0ad98a8eb93d5ab93052ceb993eee238ece5b66

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 4673
x-xss-protection: 0
pragma: public
x-fb-debug: +cc1ux8bGB7WeGp+LxJ7SBDSA+6NWwpfcAIGOyMAZXgYFy0n1jjTH/SKbHOS3uvbFiAXN3Bfvmvd985lCDIx9w==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 17 Nov 2020 18:29:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 543835856284943 Show response
connect.facebook.net/signals/config/ 235 KB
69 KB 61ms
61ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/543835856284943?v=2.9.28&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

91418cbd73308242ce688da95caa1e6826ef5ac76f88a71d4d0f2ad16467debe

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: iNkCz7SwXX7AgkboUyX9XYXMw+p9hmzbC4xV1e6dDshgOYtIRjlRLbreAFydN7bLEH7i9vzcMp6kLZHj6PVJdQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 17 Nov 2020 18:29:09 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 308 B
0 Image
image/avif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddf6fdea6eecbb145efbdc4a2f1c02d181a8a8a8c55044a915ba8ee109b6067b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/avif

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/ 231 KB
87 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad7386d16a056df5c235702a97a5fa4cee68e302d71041aa35df96151f756f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 88601
x-xss-protection: 0
server: cafe
etag: 4353532171737760018
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Nov 2020 18:29:09 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/ Frame 9EF1 0
0 8ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201112/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 17 Nov 2020 01:13:00 GMT
expires: Tue, 01 Dec 2020 01:13:00 GMT
content-type: text/html; charset=UTF-8
etag: 5228831996244654541
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4745
x-xss-protection: 0
age: 62169
cache-control: public, max-age=1209600
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 84 KB
34 KB 61ms
60ms Script
application/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-M9QQ5X6&t=gtag_UA_169324927_1&cid=122472324.1605637749

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c0795211be6be3277b988aaa8531de8f05713da5ed225524d7560568d2163c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34200
x-xss-protection: 0
last-modified: Tue, 17 Nov 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Nov 2020 18:29:10 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=543835856284943&ev=PageView&dl=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&rl=&if=false&ts=1605637750064&sw=1600&sh=1200&v=2.9.28&r=stable&a=wordpress-5.5.3-2.2.1&ec=0&o=30&fbp=fb.1.1605637750062.1426191474&it=1605637749897&coo=false&rqm=GET

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 17 Nov 2020 18:29:10 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 135 KB
52 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YKFDL92XCL

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=GTM-MJKQDN8

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e41d3dece202ebbdf4c733bcc0e1d6776e43f56b2287f5e10f701716c5f8b012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52742
x-xss-protection: 0
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 17 Nov 2020 18:29:10 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 211 B
648 B 174ms
68ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=commerceshiftcctv.com&callback=_gfp_s_&client=ca-pub-8965939085775879

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

fe0dff79e6ba386401fe0334ca159187c1a5de4c4adcdbaacd323a8fcc80c81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
247 B 15ms
15ms Script
application/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commerceshiftcctv.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
169 B 16ms
15ms Script
application/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commerceshiftcctv.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
48 B 16ms
16ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&tn=DIV&id=pwaforwp_loading_div&ign=false

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 204
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame EF68 0
0 319ms
318ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&adk=1812271804&adf=3025194257&lmt=1605637750&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&ea=0&flash=0&pra=5&wgl=1&dt=1605637749917&bpp=15&bdt=1110&idt=155&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4874235729004&frm=20&pv=2&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=53&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=177

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&adk=1812271804&adf=3025194257&lmt=1605637750&plat=1%3A16809992%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&ea=0&flash=0&pra=5&wgl=1&dt=1605637749917&bpp=15&bdt=1110&idt=155&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4874235729004&frm=20&pv=2&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=53&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=177
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 38700
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7193a6ae7349709641cdd713db8351d7361ed1ef6bed9ee8fb7631ab4c06453e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1605529771095600"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28207
x-xss-protection: 0
expires: Tue, 17 Nov 2020 18:29:10 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 8A04 0
0 393ms
392ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2293505319&adf=2110453180&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749933&bpp=32&bdt=1126&idt=181&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=JSafMGsiY5&p=https%3A//commerceshiftcctv.com&dtd=191

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJyF892aiu0CFcxF5QodhmQOew&gqi=dha0X5CwCs2SgQeZgr6YBw&layout=/sadbundle/%24csp%253Der3%24/12451656637752700974/300x250_Traenen_v2/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2293505319&adf=2110453180&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749933&bpp=32&bdt=1126&idt=181&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=1245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=JSafMGsiY5&p=https%3A//commerceshiftcctv.com&dtd=191
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJyF892aiu0CFcxF5QodhmQOew&gqi=dha0X5CwCs2SgQeZgr6YBw&layout=/sadbundle/%24csp%253Der3%24/12451656637752700974/300x250_Traenen_v2/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 36656
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame DD76 0
0 492ms
492ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=1376048409&adf=2963991666&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749965&bpp=1&bdt=1158&idt=206&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=1961&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=2OpjfVKqvS&p=https%3A//commerceshiftcctv.com&dtd=211

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13885979971099533884/ALH_KFZ_2020-10_EK_300x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13885979971099533884/ALH_KFZ_2020-10_EK_300x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL-e9N2aiu0CFVTHuwgd-iUAtA&gqi=dha0X_exC4ungAfn9J3wDw&layout=/sadbundle/%24csp%253Der3%24/13885979971099533884/ALH_KFZ_2020-10_EK_300x250.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=1376048409&adf=2963991666&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749965&bpp=1&bdt=1158&idt=206&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=1961&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&btvi=2&fsb=1&xpc=2OpjfVKqvS&p=https%3A//commerceshiftcctv.com&dtd=211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13885979971099533884/ALH_KFZ_2020-10_EK_300x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13885979971099533884/ALH_KFZ_2020-10_EK_300x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL-e9N2aiu0CFVTHuwgd-iUAtA&gqi=dha0X_exC4ungAfn9J3wDw&layout=/sadbundle/%24csp%253Der3%24/13885979971099533884/ALH_KFZ_2020-10_EK_300x250.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 35763
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
27 B 14ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=1&a=151720228&t=pageview&_s=1&dl=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&ul=en-us&de=UTF-8&dt=ModPipe%20Point%20of%20Sale%20(POS)%20Malware%20Targeting%20Hotels%20and%20Restaurants.%20%7C%20Technology%20News%20And%20Cyber%20Security%20Company%20in%20Ghana%20-%20Commerceshift%20CCTV&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGDAAUADQAAAAC~&jid=966680732&gjid=972000184&cid=122472324.1605637749&tid=UA-169324927-1&_gid=531124526.1605637749&_r=1&did=dZTNiMT&gtm=2oub41&z=2101667894

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 5BAB 0
0 473ms
473ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=494790495&adf=1231044767&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749966&bpp=1&bdt=1160&idt=220&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=2428&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=3&fsb=1&xpc=CAHMOjjZNh&p=https%3A//commerceshiftcctv.com&dtd=224

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN2a9d2aiu0CFZbjuwgdrvwHAA&gqi=dha0X9CeDIPYgAfp_ba4Dg&layout=/sadbundle/%24csp%253Der3%24/12451656637752700974/300x250_Traenen_v2/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=494790495&adf=1231044767&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1605637749966&bpp=1&bdt=1160&idt=220&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=54&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=2428&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=3&fsb=1&xpc=CAHMOjjZNh&p=https%3A//commerceshiftcctv.com&dtd=224
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12451656637752700974/300x250_Traenen_v2/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN2a9d2aiu0CFZbjuwgdrvwHAA&gqi=dha0X9CeDIPYgAfp_ba4Dg&layout=/sadbundle/%24csp%253Der3%24/12451656637752700974/300x250_Traenen_v2/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 35978
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

POST
H2 204 collect
analytics.google.com/g/ 0
354 B 34ms
13ms Other
text/plain 2a00:1450:4001:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-YKFDL92XCL&gtm=2oeb41&_p=151720228&sr=1600x1200&_gaz=1&ul=en-us&cid=122472324.1605637749&_s=1&dl=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&dr=&dt=ModPipe%20Point%20of%20Sale%20(POS)%20Malware%20Targeting%20Hotels%20and%20Restaurants.%20%7C%20Technology%20News%20And%20Cyber%20Security%20Company%20in%20Ghana%20-%20Commerceshift%20CCTV&sid=1605637750&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YKFDL92XCL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
server: Golfe2
status: 204
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 collect
stats.g.doubleclick.net/g/ 0
23 B 42ms
15ms Other
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-YKFDL92XCL&cid=122472324.1605637749&gtm=2oeb41&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YKFDL92XCL
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
server: Golfe2
status: 204
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
88 B 34ms
32ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-YKFDL92XCL&cid=122472324.1605637749&gtm=2oeb41&aip=1&z=1443185461

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 2699 0
0 371ms
370ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=3112048941&adf=2703010858&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749967&bpp=1&bdt=1160&idt=318&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=2957&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=4&uci=a!4&btvi=4&fsb=1&xpc=znvK6ZqWGA&p=https%3A//commerceshiftcctv.com&dtd=322

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=3112048941&adf=2703010858&pi=t.ma~as.&w=793&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=793x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749967&bpp=1&bdt=1160&idt=318&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=185&ady=2957&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=4&uci=a!4&btvi=4&fsb=1&xpc=znvK6ZqWGA&p=https%3A//commerceshiftcctv.com&dtd=322
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 11836
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
427 B 28ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-169324927-1&cid=122472324.1605637749&jid=966680732&gjid=972000184&_gid=531124526.1605637749&_u=KGDAAUADQAAAAC~&z=1762684370

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 17 Nov 2020 18:29:10 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame A820 0
0 363ms
362ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=351110480&adf=2986032747&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749968&bpp=1&bdt=1161&idt=330&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=5&uci=a!5&fsb=1&xpc=95WAuEdHO5&p=https%3A//commerceshiftcctv.com&dtd=334

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=351110480&adf=2986032747&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749968&bpp=1&bdt=1161&idt=330&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=5&uci=a!5&fsb=1&xpc=95WAuEdHO5&p=https%3A//commerceshiftcctv.com&dtd=334
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 20592
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame A61E 0
0 420ms
419ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=1632635426&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=353&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MfvHgSp1SP&p=https%3A//commerceshiftcctv.com&dtd=390

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8542799169795176838/nt_a20-DE_300x250_find-nearest-dealer/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8542799169795176838/nt_a20-DE_300x250_find-nearest-dealer/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWf_92aiu0CFSvquwgdvlcPNA&gqi=dha0X47RFqev-gaI-7CgAg&layout=/sadbundle/%24csp%253Der3%24/8542799169795176838/nt_a20-DE_300x250_find-nearest-dealer/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=1632635426&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=353&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MfvHgSp1SP&p=https%3A//commerceshiftcctv.com&dtd=390
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8542799169795176838/nt_a20-DE_300x250_find-nearest-dealer/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8542799169795176838/nt_a20-DE_300x250_find-nearest-dealer/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWf_92aiu0CFSvquwgdvlcPNA&gqi=dha0X47RFqev-gaI-7CgAg&layout=/sadbundle/%24csp%253Der3%24/8542799169795176838/nt_a20-DE_300x250_find-nearest-dealer/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 31058
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
88 B 29ms
29ms Image
image/gif 2a00:1450:4001:81b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-169324927-1&cid=122472324.1605637749&jid=966680732&_u=KGDAAUADQAAAAC~&z=957507539

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
65 B 31ms
31ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-169324927-1&cid=122472324.1605637749&jid=966680732&_u=KGDAAUADQAAAAC~&z=957507539

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:10 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 7845 0
0 396ms
396ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=2061591614&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=400&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D37b2bd5c131c84df-2274597f71a600ae%3AT%3D1605637750%3ART%3D1605637750%3AS%3DALNI_MbNsmkeCMkyEXjJ6sfOHnXtOuB6Lw&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=958&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=7&uci=a!7&fsb=1&xpc=d68vjja5Mb&p=https%3A//commerceshiftcctv.com&dtd=403

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2531053425618515304/nt_a20-DE_300x250_wr-suv-4-b/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2531053425618515304/nt_a20-DE_300x250_wr-suv-4-b/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKCUgN6aiu0CFX3Ruwgd1osJCQ&gqi=dha0X7CvF4W_gQey47WwCw&layout=/sadbundle/%24csp%253Der3%24/2531053425618515304/nt_a20-DE_300x250_wr-suv-4-b/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=2061591614&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=400&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D37b2bd5c131c84df-2274597f71a600ae%3AT%3D1605637750%3ART%3D1605637750%3AS%3DALNI_MbNsmkeCMkyEXjJ6sfOHnXtOuB6Lw&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=958&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=7&uci=a!7&fsb=1&xpc=d68vjja5Mb&p=https%3A//commerceshiftcctv.com&dtd=403
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2531053425618515304/nt_a20-DE_300x250_wr-suv-4-b/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2531053425618515304/nt_a20-DE_300x250_wr-suv-4-b/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKCUgN6aiu0CFX3Ruwgd1osJCQ&gqi=dha0X7CvF4W_gQey47WwCw&layout=/sadbundle/%24csp%253Der3%24/2531053425618515304/nt_a20-DE_300x250_wr-suv-4-b/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:10 GMT
server: cafe
content-length: 31177
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 17-Nov-2020 18:44:10 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Tue, 17 Nov 2020 18:29:10 GMT
cache-control: private

GET
H3-Q050 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/ 144 KB
52 KB 57ms
28ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b9e96b28f4cd7f5e834ccd74f701c8b42d9fba63f52d18ea2903749ab2b6f03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 52977
x-xss-protection: 0
server: cafe
etag: 5435475976641876327
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 17 Nov 2020 18:29:10 GMT

OPTIONS
H2 200 FXL-947-2030.json
script.fixel.ai/config/ Frame 0
0 420ms
399ms Other 2600:9000:2127:c000:1a:6635:8d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.fixel.ai/config/FXL-947-2030.json
Protocol: H2
Server: 2600:9000:2127:c000:1a:6635:8d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://commerceshiftcctv.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
content-length: 0
date: Tue, 17 Nov 2020 18:29:11 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
server: AmazonS3
vary: Origin
x-cache: Miss from cloudfront
via: 1.1 d33f640b9793fb0553cc6dbe55988068.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: G0IGQT5m_lmhmeKl8NY0Q1tDevjdN1_QHoS0zhGvMWeLYtPLLO46yQ==

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/ 335 KB
131 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=wpcf_onloadCallback&render=explicit&ver=5.5.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a2806a256579773a3680e21459dea7827d002104c6336856e0bef9a39be0c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://commerceshiftcctv.com
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 17:35:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3196
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133988
x-xss-protection: 0
last-modified: Mon, 16 Nov 2020 01:06:46 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Nov 2021 17:35:54 GMT

GET
H2 200 FXL-947-2030.json Show response
script.fixel.ai/config/ 126 B
588 B 183ms
129ms XHR
application/octet-stream 2600:9000:2127:c000:1a:6635:8d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://script.fixel.ai/config/FXL-947-2030.json
Requested by: Host: script.fixel.ai
URL: https://script.fixel.ai/script/Fixel.min.js?src=WP&ver=5.5.3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:c000:1a:6635:8d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c45a61d214d1dd57e7e5ba2414332dae592cd05dc818bfc3be9bc209d4a94a3

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

x-amz-version-id: ZWpJRvzQgIw8sXj98fJJNypPtSuvUyH7
via: 1.1 d33f640b9793fb0553cc6dbe55988068.cloudfront.net (CloudFront)
etag: "71d460c38d8c916d114013062876018d"
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
content-length: 126
last-modified: Thu, 09 Jul 2020 14:16:47 GMT
server: AmazonS3
date: Tue, 17 Nov 2020 18:29:12 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: LWvsRPc9EGgjnWIVl5h_8p5Ue5sUUjKSR8ZptA7JqMX8CswCH93gmw==

GET
H2 200 Home-Banner4-1366x460-ITRM-scaled.jpg
cdn.shortpixel.ai/client/q_glossy,ret_img/https://commerceshiftcctv.com/wp-content/uploads/2020/07/ 289 KB
290 KB 197ms
196ms Image
image/jpeg 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.shortpixel.ai/client/q_glossy,ret_img/https://commerceshiftcctv.com/wp-content/uploads/2020/07/Home-Banner4-1366x460-ITRM-scaled.jpg
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: a40b0ee2b7b8190744aa82290bbca06f2508430860b19b33251a71d448c95d4d

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
last-modified: Wed, 11 Nov 2020 06:39:00 GMT
server: nginx
status: 200
etag: 87ef5cc3231caba397985acbe685d5e9
vary: Accept-Encoding
x-tag: Domain:commerceshiftcctv.com
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2313801, s-maxage=2313801
accept-ranges: bytes
link: <https://commerceshiftcctv.com/wp-content/uploads/2020/07/Home-Banner4-1366x460-ITRM-scaled.jpg>; rel="canonical"
content-length: 296001
x-hw: 1605637750.cds030.lo4.hn,1605637750.cds219.lo4.s,1605637750.dop207.fr8.t,1605637750.cds103.fr8.c,1605637750.cds219.lo4.s,1605637750.dop207.fr8.t,1605637750.cds103.fr8.c,1605637750.cds219.lo4.p

GET
H2 200 shutterstock_290498753.jpg
cdn.shortpixel.ai/client/to_avif,q_glossy,ret_img,w_1000/https://commerceshiftcctv.com/wp-content/uploads/2020/11/ 46 KB
46 KB 154ms
153ms Image
image/avif 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.shortpixel.ai/client/to_avif,q_glossy,ret_img,w_1000/https://commerceshiftcctv.com/wp-content/uploads/2020/11/shutterstock_290498753.jpg
Requested by: Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 5df9593112a2828823b93dc35e1b7ab044a9cb49241f9be28271e4511fa85606

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:10 GMT
last-modified: Sat, 14 Nov 2020 10:14:25 GMT
server: nginx
status: 200
etag: a85c342fc0f2da6f32ff8758a953be47
vary: Accept-Encoding
x-tag: Domain:commerceshiftcctv.com
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=2304142, s-maxage=2304142
accept-ranges: bytes
link: <https://commerceshiftcctv.com/wp-content/uploads/2020/11/shutterstock_290498753.jpg>; rel="canonical"
content-length: 47147
x-hw: 1605637750.cds030.lo4.hn,1605637750.cds219.lo4.s,1605637750.dop107.fr8.t,1605637750.cds279.fr8.c,1605637750.cds219.lo4.s,1605637750.dop221.fr8.t,1605637750.cds279.fr8.c,1605637750.cds219.lo4.p

GET
H3-Q050 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/ Frame 214D 0
0 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201112/r20190131/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201112/r20190131/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 17 Nov 2020 02:27:59 GMT
expires: Tue, 01 Dec 2020 02:27:59 GMT
content-type: text/html; charset=UTF-8
etag: 5228831996244654541
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4745
x-xss-protection: 0
age: 57671
cache-control: public, max-age=1209600
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H2 200 /
www.facebook.com/tr/ 0
86 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryOWQ4keXpMWgXLcS9

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 17 Nov 2020 18:29:10 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://commerceshiftcctv.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

POST
H/1.1 200
OK FXL-947-2030 Show response
api.fixelapp.com/api/v2/grade/ 91 B
390 B 663ms
196ms XHR
application/json 52.202.214.97
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fixelapp.com/api/v2/grade/FXL-947-2030
Requested by: Host: script.fixel.ai
URL: https://script.fixel.ai/script/Fixel.min.js?src=WP&ver=5.5.3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.214.97 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-214-97.compute-1.amazonaws.com
Software: nginx/1.16.1 / Express
Resource Hash: 01e0937e46605255dd4d6787dafcb7f62e2ff30ba9ce94379ffee5bbc6ec7381

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

Date: Tue, 17 Nov 2020 18:29:11 GMT
Server: nginx/1.16.1
X-Powered-By: Express
ETag: W/"5b-2J8BWYeveCHYVyHEAYcK4i4Jo70"
Access-Control-Allow-Methods: *
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 91

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 93ms
79ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201112&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c36fdc81de3d995276c188c70cd7669ef4e4a2631d78307aa6a2f1c445aa795

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 17 Nov 2020 18:29:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6424
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 007E 0
0 312ms
312ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-1a332ab1.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=351110480&adf=2986032747&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749968&bpp=1&bdt=1161&idt=330&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=140750552214204&dssz=55&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=5&uci=a!5&fsb=1&xpc=95WAuEdHO5&p=https%3A//commerceshiftcctv.com&dtd=334
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkc7NP5H4RLAP-DTKquVfIhVx7mhjDPv6AWjYY7cyteyhsQrjaGvklkmNgl; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:12 GMT
server: cafe
content-length: 23453
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame EFE2 0
0 388ms
387ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-1a332ab1.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=1632635426&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=353&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=6&uci=a!6&fsb=1&xpc=MfvHgSp1SP&p=https%3A//commerceshiftcctv.com&dtd=390
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkc7NP5H4RLAP-DTKquVfIhVx7mhjDPv6AWjYY7cyteyhsQrjaGvklkmNgl; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:12 GMT
server: cafe
content-length: 23510
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 5CE8 0
0 487ms
486ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: commerceshiftcctv.com
URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-1a332ab1.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8675709472798795342/WoWs_arp2020_336x280.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8675709472798795342/WoWs_arp2020_336x280.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMOZ6N6aiu0CFSXnuwgd8FgKVg&gqi=eBa0X4itBdqKgAemrJPADQ&layout=/sadbundle/%24csp%253Der3%24/8675709472798795342/WoWs_arp2020_336x280.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8965939085775879&output=html&h=280&adk=2521627789&adf=2061591614&pi=t.ma~as.&w=377&fwrn=4&fwrnh=100&lmt=1605637750&rafmt=1&tp=site_kit&psa=0&format=377x280&url=https%3A%2F%2Fcommerceshiftcctv.com%2F2020%2F11%2F14%2Flatest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1605637749969&bpp=1&bdt=1162&idt=400&shv=r20201112&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D37b2bd5c131c84df-2274597f71a600ae%3AT%3D1605637750%3ART%3D1605637750%3AS%3DALNI_MbNsmkeCMkyEXjJ6sfOHnXtOuB6Lw&prev_fmts=0x0%2C793x280%2C793x280%2C793x280%2C793x280%2C377x280%2C377x280&nras=1&correlator=4874235729004&frm=20&pv=1&ga_vid=122472324.1605637749&ga_sid=1605637750&ga_hid=151720228&ga_fc=0&iag=0&icsg=2252008835427267&dssz=59&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1048&ady=958&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C21067467%2C21068083&oid=3&pvsid=1955819104186511&pem=274&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=7&uci=a!7&fsb=1&xpc=d68vjja5Mb&p=https%3A//commerceshiftcctv.com&dtd=403
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkc7NP5H4RLAP-DTKquVfIhVx7mhjDPv6AWjYY7cyteyhsQrjaGvklkmNgl; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8675709472798795342/WoWs_arp2020_336x280.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8675709472798795342/WoWs_arp2020_336x280.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMOZ6N6aiu0CFSXnuwgd8FgKVg&gqi=eBa0X4itBdqKgAemrJPADQ&layout=/sadbundle/%24csp%253Der3%24/8675709472798795342/WoWs_arp2020_336x280.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 17 Nov 2020 18:29:12 GMT
server: cafe
content-length: 34388
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201112/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 18:29:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Tue, 17 Nov 2020 18:29:12 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 9438 0
0 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Tue, 17 Nov 2020 18:02:20 GMT
expires: Wed, 17 Nov 2021 18:02:20 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1612
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
25 B 58ms
57ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201112&jk=1955819104186511&bg=!k5ClkLDNAAVGySeIRlijT8zIm758_AIAAAEaUgAAABNoAQcKAPEz40DGp6nbvJst1qEh8n3QcthkLp-vm21OUnGnD-YYc1LJQgTbGAW6EmI830_KtA6405_hzDMQtj7UUZLhl2dVbTSEXSeP1yShGcP6bEnP7MS5MdEUeXL67_es339DDhS6_uuHGw_rSdnEoY-ONwyc3yuY-rRZE5YRUnj-oK_HYAh4UGi7a2Ae_EnM6hzI0_JmO_xDR674rb6slzNNkrBCQXuBETR28pphV1kZjfncAh_Jwynf6DqAH8mpIFUWOTnbWkWDPcSuRayK151ZEwAtGmqjIN6AJB7CLeLLGGkx-wwzpc70jrvCfBDVol7Blr85mQG-45rUmnFlys5W9TVAuxJuvftgZYkuygU1l0crHd2EoWxSIb2GKnFFPsr-GZlvMlNQljuIekHdNW3CHrhKUK3KItlHqWszqKHOGFVvJZqLBd-1C-tnTQkbkdqSvTwn6CftJUPm4OYp3rhT9mLSz0xmyUueTuzCkk02ExFvNZSOGhwJMM80J9bmMcRTPe9-uSfcNk6EVFD5OotxFIdnvVmem_zUlEJDXcRhAaB0CwqxS4jTZUho3reUZKMo-oQQ4m7t3AS-bhsloERp3BokWSTQtTniGrTBJpoEtKA2eNlCmLbe3-xyF0DEypIqmwhdwYK3l2hi6DFvxvDgoJWiJwzrOTU17Y1jnt0l79I4d7u62TbuANc1ZxLrLygH21FDdr4POabplASskZKt_NPZJ7j8ZrzXB8mp8iT4sHgaaIGDmfpXhicdPw_wcb1jcw_vWWDDOrnO3YVjENwV3Sswaw53CW43T8ssGW5Gzh_v0ZsgzjmDg3qUuNnt11E44pzRYusRNxQEMVsxNpr9gyIoyQZFBo9MuahHDlyH1xXk5O9waDVpSVDD0vK_KMKDaYNYuEqyMAPkwXmORifHh4Fifas

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commerceshiftcctv.com/2020/11/14/latest-modpipe-point-of-sale-pos-targeting-malware-hotels-and-restaurants/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Nov 2020 18:29:12 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
status: 204
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://commerceshiftcctv.com/wp-content/cache/wpo-minify/1605346038/assets/wpo-minify-header-1a332ab1.min.js(Line 39) Message: Article loaded
console-api	log	URL: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js(Line 128) Message: reCAPTCHA couldn't find user-provided function: wpcf_onloadCallback
console-api	log	URL: https://script.fixel.ai/script/Fixel.min.js?src=WP&ver=5.5.3(Line 1) Message: Fixel disabled.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
analytics.google.com
api.fixelapp.com
cdn.shortpixel.ai
code.jquery.com
commerceshiftcctv.com
connect.facebook.net
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
script.fixel.ai
stats.g.doubleclick.net
tpc.googlesyndication.com
use.fontawesome.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
148.163.121.21
151.139.128.11
172.217.18.162
2001:4de0:ac19::1:b:1a
23.111.9.35
2600:9000:2127:c000:1a:6635:8d40:93a1
2a00:1450:4001:800::2002
2a00:1450:4001:802::2003
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:806::2008
2a00:1450:4001:80b::2003
2a00:1450:4001:814::2002
2a00:1450:4001:814::2003
2a00:1450:4001:817::2008
2a00:1450:4001:817::200e
2a00:1450:4001:819::2003
2a00:1450:4001:81a::2004
2a00:1450:4001:81b::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:81e::200e
2a00:1450:4001:824::200e
2a00:1450:400c:c00::9a
2a00:1450:400c:c03::9b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
52.202.214.97
01e0937e46605255dd4d6787dafcb7f62e2ff30ba9ce94379ffee5bbc6ec7381
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0c3c3fde8520286fe96d4d8f707cdfd0aa3b8d9bf7c639f830bf0440c9af7cea
0c45a61d214d1dd57e7e5ba2414332dae592cd05dc818bfc3be9bc209d4a94a3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14a2806a256579773a3680e21459dea7827d002104c6336856e0bef9a39be0c9
151c08c84b27c81c7652616be3a319477090dc7e509f503869b29b9800ace0dd
1b7409ac667ca9a920b40449d58b9f07722ec0699db3eb43fa84912033b289da
1c36fdc81de3d995276c188c70cd7669ef4e4a2631d78307aa6a2f1c445aa795
254541661d18ad79e7589d7a8757de0553f61c6c275bfad32b02d7d5857658bf
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d34ab93d0f86492171011b94488c4368d5d367af7b23434d36b4f53e54926c4
3bea34f20c813024f046166fb0ad98a8eb93d5ab93052ceb993eee238ece5b66
3c0795211be6be3277b988aaa8531de8f05713da5ed225524d7560568d2163c3
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
4620c7cc7faa4ded84a43c1c0a8623d2fa293fe1b821790911229aa02601f7c0
4b9e96b28f4cd7f5e834ccd74f701c8b42d9fba63f52d18ea2903749ab2b6f03
4c47178a03de17de309efcc73496673c02c267f60e267839086b7287398945ae
4e06bd3e59ab212eae94d6f655be84d5dac9f7c4197a18025dc698997f2f9db8
5620fd3acd4874ee2d86b7cc4ac77997940fb53e8faf51aa640573805c71cfce
57135994acd82a57e8341534e7056af792a0b3a82415e67846dc914a1727308b
5a9ddb90d20977b46b3dd65e9253a815a46a375459a628fb6f07754904f5f4c7
5df9593112a2828823b93dc35e1b7ab044a9cb49241f9be28271e4511fa85606
64abad78d1c743e3d5ca7bbbb01389f7dfbb94726fd7b88b9c17eb847531f049
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
7193a6ae7349709641cdd713db8351d7361ed1ef6bed9ee8fb7631ab4c06453e
806ea46c426af8fc24e5cf42a210228739696933d36299eb28aee64f69fc71f1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b
91418cbd73308242ce688da95caa1e6826ef5ac76f88a71d4d0f2ad16467debe
9e85e71fed09071549c2b4e9806c19ae1c412c554ba7e5faad60e12b13d03391
a40b0ee2b7b8190744aa82290bbca06f2508430860b19b33251a71d448c95d4d
ad7386d16a056df5c235702a97a5fa4cee68e302d71041aa35df96151f756f48
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
ba5366d10fa341b50b3460262ab48b6080c282ffd8f2d0360be9ba4aa4cd4ee6
ba98f991d002c6bfaaf7b874652ffdcde9261a86925db87df3ed2861ea080adf
bcbf9921cbf415b125ac7e7be3dc773564a8e657067c5a2b688fa41bf4b2e1e5
c1dc87f99c7ff228806117d58f085c6c573057fa237228081802b7d8d3cf7684
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd
d070675177bf222025ef444e63c4d6083567e17fcd74ab5a46c4562018e1a734
ddf6fdea6eecbb145efbdc4a2f1c02d181a8a8a8c55044a915ba8ee109b6067b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d3dece202ebbdf4c733bcc0e1d6776e43f56b2287f5e10f701716c5f8b012
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ee55a9e91a48182e960291471fb1ede651c19804bb58dfce8b4203220b339592
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fe0dff79e6ba386401fe0334ca159187c1a5de4c4adcdbaacd323a8fcc80c81d
ffd35361c5610e7939b11cb512d45a7906d2be8967f7f04bf9da6e023d1d622a

commerceshiftcctv.com Open in urlscan Pro 148.163.121.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

72 Requests

100 %HTTPS

81 %IPv6

18 Domains

24 Subdomains

28 IPs

5 Countries

1443 kBTransfer

3291 kBSize

0 Cookies

19 Outgoing links

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

commerceshiftcctv.com Open in urlscan Pro
148.163.121.21 Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

100 %
HTTPS

81 %
IPv6

18
Domains

24
Subdomains

28
IPs

5
Countries

1443 kB
Transfer

3291 kB
Size

0
Cookies

72 HTTP transactions
2 data transactions