threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Submission: On August 06 via manual (August 6th 2022, 3:29:27 pm UTC) from VN — Scanned from DE

Summary HTTP 255 Redirects Behaviour Indicators

Summary

This website contacted 76 IPs in 12 countries across 76 domains to perform 255 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 187681.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 18th 2022. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
3	18.66.139.100 18.66.139.100	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:20:... 2606:4700:20::681a:7da	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2600:9000:223... 2600:9000:223c:6e00:1b:d000:d280:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
5	108.138.4.10 108.138.4.10	16509 (AMAZON-02) (AMAZON-02)
1 10	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:249... 2600:9000:2490:b400:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	23.206.210.112 23.206.210.112	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:10:... 2606:4700:10::6816:3456	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
3	34.249.212.46 34.249.212.46	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1 3	2600:1f1c:a99... 2600:1f1c:a99:832c:2412:5a3c:977a:e751	16509 (AMAZON-02) (AMAZON-02)
1	199.232.16.157 199.232.16.157	54113 (FASTLY) (FASTLY)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
6	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:8a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 7	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	3.229.66.54 3.229.66.54	14618 (AMAZON-AES) (AMAZON-AES)
1	213.19.147.43 213.19.147.43	26120 (RHYTHMONE) (RHYTHMONE)
1 2	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
7	159.89.246.130 159.89.246.130	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2602:803:c003... 2602:803:c003:200::31	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.157.139.2 35.157.139.2	16509 (AMAZON-02) (AMAZON-02)
12	34.249.131.141 34.249.131.141	16509 (AMAZON-02) (AMAZON-02)
3	52.72.207.90 52.72.207.90	14618 (AMAZON-AES) (AMAZON-AES)
1 8	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 9	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
1	141.95.33.111 141.95.33.111	16276 (OVH) (OVH)
1	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	34.248.32.199 34.248.32.199	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	141.95.98.71 141.95.98.71	16276 (OVH) (OVH)
1	2600:9000:230... 2600:9000:2304:d800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:400c:c0b::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.21.184.188 2.21.184.188	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.66.112.110 18.66.112.110	16509 (AMAZON-02) (AMAZON-02)
4	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
4	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
1	99.86.240.7 99.86.240.7	16509 (AMAZON-02) (AMAZON-02)
2 2	103.229.206.241 103.229.206.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3 4	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
8	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
4 9	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	52.48.21.211 52.48.21.211	16509 (AMAZON-02) (AMAZON-02)
2	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1 2	185.86.139.102 185.86.139.102	201081 (SMARTADSE...) (SMARTADSERVER)
5 10	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	3.229.251.39 3.229.251.39	14618 (AMAZON-AES) (AMAZON-AES)
4 4	199.127.204.142 199.127.204.142	26120 (RHYTHMONE) (RHYTHMONE)
2 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2	69.166.1.10 69.166.1.10	27630 (AS-XFERNET) (AS-XFERNET)
5 5	52.45.33.138 52.45.33.138	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.208.63.59 18.208.63.59	14618 (AMAZON-AES) (AMAZON-AES)
1	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	52.95.122.74 52.95.122.74	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:d018:d29... 2a05:d018:d29:3605:358d:1e8a:10d4:e287	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 8	52.46.151.131 52.46.151.131	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
4 4	44.208.243.83 44.208.243.83	14618 (AMAZON-AES) (AMAZON-AES)
1 1	107.20.229.204 107.20.229.204	14618 (AMAZON-AES) (AMAZON-AES)
2 2	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
1 16	34.247.205.196 34.247.205.196	16509 (AMAZON-02) (AMAZON-02)
3 3	3.125.77.13 3.125.77.13	16509 (AMAZON-02) (AMAZON-02)
3 3	64.202.112.127 64.202.112.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	18.233.94.66 18.233.94.66	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.232.9.126 18.232.9.126	14618 (AMAZON-AES) (AMAZON-AES)
1 1	132.226.63.138 132.226.63.138	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
3 3	64.74.236.223 64.74.236.223	19024 (INTERNAP-...) (INTERNAP-BLK5)
1 1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.205.144.126 18.205.144.126	14618 (AMAZON-AES) (AMAZON-AES)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1 1	124.146.215.44 124.146.215.44	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 1	23.75.240.210 23.75.240.210	16625 (AKAMAI-AS) (AKAMAI-AS)
2 7	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	54.158.187.59 54.158.187.59	14618 (AMAZON-AES) (AMAZON-AES)
1	185.255.84.153 185.255.84.153	200271 (IGUANE-) (IGUANE-)
1 3	185.86.137.133 185.86.137.133	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	162.254.186.187 162.254.186.187	33695 (SCALEMATRIX) (SCALEMATRIX)
1 1	2606:4700::68... 2606:4700::6813:ad6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	173.231.180.197 173.231.180.197	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	2606:4700::68... 2606:4700::6812:d4c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
255	76

44 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.139.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-100.fra60.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::681a:7da (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:223c:6e00:1b:d000:d280:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.4.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-10.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.130.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:b400:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.210.112 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-210-112.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.249.212.46 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-212-46.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f1c:a99:832c:2412:5a3c:977a:e751 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.16.157 (Vienna, Austria)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.18.126 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.251.249.14 (Amsterdam, Netherlands) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.229.66.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-66-54.compute-1.amazonaws.com

hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.43 (Beverwijk, Netherlands)

ASN26120 (RHYTHMONE, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.40.89.200 (Ashburn, United States) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 159.89.246.130 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c003:200::31 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.139.2 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-139-2.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.249.131.141 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.72.207.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-207-90.compute-1.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.89.210.46 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.111 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

kaspersky.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.32.199 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-32-199.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.71 (France)

ASN16276 (OVH, FR)
PTR: ns3216577.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2304:d800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

ins.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.184.188 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-184-188.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-110.fra56.r.cloudfront.net

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.240.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-7.vie50.r.cloudfront.net

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.206.241 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.234 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.16.194 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.21.211 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-21-211.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.102 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 69.173.144.138 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States) 1 redirects

ASN32475 (SINGLEHOP-LLC, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.229.251.39 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-251-39.compute-1.amazonaws.com

x.yieldlift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.127.204.142 (United States) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.166.1.10 (United States)

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.45.33.138 (Ashburn, United States) 5 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.208.63.59 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-63-59.compute-1.amazonaws.com

ssp.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.95.122.74 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:358d:1e8a:10d4:e287 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.46.151.131 (Ashburn, United States) 4 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 44.208.243.83 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-243-83.compute-1.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.20.229.204 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-229-204.compute-1.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.180 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 34.247.205.196 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.125.77.13 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-77-13.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.202.112.127 (Leesburg, United States) 3 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.233.94.66 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-94-66.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.232.9.126 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-9-126.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.226.63.138 (Ashburn, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.223 (United States) 3 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.205.144.126 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-144-126.compute-1.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.44 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.75.240.210 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.19.126 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.158.187.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-187-59.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.153 (Ivry-sur-Seine, France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.137.133 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.254.186.187 (Escondido, United States) 1 redirects

ASN33695 (SCALEMATRIX, US)
PTR: www.abcbymebath.com

demand.trafficroots.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:ad6c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: ams-delivery-4.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d4c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	threatpost.com threatpost.com — Cisco Umbrella Rank: 187681 media.threatpost.com — Cisco Umbrella Rank: 966273	542 KB
19	rubiconproject.com 6 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 528 eus.rubiconproject.com — Cisco Umbrella Rank: 588 pixel.rubiconproject.com — Cisco Umbrella Rank: 326 token.rubiconproject.com — Cisco Umbrella Rank: 707 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1040	29 KB
17	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1474 usersync.gumgum.com — Cisco Umbrella Rank: 2041	6 KB
16	amazon-adsystem.com 6 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 323 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1264 s.amazon-adsystem.com — Cisco Umbrella Rank: 288	52 KB
15	kasperskycontenthub.com media.kasperskycontenthub.com — Cisco Umbrella Rank: 494157 kasperskycontenthub.com — Cisco Umbrella Rank: 437478	465 KB
14	casalemedia.com 6 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 560 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 453 r.casalemedia.com — Cisco Umbrella Rank: 713 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530	11 KB
14	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222 stats.g.doubleclick.net — Cisco Umbrella Rank: 118 cm.g.doubleclick.net — Cisco Umbrella Rank: 208	183 KB
13	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1885 public.servenobid.com — Cisco Umbrella Rank: 3937	8 KB
13	yahoo.com 6 redirects c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 910 ups.analytics.yahoo.com — Cisco Umbrella Rank: 277 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	3 KB
12	adnxs.com 7 redirects ib.adnxs.com — Cisco Umbrella Rank: 238 acdn.adnxs.com — Cisco Umbrella Rank: 584 secure.adnxs.com — Cisco Umbrella Rank: 462	26 KB
12	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3596 cds.connatix.com — Cisco Umbrella Rank: 3700 capi.connatix.com — Cisco Umbrella Rank: 3936 lit.connatix.com — Cisco Umbrella Rank: 8465 ins.connatix.com — Cisco Umbrella Rank: 5078 capi-tier-2-us-east-2.connatix.com Failed vid.connatix.com — Cisco Umbrella Rank: 4429 img.connatix.com — Cisco Umbrella Rank: 4278	471 KB
8	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 381	2 KB
8	openx.net 1 redirects teachingaids-d.openx.net — Cisco Umbrella Rank: 34390 eu-u.openx.net — Cisco Umbrella Rank: 2047 us-u.openx.net — Cisco Umbrella Rank: 396 u.openx.net — Cisco Umbrella Rank: 719	2 KB
8	serverbid.com e.serverbid.com — Cisco Umbrella Rank: 3590 sync.serverbid.com — Cisco Umbrella Rank: 7056 x.serverbid.com — Cisco Umbrella Rank: 8288	3 KB
7	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 37765	334 KB
5	smartadserver.com 2 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 924 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 605	3 KB
5	1rx.io 4 redirects tag.1rx.io — Cisco Umbrella Rank: 1667 sync.1rx.io — Cisco Umbrella Rank: 550	3 KB
5	pubmatic.com hbopenbid.pubmatic.com Failed ads.pubmatic.com — Cisco Umbrella Rank: 496 image6.pubmatic.com — Cisco Umbrella Rank: 636	23 KB
4	emxdgt.com 4 redirects cs.emxdgt.com — Cisco Umbrella Rank: 931	980 B
4	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 603	2 KB
4	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 679 ce.lijit.com — Cisco Umbrella Rank: 960	2 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 94	376 KB
3	zemanta.com 3 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 551	2 KB
3	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 686	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 292	2 KB
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1301	585 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 2580 mp.4dex.io — Cisco Umbrella Rank: 3595	25 KB
3	quantserve.com 1 redirects secure.quantserve.com — Cisco Umbrella Rank: 983 pixel.quantserve.com — Cisco Umbrella Rank: 465	10 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 188 kaspersky.demdex.net Failed	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 10 adservice.google.com — Cisco Umbrella Rank: 98	2 KB
3	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1772	67 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 630	700 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 649	623 B
2	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 1010	1000 B
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 741	1 KB
2	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 792
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 484	1 KB
2	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 592 cdn.indexww.com — Cisco Umbrella Rank: 1470	2 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5596 adservice.google.de — Cisco Umbrella Rank: 8117	1 KB
2	everesttech.net 2 redirects cm.everesttech.net — Cisco Umbrella Rank: 816 sync-tm.everesttech.net — Cisco Umbrella Rank: 623	748 B
2	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 652 eb2.3lift.com — Cisco Umbrella Rank: 411	694 B
2	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1237	413 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1443 id5-sync.com — Cisco Umbrella Rank: 541	13 KB
1	adgrx.com cm.adgrx.com — Cisco Umbrella Rank: 1488	408 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 929	432 B
1	trafficroots.com 1 redirects demand.trafficroots.com — Cisco Umbrella Rank: 3817	633 B
1	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 1273	158 B
1	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1251	35 B
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 791	425 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 986	699 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 531	386 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 495	760 B
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 903	44 B
1	technoratimedia.com 1 redirects sync.technoratimedia.com — Cisco Umbrella Rank: 1111	338 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1038	465 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 749	584 B
1	advertising.com 1 redirects pixel.advertising.com — Cisco Umbrella Rank: 871	166 B
1	rlcdn.com 1 redirects id.rlcdn.com — Cisco Umbrella Rank: 611	441 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 361	707 B
1	disqus.com 1 redirects ssp.disqus.com — Cisco Umbrella Rank: 2479	283 B
1	yieldlift.com 1 redirects x.yieldlift.com — Cisco Umbrella Rank: 3796	593 B
1	googlesyndication.com 2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com	4 KB
1	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 448
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 953	355 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 506	355 B
1	t.co t.co — Cisco Umbrella Rank: 445	338 B
1	omtrdc.net kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 303862	316 B
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1685	328 B
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 7566	410 B
1	ipify.org geo.ipify.org — Cisco Umbrella Rank: 132154	607 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 609	15 KB
1	gstatic.com www.gstatic.com	155 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1620	17 KB
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 145846	49 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	29 KB
255	76

	Domain	Requested by
42	threatpost.com	threatpost.com
16	usersync.gumgum.com	1 redirects g2.gumgum.com
13	media.kasperskycontenthub.com	threatpost.com
12	ads.servenobid.com	qd.admetricspro.com public.servenobid.com g2.gumgum.com r.casalemedia.com ssbsync.smartadserver.com
9	cm.g.doubleclick.net	4 redirects eu-u.openx.net threatpost.com g2.gumgum.com r.casalemedia.com
9	ib.adnxs.com	5 redirects qd.admetricspro.com acdn.adnxs.com r.casalemedia.com
8	s.amazon-adsystem.com	4 redirects threatpost.com r.casalemedia.com ssbsync.smartadserver.com
8	match.adsrvr.org	eu-u.openx.net public.servenobid.com threatpost.com sync.serverbid.com g2.gumgum.com r.casalemedia.com
7	dsum-sec.casalemedia.com	2 redirects r.casalemedia.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	pixel.rubiconproject.com	2 redirects public.servenobid.com threatpost.com eus.rubiconproject.com
6	c2shb.pubgw.yahoo.com	qd.admetricspro.com
5	ups.analytics.yahoo.com	5 redirects
5	cds.connatix.com	threatpost.com cd.connatix.com tagan.adlightning.com
5	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
4	cs.emxdgt.com	4 redirects
4	x.serverbid.com	sync.serverbid.com
4	token.rubiconproject.com	3 redirects threatpost.com
4	sync.1rx.io	4 redirects
4	c1.adform.net	3 redirects r.casalemedia.com
4	eus.rubiconproject.com	qd.admetricspro.com eus.rubiconproject.com g2.gumgum.com
4	ads.pubmatic.com	qd.admetricspro.com public.servenobid.com sync.serverbid.com g2.gumgum.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	securepubads.g.doubleclick.net	www.googletagservices.com tagan.adlightning.com securepubads.g.doubleclick.net
4	www.googletagmanager.com	threatpost.com www.googletagmanager.com
3	rtb-csync.smartadserver.com	1 redirects ssbsync.smartadserver.com
3	b1sync.zemanta.com	3 redirects
3	sync.outbrain.com	3 redirects
3	x.bidswitch.net	3 redirects
3	aax-eu.amazon-adsystem.com	2 redirects threatpost.com
3	r.casalemedia.com	1 redirects public.servenobid.com js-sec.indexww.com
3	ssum-sec.casalemedia.com	3 redirects
3	us-u.openx.net	1 redirects eu-u.openx.net
3	eu-u.openx.net	qd.admetricspro.com eu-u.openx.net
3	btlr.sharethrough.com	qd.admetricspro.com
3	e.serverbid.com	qd.admetricspro.com sync.serverbid.com
3	ap.lijit.com	1 redirects qd.admetricspro.com public.servenobid.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
3	dpm.demdex.net	media.kaspersky.com threatpost.com r.casalemedia.com
3	tagan.adlightning.com	threatpost.com tagan.adlightning.com
2	creativecdn.com	2 redirects
2	ad.360yield.com	2 redirects
2	secure.adnxs.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects g2.gumgum.com
2	sync.go.sonobi.com	public.servenobid.com sync.serverbid.com
2	p.rfihub.com	2 redirects
2	ssbsync.smartadserver.com	1 redirects public.servenobid.com
2	onetag-sys.com	public.servenobid.com sync.serverbid.com
2	sync.mathtag.com	2 redirects
2	img.connatix.com	threatpost.com
2	pixel.quantserve.com	1 redirects threatpost.com
2	prebid.a-mo.net	1 redirects qd.admetricspro.com
2	script.4dex.io	qd.admetricspro.com script.4dex.io
2	www.google.com	threatpost.com
2	kasperskycontenthub.com	threatpost.com
1	cdn.indexww.com	r.casalemedia.com
1	cm.adgrx.com	r.casalemedia.com
1	csync.loopme.me	1 redirects
1	demand.trafficroots.com	1 redirects
1	visitor.omnitagjs.com	ssbsync.smartadserver.com
1	rtb.adentifi.com	r.casalemedia.com
1	ad.turn.com	1 redirects
1	secure-assets.rubiconproject.com	1 redirects
1	tg.socdm.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	bh.contextweb.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	1 redirects
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	u.openx.net	g2.gumgum.com
1	pixel.advertising.com	1 redirects
1	id.rlcdn.com	1 redirects
1	px.ads.linkedin.com	threatpost.com
1	image6.pubmatic.com	ads.pubmatic.com
1	ssp.disqus.com	1 redirects
1	x.yieldlift.com	1 redirects
1	ce.lijit.com	1 redirects
1	g2.gumgum.com	public.servenobid.com
1	sync.serverbid.com	qd.admetricspro.com
1	public.servenobid.com	qd.admetricspro.com
1	acdn.adnxs.com	qd.admetricspro.com
1	js-sec.indexww.com	qd.admetricspro.com
1	eb2.3lift.com	qd.admetricspro.com
1	2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	tagan.adlightning.com
1	adservice.google.de	tagan.adlightning.com
1	imasdk.googleapis.com	cd.connatix.com
1	vid.connatix.com	cd.connatix.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ins.connatix.com	cd.connatix.com
1	lit.connatix.com	cd.connatix.com
1	rules.quantcount.com	secure.quantserve.com
1	id5-sync.com	cdn.id5-sync.com
1	analytics.twitter.com	threatpost.com
1	t.co	threatpost.com
1	cm.everesttech.net	1 redirects
1	kaspersky.d3.sc.omtrdc.net	media.kaspersky.com
1	capi.connatix.com	cd.connatix.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	mp.4dex.io	qd.admetricspro.com
1	teachingaids-d.openx.net	qd.admetricspro.com
1	tlx.3lift.com	qd.admetricspro.com
1	tag.1rx.io	qd.admetricspro.com
1	hb.yellowblue.io	qd.admetricspro.com
1	htlb.casalemedia.com	qd.admetricspro.com
1	geo.ipify.org	qd.admetricspro.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	media.threatpost.com	threatpost.com
1	cd.connatix.com	1 redirects
1	media.kaspersky.com	threatpost.com
1	www.googletagservices.com	threatpost.com
0	capi-tier-2-us-east-2.connatix.com Failed	cd.connatix.com
0	kaspersky.demdex.net Failed	tagan.adlightning.com
0	hbopenbid.pubmatic.com Failed	qd.admetricspro.com
255	121

This site contains no links.

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-18` - `2023-08-18`	a year	crt.sh
*.adlightning.com Amazon	`2022-06-09` - `2023-07-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-11` - `2023-07-10`	a year	crt.sh
media.kasperskycontenthub.com Amazon	`2022-01-02` - `2023-01-31`	a year	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-31` - `2023-03-31`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
media.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-02` - `2023-01-25`	6 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.yellowblue.io Amazon	`2022-04-23` - `2023-05-22`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2022-06-28` - `2023-07-29`	a year	crt.sh
*.a-mo.net R3	`2022-06-18` - `2022-09-16`	3 months	crt.sh
*.consumableaudio.com R3	`2022-07-05` - `2022-10-03`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
ads.servenobid.com Amazon	`2022-05-29` - `2023-06-27`	a year	crt.sh
*.sharethrough.com Amazon	`2022-07-14` - `2023-08-12`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh
*.d3.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-03-07`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.id5-sync.com R3	`2022-05-31` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
*.servenobid.com Amazon	`2022-02-06` - `2023-03-07`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
sync.serverbid.com Amazon	`2022-04-04` - `2023-05-03`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.gumgum.com Amazon	`2022-05-06` - `2023-06-04`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-14` - `2022-12-07`	6 months	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-05-02` - `2023-06-03`	a year	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
adentifi.com Amazon	`2022-08-05` - `2023-09-03`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-01` - `2023-03-28`	a year	crt.sh

This page contains 29 frames:

Primary Page: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Frame ID: FE0E9BC765EEBA99587530C806998E6E
Requests: 135 HTTP requests in this frame

Frame: https://cds.connatix.com/p/174545/connatix.player.dc.js
Frame ID: F96AE424934D4F31AF0042BDC3EFB99C
Requests: 12 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 73487AA2AAAB962A7D6D7B2F437F7FFA
Requests: 1 HTTP requests in this frame

Frame: https://2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9D510207E915B9E38F01000EDE6BFD0B
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 3E5B80CFC8BC73AE011746A684474BE0
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: EC528202C5738117EE48460037B6C897
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: D85181B315BAB4B6C7EB66DC8491B9A2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 07906CAF7C1BA7F31EA0CF7B1AA2CFA3
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 952CFC34555FFF95498B445FD38A18D3
Requests: 13 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 264EBBE75A3502126410AA47B45F5CE4
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0
Frame ID: D62CEE70485DD5695E638B26B7744411
Requests: 10 HTTP requests in this frame

Frame: https://sync.serverbid.com/ss/2000891.html
Frame ID: C9AF61D3C4286DBE40623B0CE8DC9426
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: 1B40C6C459F0F168EEF6332799385646
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 26CD383BC2693D769DC897C4EF02AD25
Requests: 16 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 5EE18FDA9A354056780F7AF61282A8BC
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 464F9BC379FF4964A53FA6EBE1A90737
Requests: 6 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: 818F51BCD7C2E7D5442E7B9AE30C0B72
Requests: 10 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: A8DFE5F191B3035623AE2FF8F0DCBE88
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=6c68086c0c61793
Frame ID: C75773E38038812C73BFB91EA7E4DAA7
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Frame ID: AC0017968E1182C92CE6AC938770C64D
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=d20462ee-88c0-4100-98e6-a586ffce29ee&gdpr=0&gdpr_consent=
Frame ID: 9D8EFF5490AB1970778A80012F2E63D8
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=Yu6IuQAAAG45NwOJ&gdpr=0&gdpr_consent=
Frame ID: E784B24EBE069F6B17A3F512BA3B6649
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV85MTIzNmM4MS03MjBlLTQ3NzAtYTljNS1jZTQ4MTExNTQ2MzM=&gdpr=0&gdpr_consent=
Frame ID: F61795DCCEF3CFE4364BE08086548ED8
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: BD1A90C4CF79D4B4B7B5DC69F4B7533B
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 5EE518A9362A0A22BCF28D8FC5828330
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&i=3930112574233973267brt54361659799744487219ab
Frame ID: 2F91A9E907A3416F255AC62D192CED45
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=Yu6IwMCo8X8AAH6VLIsAAAAA
Frame ID: 84F084545264072222D33E2A14D51F24
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=fNjfwUpASNlRc019SM0z&pi=gumgum&tc=1
Frame ID: B97CA6C1B7429FB52C48626EACE0A8C1
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: EAE07052B846DACA81AFB611F5076476
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

255
Requests

78 %
HTTPS

23 %
IPv6

76
Domains

121
Subdomains

76
IPs

12
Countries

2935 kB
Transfer

8271 kB
Size

87
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/174545/connatix.player.dc.js

Request Chain 121

https://cm.everesttech.net/cm/dd?d_uuid=12155719913609134422205874910212657368 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yu6IuQAAAG45NwOJ

Request Chain 159

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=973f62ee-88c0-4b00-882a-e6d23dfef6ff

Request Chain 160

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=clVvE3xfaE9pBj0UJQQnRHIEM0FpBTtHcVNxghKw

Request Chain 161

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3017107934732674128

Request Chain 164

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDQjVZeviokbKKAr6x7up9I&google_cver=1

Request Chain 169

https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Request Chain 171

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fads.servenobid.com%252Fsync%253Fpid%253D312%2526uid%253D%2524UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=3930112574233973267

Request Chain 172

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=FGegpBZHkuXkDmLLRDC9sqgz

Request Chain 174

https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID HTTP 301
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTlhNDNlNjEtZjk2NS00ODRiLTliODktMDczYjE4YjVjZGY1IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wOC0wNlQxNToyOTowNC4zMzQwNDZaIn0=

Request Chain 175

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1659799744334 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8790692405

Request Chain 176

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5140084921463961134

Request Chain 178

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=c78bb0c1-ecd6-402b-a085-513e6ad9e922&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 179

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-8Y7LV55E2uEYHRxXh61EIzTESdrJh_lapLs2kDI-~A

Request Chain 180

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID HTTP 302
https://ads.servenobid.com/sync?pid=346&uid=86780061-8e35-6c7d-fa24-d337dc1a888d

Request Chain 181

https://ups.analytics.yahoo.com/ups/58632/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=339&uid=y-uPF6QRlE2uE4w1hm_IRviaDBXD.yoTjwLNOGKfY-~A

Request Chain 184

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 185

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Ec6stGsVTHqVuZ9UaDw_XA&rk=usync-other&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Ec6stGsVTHqVuZ9UaDw_XA&gdpr=0

Request Chain 186

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEM4EjVgO0g9vc658gNV-JPE&google_cver=1

Request Chain 187

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/McQWKwydukNFtcLp3ozsNA?csrc=&gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3823467633521452841

Request Chain 188

https://token.rubiconproject.com/token?pid=36584&gdpr=0 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6I1WPUE-R-FR9O&gdpr=0

Request Chain 190

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=VgjaD9vfQjKQWKEzxtMteg&rk=usync-na&gdpr=0 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VgjaD9vfQjKQWKEzxtMteg&gdpr=0

Request Chain 191

https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZJMVdQVUUtUi1GUjlP&gdpr=0

Request Chain 192

https://id.rlcdn.com/709414.gif?gdpr=0 HTTP 307
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e

Request Chain 196

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID HTTP 307
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=FGegpBZHkuXkDmLLRDC9sqgz

Request Chain 197

https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24UID HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24EMXUID&b64_redirect=aHR0cHM6Ly94LnNlcnZlcmJpZC5jb20vdXNlcnN5bmM/dHR0PTEmc3JjPTImY3NwaT0wJmNuPTkmc3B1aT0mZHB1aT0kRU1YVUlE HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=3930112574233973267&redirect=https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=9&spui=&dpui=$EMXUID&b64_redirect=aHR0cHM6Ly94LnNlcnZlcmJpZC5jb20vdXNlcnN5bmM/dHR0PTEmc3JjPTImY3NwaT0wJmNuPTkmc3B1aT0mZHB1aT0kRU1YVUlE HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=9&spui=&dpui=3930112574233973267brt54361659799744487219ab

Request Chain 198

https://p.rfihub.com/cm?pub=42786&in=1 HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588521048361520

Request Chain 199

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D HTTP 302
https://r.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D&s=185073&C=1 HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=Yu6IwE8HwIULwrHEdzjubgAA%261180

Request Chain 200

https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3930112574233973267

Request Chain 202

https://pixel.advertising.com/ups/56621/occ HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=

Request Chain 204

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=3930112574233973267

Request Chain 205

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_91236c81-720e-4770-a9c5-ce4811154633&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_91236c81-720e-4770-a9c5-ce4811154633&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=3017107934732674128&ssp=gumgum2 HTTP 302
https://usersync.gumgum.com/usersync?b=bsw&i=1a89b240-e006-4997-9c15-e491f18939ad

Request Chain 206

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28xvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28xvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_91236c81-720e-4770-a9c5-ce4811154633&obuid=ENC(xvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://u.openx.net/w/1.0/cm?id=00df9f64-6f67-4cae-aeb2-d951da52047c&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopenx%26obUid%3DxvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98%26uid%3D

Request Chain 207

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=cb3596e8-edd5-0eac-1a37-f2556ac6f315

Request Chain 208

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sta&i=0-1e601252-7867-445b-7b83-2a32f1b8e10c$ip$217.64.151.8

Request Chain 210

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=vnt&i=f1465025-bc14-45ce-9cff-85630ba1ecb9

Request Chain 211

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
https://usersync.gumgum.com/usersync?b=snc&i=GDPR

Request Chain 213

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_91236c81-720e-4770-a9c5-ce4811154633&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=pGwj9E76qhtaMj211ax0&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT24CHO5VDSRJXGZYWQ5DBJVVDEMJRMF4DAJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT24CHO5VDSRJXGZYWQ5DBJVVDEMJRMF4DAJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=pGwj9E76qhtaMj211ax0&us_privacy=1---

Request Chain 214

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=e0e48be2-5e2a-434b-ae6a-9f07f4b70c5d

Request Chain 215

https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/floor6?zcc=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D&cb=1659799744445 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5620474752

Request Chain 216

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://usersync.gumgum.com/usersync?b=pln&i=GhXdpSVIIZKm&ev=1&pid=558355

Request Chain 217

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sad&i=3271110890427523485

Request Chain 219

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://usersync.gumgum.com/usersync?b=mmh&i=d20462ee-88c0-4100-98e6-a586ffce29ee&gdpr=0&gdpr_consent=

Request Chain 220

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=Yu6IuQAAAG45NwOJ&gdpr=0&gdpr_consent=

Request Chain 224

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY29tL3VzZXJzeW5jP2I9ZW14Jmk9JEVNWFVJRA== HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=3930112574233973267&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY29tL3VzZXJzeW5jP2I9ZW14Jmk9JEVNWFVJRA== HTTP 302
https://usersync.gumgum.com/usersync?b=emx&i=3930112574233973267brt54361659799744487219ab

Request Chain 225

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://usersync.gumgum.com/usersync?b=sus&i=Yu6IwMCo8X8AAH6VLIsAAAAA

Request Chain 226

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://usersync.gumgum.com/usersync?b=rth&i=fNjfwUpASNlRc019SM0z&pi=gumgum&tc=1

Request Chain 227

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 229

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB&dcc=t

Request Chain 230

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yu6IwJjVFWCWHyg-Lc0PJQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1

Request Chain 233

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2796461380285245460

Request Chain 239

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3271110890427523485&gdpr=0&gdpr_consent=

Request Chain 240

https://demand.trafficroots.com/sync.php?partner=3379&redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D137%26partneruserid%3D%7Btrafficroots_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=1f7ee0ebbf&gdpr=0&gdpr_consent=

Request Chain 241

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=3930112574233973267&gdpr=0&gdpr_consent=

Request Chain 244

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB&dcc=t

Request Chain 245

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yu6IwJjVFWCWHyg-Lc0PJQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1

Request Chain 246

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent= HTTP 307
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=7c297a59-2056-4cbf-949c-c489e69721a9&us_privacy=null&gdpr_consent=null&gdpr=1

Request Chain 249

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1

255 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ 88 KB
22 KB 1012ms
783ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

1be7f35fce084c6c152d13cf140409790f3820aa4a2b9b4707c81a3fc547a0b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 15:28:55 GMT
link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/164132>; rel="alternate"; type="application/json" <https://threatpost.com/?p=164132>; rel=shortlink
server: nginx/1.18.0
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-hit: EXPIRED
x-content-type-options: nosniff
x-debug-auth: off
x-frame-options: SAMEORIGIN
x-request-host: threatpost.com
x-xss-protection: 1; mode=block

GET
H2 200 museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
15 KB 107ms
104ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-3ca8"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15528

GET
H2 200 museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 109ms
106ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-5124"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20772

GET
H2 200 museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 207ms
204ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-3dcc"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15820

GET
H2 200 museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 210ms
207ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-51a4"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20900

GET
H2 200 museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 210ms
207ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-5c74"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23668

GET
H2 200 museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 308ms
305ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-5194"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20884

GET
H2 200 museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 309ms
306ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-5bac"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23468

GET
H2 200 museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 311ms
308ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-51b8"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20920

GET
H2 200 museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 311ms
308ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-5b34"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23348

GET
H2 200 museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 311ms
309ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-50c8"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20680

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 44 KB
19 KB 81ms
30ms Script
application/javascript 18.66.139.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-100.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 763e8baad4579e1c1ee71410e201c14e49f83e48170c614b729c8c70ec1a9b0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: JRV4qOUojuSzn3_3oRas7Gk91UsR7xWs
content-encoding: gzip
etag: "2ef762a81ddee5e5df6894d6ff1bb66a"
age: 1103
x-cache: Hit from cloudfront
content-length: 18697
x-amz-meta-git_commit: 7b120a5
last-modified: Fri, 05 Aug 2022 01:39:36 GMT
server: AmazonS3
date: Sat, 06 Aug 2022 15:10:34 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
x-amz-cf-id: GsBE4KAk-H9lrde5hnIKE2sS6rnoeFF92cdHU7UlkgmBuX4avp3zCQ==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
29 KB 70ms
25ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2362e0948b37833b8820327e2425670bbe4a65f392cc1ec18973ec7ff6064e63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28618
x-xss-protection: 0
server: sffe
etag: "1295 / 205 of 1000 / last-modified: 1659737217"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 06 Aug 2022 15:28:56 GMT

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
3 KB 434ms
188ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c39bad04b15a4691018de4abf7a625d46adf8ca9bcf6d3f27429d7673eb43f2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 25 Jun 2022 03:02:51 GMT
server: cloudflare
etag: W/"67a3-5e23cec2c75cc-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4p4n%2FMIzYqjUp0fPzKlIlXWOdcQrJHlDmOFSDZVj3y27VmKip1tLehq6ILd6M2vgYvLqVV1gLMTDvPRoPEys4QytQIJ7LaRqo%2FAL6Qpu%2FWkwMoCD79%2Bv32udytol04P3Z6syr6BJFBH%2B%2FhpDrSIgVPs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce1dbbc483b8-MXP
expires: Sat, 06 Aug 2022 15:31:35 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 187ms
183ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1vXgtp%2BZFKv37dejIIKN6%2BYoQcd5rKeCyhdNq657hormw%2FErNcQuQpai7cTIrgDT5HZK%2B1uXjkboQrPlah6MbarxCFe6SW6S28chqB%2FeMmplz0ueSJNchH0ee9GL9PTiTQT1RlKQe3XgiOX0pdj1i9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce1f3f1083b8-MXP
expires: Sat, 06 Aug 2022 15:31:35 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 216ms
211ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9MX0%2FiAAY45N%2FWm5K50KoKo82Ar2GvpByczeP9BG%2BBbeKETF2O1mHDHAkCEAWNvr47LluQryEjhrAXx2HbBT3MyNfKOdnqF%2Byc8E4A6a2C3rp6sMNIYMrGc397%2BpgP85RmWzzmnQKgL%2F4I7u6ubLSkA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce1f3f1983b8-MXP
expires: Sat, 06 Aug 2022 15:31:35 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 393 B
512 B 169ms
165ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 21:50:12 GMT
server: cloudflare
etag: W/"189-5c8c2c96f96c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQOH6Y9bXeJ%2BY9VY9LdJ9OLrAjuYU0zGG7M%2FV0UqAovh%2FWzSFXl77yqtVxX%2FVJjgg4UIsv3q3NItuSTlI%2BmnuDhGdoHMxKK5eqwkGq8qTg7wVIxiMhVtwM3jaXA7SqQqiOB489%2BFL%2B2kHS6EZQF3aww%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce1f3f1f83b8-MXP
expires: Sat, 06 Aug 2022 15:31:35 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 459 KB
131 KB 215ms
211ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a7e2f2daef118825ab8bb58bc3cd9dbb3c83cb84772a08f6c5758d706fef173

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 02 May 2022 16:56:40 GMT
server: cloudflare
etag: W/"72c32-5de0a46b45676-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIQuZjLM43As6o6RLTy0UZaQFUDs9t%2Bu6D59LRhEOra75wGDZCrozFa%2FfcBHaeiM%2FBu1ogzUdslKsjA5zu1YB3YJqboETUFVZUbnPweDbLnuo6sP4bDGzmDxf4GngYrkyKhzBG06D4URB81si2AcEwo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce1f3f2283b8-MXP
expires: Sat, 06 Aug 2022 15:31:35 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 35 KB
11 KB 417ms
171ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 24 Jan 2022 02:31:38 GMT
server: cloudflare
etag: W/"8cae-5d64ac49b9c1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63nFT7KMJ1Dn%2BBC9Rp2CMh%2FnIlo7kKwSksEp%2ByMA74dXS1JLbm9bkwbLGAxKz%2FFrt%2FIYcqAqzTmi45oiSkgwIRcPiyT9qCPLtcesvbpj1Wq3AQvJHQfI3459e74gS%2FfdtzfYfEiiRnJWtyQe%2Bl2GZFM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce1dbbc783b8-MXP
expires: Sat, 06 Aug 2022 15:31:35 GMT

GET
H2 200 /
threatpost.com/wp-content/plugins/bwp-minify/min/ 294 KB
42 KB 311ms
309ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
x-cache-hit: HIT
x-debug-auth: off
x-request-host: threatpost.com
content-length: 42696
expires: Sun, 07 Aug 2022 13:23:39 GMT

GET
H2 200 jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
34 KB 311ms
310ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-17a56"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 lazyload.js Show response
threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/ 7 KB
3 KB 409ms
408ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/lazyload.js?ver=202224051706
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 3307268982e18bae27fb0691dea184c6a6ce845db0f6ce1f41ca63e948dde8a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-1a91"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 alert_text.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 107 B
342 B 410ms
408ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1659625460
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-6b"
content-type: application/javascript
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 107
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 alert.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 4 KB
2 KB 410ms
409ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1659625460
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-104a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 public.js Show response
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 116 B
351 B 410ms
409ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-74"
content-type: application/javascript
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 116
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 kaspersky-twitter-pullquote.js Show response
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 599 B
589 B 411ms
409ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-257"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 loadmore.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 4 KB
1 KB 411ms
410ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-11e7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 social-share.js Show response
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 18 KB
6 KB 411ms
410ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:55 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-484d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:55 GMT

GET
H2 200 phish-fish-e1591191632979.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/06/03094019/ 53 KB
54 KB 266ms
32ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/06/03094019/phish-fish-e1591191632979.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1267fb5f954298273455537282a988283137c3ebeb9bef9f99d653a0a7ccd71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 23 Jul 2022 13:44:04 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Wed, 03 Jun 2020 13:40:33 GMT
server: AmazonS3
age: 1215893
etag: "26a41fc5fbb3f72019285056105bd717"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 54467
x-amz-cf-id: _AkhqorFZusd0bmXUI1eSfA0CBsOU-okNKR4LNqYS35-HF4Wjxmhyw==
expires: Thu, 03 Jun 2021 13:40:32 GMT

GET
H2 200 SMB-webinar-promo-article-b.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/17150450/ 157 KB
157 KB 283ms
50ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/17150450/SMB-webinar-promo-article-b.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 793c1fa20d428c9cc9f0af0179d9de217c124f5d19d31c6b36878ba793bbacd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 05:22:53 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 20:04:51 GMT
server: AmazonS3
age: 5047563
etag: "a2fa17a9d3c4987c5c58e2be2ebd9669"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 160257
x-amz-cf-id: Aga2V3jdJokGlInLlgzkLmJ14M5flje0hcTVjt82YSYP5p07GGCiqg==
expires: Thu, 17 Feb 2022 20:04:50 GMT

GET
H2 200 scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
919 B 319ms
103ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-828"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
967 B 65ms
25ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cad6c04e5003edd838a4827aeb9e321889c35cc865d583ddf59c2d4cf83954c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Sat, 06 Aug 2022 15:28:56 GMT

GET
H2 200 main.js Show response
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 3 KB
1 KB 106ms
101ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-ab4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 main.js Show response
threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/ 437 B
532 B 110ms
104ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-lazy-load/assets/js/main.js?ver=202224051706
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 0de5867fb96beb7a6df6147dea8d8f921d522b0822b0bdc46ac1af2277d3215c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-1b5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 s_code_single_suite.js Show response
media.kaspersky.com/tracking/omniture/ 173 KB
49 KB 259ms
36ms Script
application/javascript 185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

7f7e6e995618480710459b924bae8c1fee53d4f6ccc5d0f99d2f41a7341acf76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "8016ed8867a2d81:0"
x-powered-by: Kaspersky Labs, Kaspersky Labs
alt-svc: h3=":443"; ma=86400
content-length: 49453
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Jul 2022 09:50:57 GMT
server
x-frame-options: SAMEORIGIN
date: Sat, 06 Aug 2022 15:28:55 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
x-server: fr2/FRA4
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 main.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 114 KB
35 KB 111ms
105ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-1c643"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 regenerator-runtime.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 114ms
109ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-195e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 wp-polyfill.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 19 KB
7 KB 115ms
110ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-4b3d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 dom-ready.min.js Show response
threatpost.com/wp-includes/js/dist/ 1 KB
857 B 118ms
113ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-4e9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 hooks.min.js Show response
threatpost.com/wp-includes/js/dist/ 6 KB
2 KB 118ms
113ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-163a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 i18n.min.js Show response
threatpost.com/wp-includes/js/dist/ 10 KB
4 KB 119ms
114ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-28a7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 a11y.min.js Show response
threatpost.com/wp-includes/js/dist/ 3 KB
1 KB 119ms
114ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-bfd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 jquery.json.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 118ms
115ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-730"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 43 KB
13 KB 119ms
115ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-abe0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 conditional_logic.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 8 KB
3 KB 208ms
205ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-213f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 placeholders.jquery.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 209ms
205ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-121f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 140 KB
39 KB 66ms
17ms Script
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 06 Aug 2022 14:55:26 GMT
via: 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront), 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront)
last-modified: Thu, 30 Jun 2022 20:51:38 GMT
server: AmazonS3
age: 2011
etag: W/"72916dde70b34122b394074010b382ce"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P6
content-encoding: gzip
x-amz-cf-id: e_-yeafPpgNq4to2pRBA_MG1D82ZW8kzP4D7G7MfwsnKM4Qd6yRS4g==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/174545/ Frame F96A
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/174545/connatix.player.dc.js

982 KB
223 KB

18ms
17ms

Script
application/javascript

151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/174545/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5f3cef397ae78a294aba6d2b965586863f84ab3331f3b59a4a1db6c712a93296

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
last-modified: Fri, 05 Aug 2022 11:57:29 GMT
age: 90526
etag: "e467c458e72cd99bb081345158672af4"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 228496

Redirect headers

location: https://cds.connatix.com/p/174545/connatix.player.dc.js
date: Sat, 06 Aug 2022 15:28:56 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 / Show response
kasperskycontenthub.com/ 0
300 B 326ms
175ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=572140367&back=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cache-hit: MISS
x-debug-auth: off
strict-transport-security: max-age=31536000; includeSubDomains
x-request-host: kasperskycontenthub.com
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 196 KB
66 KB 93ms
54ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

191811219b6b369ab661dfe168e0cd56f43a0372d393b8d6d0f39ec9ca00df2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67266
x-xss-protection: 0
last-modified: Sat, 06 Aug 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 06 Aug 2022 15:28:56 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 504 KB
121 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2cb68a2abc787bb2fd15d97924fba4a4624aa5b0d290eb98a9520de60c5faa33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122874
x-xss-protection: 0
last-modified: Sat, 06 Aug 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 06 Aug 2022 15:28:56 GMT

GET
H2 200 icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
4 KB 209ms
206ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-328e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *

GET
H2 200 icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
4 KB 191ms
190ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-328e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *

GET
H2 200 logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 189ms
188ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-4a32"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
539 B 184ms
184ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-33c"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *

GET
H2 200 twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
669 B 185ms
184ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-364"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *

GET
H2 200 mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
542 B 184ms
184ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: W/"62ebdff4-32c"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *

GET
H2 200 logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 179ms
179ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: public
date: Sat, 06 Aug 2022 15:28:56 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-260a"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
expires: Sat, 13 Aug 2022 15:28:56 GMT

GET
H2 200 Becky-Bracken-pic.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/07/10041056/ 39 KB
39 KB 108ms
17ms Image
image/jpeg 2600:9000:2490:b400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/07/10041056/Becky-Bracken-pic.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:b400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 949ce08c8b86d6d986c1dd7043588e95515b6cd7f799575317d19705543d500c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 09:15:17 GMT
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront), 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront)
last-modified: Mon, 17 Aug 2020 13:15:29 GMT
server: AmazonS3
age: 15920020
etag: "e1cab0c2364107ab6eae069ca14087d7"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA56-P6
accept-ranges: bytes
content-length: 39625
x-amz-cf-id: m_43JkPzV99AihlQfMzrf72vU-iRgoq1iwJLnCwjadpJf3nVdJnPCw==
expires: Tue, 17 Aug 2021 13:15:28 GMT

GET
H2 200 phishing-captcha-image-300x161.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/19160657/ 5 KB
5 KB 229ms
46ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/19160657/phishing-captcha-image-300x161.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b713c4d60db13b6748f0e57674ff4a364c1ee805223c52786c9ce2ea8d07a8fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 05:22:53 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 21:06:59 GMT
server: AmazonS3
age: 5047563
etag: "ede1a653b858bf57bdc048bbbecd1a20"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 4850
x-amz-cf-id: XpsCi-7Ufj_UyakJWbv7q1UUvuMi6K-KLIDN0nzihlejZrH-DvGxGw==
expires: Sat, 19 Feb 2022 21:06:57 GMT

GET
H2 200 phishing-sign-in-page-300x161.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/19160718/ 7 KB
8 KB 259ms
87ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/19160718/phishing-sign-in-page-300x161.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e9eefb59277748bb91f68907a4ddbc3d5ff18307fb8af50285f925427145afd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 05:22:53 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 21:07:20 GMT
server: AmazonS3
age: 5047563
etag: "d58d99202d89890c159ffefc908f5123"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 7490
x-amz-cf-id: t5O76UVT-90Z7VpkjoHOsD8ZAWx-5Yu6YlNt9eIMKBO01iMwgED7bQ==
expires: Sat, 19 Feb 2022 21:07:18 GMT

GET
H2 200 phishing-email-example-300x222.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/19160706/ 12 KB
12 KB 88ms
86ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/19160706/phishing-email-example-300x222.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0a4d16aad94ac27eb35c9707b8a74b3c383baaccac7d80fbd2822830c52cc18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 05:22:53 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 21:07:07 GMT
server: AmazonS3
age: 5047563
etag: "43cfb6a96f4a9bc4db7cefb691260490"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 12175
x-amz-cf-id: bCdRq2N85taUGvqnSkn9NAr3HrZvHZ7ZhieA4GrhTVJwmuW69NskwQ==
expires: Sat, 19 Feb 2022 21:07:06 GMT

GET
H2 200 email-3249062_1280-540x270.png
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/07/06100249/ 135 KB
135 KB 105ms
103ms Image
image/png 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/07/06100249/email-3249062_1280-540x270.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b1d71ce0b2ff9afa9fa47974570dd3d8951d7def6f63dd8063295e24b522e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 13:17:38 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Mon, 06 Jul 2020 14:02:56 GMT
server: AmazonS3
age: 94279
etag: "8628459f8f78b889f22dcf0410be9baa"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 137729
x-amz-cf-id: RdNoG_CHSbwPApKWO8KUA_d9Bb-ZntbSmHZhoO_AGY_dvLaZ0vgOlw==
expires: Tue, 06 Jul 2021 14:02:55 GMT

GET
H2 200 Business-Email-Compromise-540x270.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/11095955/ 28 KB
29 KB 91ms
89ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/02/11095955/Business-Email-Compromise-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c144dfdf12c4fb5520be9acbf56669fa59cac648cac1d659821d8e0c4ec11a20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 00:40:57 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 14:59:59 GMT
server: AmazonS3
age: 5237280
etag: "190ea7721434c9b48b8b150f677af574"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 28830
x-amz-cf-id: zCuo02PGNt3XxQO-GvL4AFu45MGdnKf0oQbG2hBrAAT_rijr7dypfA==
expires: Fri, 11 Feb 2022 14:59:58 GMT

GET
H2 200 sl-abstract-office-document-540x270.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2022/07/28132103/ 34 KB
34 KB 95ms
94ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2022/07/28132103/sl-abstract-office-document-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89db7cd798c3cc4d894bf8771702a7a0c025a5305d0888ffa5da327da4472dc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 28 Jul 2022 17:25:43 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Thu, 28 Jul 2022 17:21:15 GMT
server: AmazonS3
age: 770594
etag: "a302f7e461ee15f66750a84a94124e89"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 34575
x-amz-cf-id: LfWuW8TxYVtYSw2GWowYew9vwqUryHx7goB2t34azG3K2rYAwqEdFA==
expires: Fri, 28 Jul 2023 17:21:14 GMT

GET
H2 200 cloud-digital-64x64.png
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2022/04/29082135/ 10 KB
10 KB 191ms
18ms Image
image/png 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2022/04/29082135/cloud-digital-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c2b1d3e721d38c46cbaaa362388526ed9b9f661780ffa85e1ed50b69af5643ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 01 Aug 2022 13:31:00 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Fri, 29 Apr 2022 12:21:40 GMT
server: AmazonS3
age: 439077
etag: "f1455ae047ce96f757a16ac05f552d4e"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 9876
x-amz-cf-id: PmakyWEkXuxK5Kl7m2qN-vcDGm-gRCKwyDcEWWpiguoVEGOurOC7Zw==
expires: Sat, 29 Apr 2023 12:21:39 GMT

GET
H2 200 01_intro_iot-e1520348007355-64x64.png
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2016/12/06095327/ 6 KB
6 KB 193ms
21ms Image
image/png 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2016/12/06095327/01_intro_iot-e1520348007355-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7b09255eb2baa24f82cc435b988d86cf28f3c4c495f3da10d1d95cd6166ac1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 11:01:18 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jul 2018 01:22:51 GMT
server: AmazonS3
age: 1052859
etag: "7e159b19402a36c8a7919c746a350744"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 5949
x-amz-cf-id: mnMarKIzGxU4E6zn06ZJp-PPFtTIbCY1vTQsn5L8WnImk835vFB6Xw==
expires: Wed, 03 Jul 2019 01:22:48 GMT

GET
H2 200 Ransomware-64x64.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2019/06/20122305/ 2 KB
2 KB 195ms
23ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2019/06/20122305/Ransomware-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a9cd0da089c8a9f68edc523eb56ab5fe5ec6df35e989dfdd54cdc04c871b9a93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 12:35:49 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Thu, 20 Jun 2019 16:23:08 GMT
server: AmazonS3
age: 1479188
etag: "5aa6f487ce6e3a49d6e253cc7752aa43"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 1901
x-amz-cf-id: KaS0Uj1D2w5r3BRtBAqknB08dMmLBkrWh6c_kmgzCb3WuSRQm0PYgQ==
expires: Fri, 19 Jun 2020 16:23:05 GMT

GET
H2 200 Security_Cyber_Insurance-64x64.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2018/07/19123143/ 2 KB
2 KB 192ms
19ms Image
image/jpeg 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2018/07/19123143/Security_Cyber_Insurance-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 97c42d28f70d21116c01e0a6d582cb3f4513113f56241ee0b01aa09349e6454f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 12:23:42 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Thu, 19 Jul 2018 16:31:46 GMT
server: AmazonS3
age: 2171115
etag: "f61ceca9cf1e61564498640e71cb41aa"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 1864
x-amz-cf-id: TjnN2BJGEpZ-u-fChnRrERgVR2zrom0uKSy4cmMKeGx63MxPdUuotA==
expires: Fri, 19 Jul 2019 16:31:43 GMT

GET
H2 200 Cutting-Through-the-Noise-from-Daily-Alerts-64x64.png
media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/08/03142545/ 9 KB
10 KB 202ms
29ms Image
image/png 2600:9000:223c:6e00:1b:d000:d280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2021/08/03142545/Cutting-Through-the-Noise-from-Daily-Alerts-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:6e00:1b:d000:d280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1fb63f766f0256878a7764edc2c02fa45b2399f1ce95ba60fb30d7f8dd12c79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 11 Jul 2022 20:26:50 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
last-modified: Tue, 03 Aug 2021 18:25:49 GMT
server: AmazonS3
age: 2228526
etag: "62959435ddbf1a1a363b0f919961ea4e"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 9618
x-amz-cf-id: QPEvdgd_Y2IuBg3ka1gt5ht9JB0IUIXKnG5Jwg_2wvH4vpSk57qwEg==
expires: Wed, 03 Aug 2022 18:25:48 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1016 B 19ms
18ms XHR
application/json 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 12:53:21 GMT
via: 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront)
server: Server
age: 9334
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P6
content-length: 662
x-amz-cf-id: sM_o585Zyx1AYsEM6QoX7i4qSyFg08VB1dGP8ErBeiQBC29bNOugGg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 68ms
13ms XHR
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 49371
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Sat, 06 Aug 2022 01:46:06 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: JKOE2NLJAMnNK-SN6EV_mD4DI0CB-AukbVh8HPwyqi5sWD7BfY-syQ==

GET
H2 200 pubads_impl_2022080401.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
130 KB 84ms
15ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080401.js?cb=31068811

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

e9c45dea6d149ac4de08c8a5af38836a97d0c08144d2f1858247748b29615da3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 12:07:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132985
x-xss-protection: 0
last-modified: Thu, 04 Aug 2022 08:38:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 06 Aug 2023 12:07:03 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 141 B
737 B 117ms
50ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101
x-xss-protection: 0
expires: Sat, 06 Aug 2022 15:28:56 GMT

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 73 KB
28 KB 19ms
19ms Script
application/javascript 18.66.139.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-100.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 01:25:38 GMT
content-encoding: gzip
age: 13701799
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ntbK_VqQjrsu14o1XvxnvSAziUfQLW9tEvmACKvRtTBp66YAw3FbBQ==

GET
H2 200 bl-12c5e29-4b4632cf.js Show response
tagan.adlightning.com/math-aids-threatpost/ 46 KB
20 KB 20ms
19ms Script
application/javascript 18.66.139.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-12c5e29-4b4632cf.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-100.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bc18ab4ad12d2b253a6666d753d63c33bf327bf2196cfa8b888cf9ad7d6a6d1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 01:44:31 GMT
content-encoding: gzip
age: 135866
x-cache: Hit from cloudfront
content-length: 19872
x-amz-meta-git_commit: 12c5e29
last-modified: Fri, 05 Aug 2022 01:39:13 GMT
server: AmazonS3
etag: "a8f5be53c093b79e7e538b9dd54a9695"
x-amz-version-id: OmkRoE4aCPfsUQfNuehZhKjecuKNcpoV
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: qWDu5BzSSZsyj6agkr5IKIz0zRH2m6PUKVwu4FqwHQDFzz_jbybfVg==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 130ms
26ms Script
application/javascript 23.206.210.112
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.210.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-206-210-112.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Sat, 06 Aug 2022 15:43:56 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 42 KB
12 KB 109ms
42ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af44d280920264564147250d0841eebf33288a04c932c182c06ec21600a228c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
age: 2535
x-amz-server-side-encryption: AES256
x-amz-request-id: TVF7JZ8T34YNK6DD
x-amz-id-2: ePgRPmCOfv9+u6G5pcHq6d8LGHZOay6xaSVAX2GShFkf9F0JlsKLMJ3vf+U3bwe0KiUXgVf9ttU=
last-modified: Wed, 27 Jul 2022 15:06:46 GMT
server: cloudflare
etag: W/"a49d5e2684c7e5d488d526ca41c2f3e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7368ce215b8a0204-ZRH

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 472 KB
119 KB 61ms
59ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d46e8d865660f9a9201e33cb3e7bac4ce5cb8778caceb0eb1b27ce8f8e2c877c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121977
x-xss-protection: 0
last-modified: Sat, 06 Aug 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 06 Aug 2022 15:28:56 GMT

GET
H2 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 318 KB
42 KB 227ms
174ms XHR
application/json 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 03 May 2022 16:25:12 GMT
server: cloudflare
etag: W/"4f6fe-5de1df3ffe732"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEIyn7bFmNJZTI0Jmt4M84%2BcJvhw3NM%2BoPZ2f%2Be%2BdTtQJs7tUHfgfSeHYLLbyXYnnIa%2BsehFV1%2Bwhr3cAPsEGXZNcI4oRMxX1LcP3cyASUT%2Fp%2FUcKdB9SNw8tv%2FW6ZIihTfKWsN8I4JLZJf5IwOVAGk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7368ce220e2559f5-MXP
expires: Sat, 06 Aug 2022 15:32:39 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/ 387 KB
155 KB 60ms
16ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2e37877957a84efc2e5604969599edfa9be30f963d56f8a8ea5352443f72892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 13:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158422
x-xss-protection: 0
last-modified: Mon, 01 Aug 2022 04:00:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 06 Aug 2023 13:04:58 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 528ms
122ms XHR
application/json 34.249.212.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1659799736592

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.212.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-212-46.eu-west-1.compute.amazonaws.com

Software

Resource Hash

eb72764c337f97f25717fd945fa4321771e37dceb9cb3ffe9d820b3879f671dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v038-080794f5c.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: eKSO1AUjSm8=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 312
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 57ms
16ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1616
date: Sat, 06 Aug 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 06 Aug 2022 17:02:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 540ms
175ms Script
application/javascript 2600:1f1c:a99:832c:2412:5a3c:977a:e751
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f1c:a99:832c:2412:5a3c:977a:e751 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f383c9d665701194066c208c394a1387bbc99a2350ef8995aa629ce298760e13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
etag: "+hbmnfsbfN5xcCAnffjc1w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sat, 13 Aug 2022 15:28:57 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 109ms
26ms Script
application/javascript 199.232.16.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 21:38:45 GMT
etag: "ca88912498e17137955859948f14e272+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15196
x-served-by: cache-iad-kiad7000154-IAD, cache-vie6349-VIE

GET
H2 200 flipboard.svg
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
407 B 115ms
114ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-ec"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 236

GET
H2 200 fontawesome-webfont.woff2
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 116ms
114ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=v86
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:56 GMT
last-modified: Thu, 04 Aug 2022 15:04:20 GMT
server: nginx/1.18.0
etag: "62ebdff4-12d68"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 77160

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 409 B
607 B 663ms
320ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

afe98d9f5c1b655a178938b72c1cc9882d39e32e1c4221a64f2e4bc2f4261cbf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sat, 06 Aug 2022 15:28:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/174545/ Frame F96A 0
47 KB 25ms
24ms Other
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/174545/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
last-modified: Fri, 05 Aug 2022 11:57:30 GMT
age: 97100
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H2 200 player.css
cds.connatix.com/p/174545/ 58 KB
9 KB 25ms
24ms Stylesheet
text/css 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/174545/player.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2d9ca0de257791a277a2a5f53d00cb15d923a8b4f2c259e17c70e8ab2c7aa844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
last-modified: Fri, 05 Aug 2022 11:57:30 GMT
age: 90526
etag: "f772459ccd5b4c38c6ae211888322066"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8945

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 197 KB
71 KB 36ms
36ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-YP1JLG57CH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

570434f23ca8564a14604e6a36ceb60ffa6852987ffc60b708660c4425466108

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72395
x-xss-protection: 0
expires: Sat, 06 Aug 2022 15:28:57 GMT

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 164ms
16ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://threatpost.com
access-control-max-age: 600
age: 0
content-length: 0
date: Sat, 06 Aug 2022 15:28:57 GMT
server: ATS/9.1.0.46

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 164ms
16ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://threatpost.com
access-control-max-age: 600
age: 0
content-length: 0
date: Sat, 06 Aug 2022 15:28:57 GMT
server: ATS/9.1.0.46

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 164ms
17ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://threatpost.com
access-control-max-age: 600
age: 0
content-length: 0
date: Sat, 06 Aug 2022 15:28:57 GMT
server: ATS/9.1.0.46

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
940 B 118ms
36ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 244466
x-amz-request-id: tx71de9a623ae143c39231a-00629f978d
x-amz-id-2: tx71de9a623ae143c39231a-00629f978d
last-modified: Tue, 10 May 2022 09:57:32 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVNxK3PT9aX8vaQAN38lQAJDfcavaEoo0VquPhEnBvpe4%2BYnIo6gFpR52pkNF%2Bb3Zb21xlej5p8Z1slJJjCOngDiFfFp8QZ%2FyVfdHN2PZL6iS%2Buxy6FfwzuloZdbmMDg8CAr7QcOqodVVEGp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1652176652152482
cf-ray: 7368ce25a8025a19-MXP

POST translator
hbopenbid.pubmatic.com/ 0
0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 36 B
637 B 113ms
43ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%226f327b383158c4%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.22.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%227e55572a75e11d%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%7D%2C%7B%22id%22%3A%228c5b763a78b53%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%7D%2C%7B%22id%22%3A%22918cb9c70533a6%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bc409492d455cddcb045729beca897303d4a321684b6396d8988b40a72ceb91

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LxN0Fau3%2F1pz269kzJ%2FxbCbb22YPExFY0vXgOLY2QMMXHzw1xhyM7cXeEfO7J6YE83MXkMv22cIxJJWwZovXpv7Q7X4Ef6rFgGaYUWGfeNs2aPtJy%2FMPFctzfsQE6pXqkwPPCT44"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7368ce25ab8e6939-FRA
expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
643 B 125ms
41ms XHR
application/json 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.22.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 91019d68bea2d2ad44c6248bec0a412f663176eb219144f8f1298814103d82ee

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 06 Aug 2022 15:28:57 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 200 hb-multi Show response
hb.yellowblue.io/ 105 B
410 B 417ms
102ms XHR
application/json 3.229.66.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.66.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-66-54.compute-1.amazonaws.com
Software: /
Resource Hash: 1f8707759eb388d405aadd0dfa3a41b9856827d5516764085ee71268b34ae703

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-reason: maxmind hosting provider
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216477/0/ 0
162 B 93ms
23ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=6.22,2.1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Beverwijk, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
278 B 575ms
268ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Sat, 06 Aug 2022 15:28:57 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 168
vary: origin, Accept-Encoding

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
389 B 636ms
183ms XHR
application/json 159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 42

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 230ms
98ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: 958e52063f880f9326df5e6e71e0f94a90e82fc389a8c279e383bc8a22d2fdc7

Request headers

Referer: https://threatpost.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
295 B 222ms
92ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: 68f4df745814aa5264e977432e04de56a99629f2c968b7c20dbe6f4eab651880

Request headers

Referer: https://threatpost.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 66

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ 66 B
96 B 253ms
123ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: 23a6497cdcf74fd11b7f9ee489b70ed8b22da049c81bfacd3c59de5002d48094

Request headers

Referer: https://threatpost.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 66

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 542 B
1 KB 253ms
159ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,664e0ec1-d92a-4edd-867c-2df4f3762cde,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=bc9975b8-5648-4e17-b1f5-d7828f15931c&l_pb_bid_id=37fcea52c82b65c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF&slots=1&rand=0.7682914246443724
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7a4a0db7884806d3e65929f40fdfa92798fd7ef99df0e9615eae15e88197790e

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:28:57 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 542
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 540 B
1 KB 252ms
159ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,664e0ec1-d92a-4edd-867c-2df4f3762cde,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=d447c2a4-a6e4-4c28-83d4-47893d1d0692&l_pb_bid_id=38f47258af9fbc8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF&slots=1&rand=0.46964975744927995
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 844f2e3a86dcb6f46977b0be523ad7311b7d294e52a6b0cd6eb6eca973983488

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:28:57 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 540 B
1 KB 257ms
164ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,664e0ec1-d92a-4edd-867c-2df4f3762cde,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=ae42a016-63e2-468f-aaf4-cb712bd47c14&l_pb_bid_id=390e6d6c0deac43&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&slots=1&rand=0.5164041782973525
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 4703e5b3e68ffbe470a6d961ed24e7d1daf80b35640c7775e152f0c5a0e6b41b

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:28:57 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 540 B
1 KB 253ms
160ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,664e0ec1-d92a-4edd-867c-2df4f3762cde,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=ae42a016-63e2-468f-aaf4-cb712bd47c14&l_pb_bid_id=400826b3e473f49&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&slots=1&rand=0.04400872779250742
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 109202419541751882096017a2de53ec1f34e0e0d783cacad6a336c435c341a9

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:28:57 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
554 B 75ms
26ms XHR
application/json 35.157.139.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.22.0&referrer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tmax=1200&gdpr=false

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.139.2 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-139-2.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
accept-ch: sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness
x-auction-status: 12, 12, 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 707 B
674 B 274ms
131ms XHR
application/json 34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=4713
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f8a4d22788f301f09228c9e1310aff25262fc5d72368fd63538789a7b69cbf04

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/universal/ 0
195 B 397ms
108ms XHR
text/plain 52.72.207.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.207.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-207-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Sat, 06 Aug 2022 15:28:57 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/universal/ 0
195 B 395ms
106ms XHR
text/plain 52.72.207.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.207.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-207-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Sat, 06 Aug 2022 15:28:57 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/universal/ 0
195 B 398ms
109ms XHR
text/plain 52.72.207.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.207.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-207-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Sat, 06 Aug 2022 15:28:57 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 174 B
589 B 350ms
227ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=bc9975b8-5648-4e17-b1f5-d7828f15931c%2Cbc9975b8-5648-4e17-b1f5-d7828f15931c%2Cd447c2a4-a6e4-4c28-83d4-47893d1d0692%2Cae42a016-63e2-468f-aaf4-cb712bd47c14%2Cae42a016-63e2-468f-aaf4-cb712bd47c14&nocache=1659799737176&gdpr=0&x_gdpr_f=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C664e0ec1-d92a-4edd-867c-2df4f3762cde%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e40be17f41b8a149f1ace2e24632816b6111ccc6f1974fb1c804869a4c7d2905

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
937 B 174ms
61ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ec643833db7e4351c673473da97bbd8645989190729387757838f7fecb50d69

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Process Shapings. Seat shared_33across: No adunits with mapping rule and shaping, Process Shapings. Seat shared_drbanner: No adunits with mapping rule and shaping, Process Shapings. Seat shared_rubicon: No adunits with mapping rule and shaping, Process Shapings. Seat shared_improvedigital: No adunits with mapping rule and shaping, Process Shapings. Seat shared_onetag: No adunits with mapping rule and shaping, Process Shapings. Seat shared_pubmatic: No adunits with mapping rule and shaping
content-encoding: gzip
x-err: Shapings: no adunits with size and seat and mapping
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7368ce25feca2373-ZRH
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
706 B 103ms
24ms XHR
application/json 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:28:57 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6342f018-a612-4364-86b4-5b8d2d7c046e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
530 B 62ms
62ms XHR
text/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&pid=oY6bb6mMoC0um&cb=0&ws=1600x1200&v=8.1.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.4.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-4-10.fra56.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
via: 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 6HE3V0Y8W7J2KGR8RRTS
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: I4nI25Lr_VMGyaUAyGSoEd_02I4mGmOvjw0Cyg0155tG8SsmbYkNcg==

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
328 B 126ms
23ms XHR
application/json 141.95.33.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://lb.eu-1-id5-sync.com/lb/v1
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.95.33.111 , Germany, ASN16276 (OVH, FR),
Reverse DNS: ns3203177.ip-141-95-33.eu
Software: /
Resource Hash: f97858d8c4ed825d49246a820d20f437c406246361fe3c1ebf912d02ff753a24

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Sat, 06 Aug 2022 15:28:56 GMT
transfer-encoding: chunked
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame F96A 12 KB
6 KB 222ms
182ms XHR
application/x-protobuf 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=174545
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2505db71214b53bec821b6ae1c99abd4c8b9ea56965cf3d1d70c35f3064cf08b

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-max-age: 86400
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 5906

GET dest5.html
kaspersky.demdex.net/ Frame 7348 0
0

GET
H2 200 id Show response
kaspersky.d3.sc.omtrdc.net/ 2 B
316 B 2152ms
604ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=21990077571142078641208708686383005314&ts=1659799737297

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 06 Aug 2022 15:28:59 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-69c8d8cc76-slfrb
vary: Origin
x-c: main-1661.I2f39db.M0-585
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Yu6IuQAAAG45NwOJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=12155719913609134422205874910212657368
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yu6IuQAAAG45NwOJ

42 B
942 B

123ms
122ms

Image
image/gif

34.249.212.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yu6IuQAAAG45NwOJ

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

HTTP/1.1

Server

34.249.212.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-212-46.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v038-00ca3cced.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 5wYVbBL3SEI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yu6IuQAAAG45NwOJ
Date: Sat, 06 Aug 2022 15:28:57 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 adsct
t.co/i/ 43 B
338 B 235ms
125ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=4cf87ba8-e127-47c0-817c-8cfa78793391&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=68de82bf-3041-4829-a6d1-9e850cc4e3d2&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ntt0j&type=javascript&version=2.4.15

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time: 109
date: Sat, 06 Aug 2022 15:28:56 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: ee6fdb0935b2c848ed89f8b03daceb398dab8fc949d84620217f52c58aff09b6
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 481ms
127ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=4cf87ba8-e127-47c0-817c-8cfa78793391&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=68de82bf-3041-4829-a6d1-9e850cc4e3d2&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ntt0j&type=javascript&version=2.4.15

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time: 103
date: Sat, 06 Aug 2022 15:28:57 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 61137e9679bb32edfc5ebd44b5e92e20dc981d3f657384a3fc2434242e32b455
content-length: 43

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 122ms
34ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=493070444&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=601500587&gjid=105798258&cid=1222917118.1659799737&tid=UA-35676203-21&_gid=1675385568.1659799737&_r=1&gtm=2wg830PM29HLF&z=415105445

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 82ms
15ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=493070444&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1222917118.1659799737&tid=UA-35676203-21&_gid=1675385568.1659799737&gtm=2wg830PM29HLF&z=1671777171

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 13:40:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 6507
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 213 B
621 B 131ms
23ms XHR
application/json 141.95.98.71
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.71 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216577.ip-141-95-98.eu

Software

Resource Hash

90b0805db3333148fe2321c544f453ad8d0c3dd1fd65736387d6fbfeb8c75ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Sat, 06 Aug 2022 15:28:56 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 120ms
39ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 303204
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx9de1bf3defda439d8c76a-0062a0577d
x-amz-id-2: tx9de1bf3defda439d8c76a-0062a0577d
last-modified: Tue, 10 May 2022 09:57:31 GMT
server: cloudflare
etag: W/"2430496689c00115831347992a974246"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeMpX9unWV0zAhaeLTZvAQLSoL1xR7Dk4B6MTSs0OHK9GrWx3t%2BjEcAYsNwSCIMDTwIr1sdliKwmNBGokZBAdfV0ry9jKVFU1zq%2FhH4sOttam%2Bix%2FnTaMfYWpSVYyQNEVLp0vGSGqtiMZwyA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1652176651393042
cf-ray: 7368ce27bb710f82-MXP
access-control-allow-headers: Authorization

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
355 B 115ms
27ms Script
application/javascript 2600:9000:2304:d800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:d800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 14:40:38 GMT
via: 1.1 f0aabb4cf746d4b45640e8d63e2aaf1c.cloudfront.net (CloudFront)
server: AmazonS3
age: 2899
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: VIE50-P1
content-length: 2
x-amz-cf-id: 9sBaehtyesJ4c_vSDGgFkaw5ELIDUFPP6bQPASrfXWBvn4xZyN29ZQ==

GET
H2 200 blockedDomains_20.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame F96A 3 KB
2 KB 92ms
15ms XHR
application/octet-stream 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_20.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8d341b1c3a0d55c1f013033618b78dcd6b1c193a41fe2e68e6d17f394a76e6e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
last-modified: Tue, 19 Jul 2022 19:02:04 GMT
age: 1542305
etag: "d39853cb39e25264ff918b729e908a04"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 1498

GET
H2 200 insights.bin Show response
ins.connatix.com/f7f65e89a785dc99fc24f84b9dcad010/ Frame F96A 216 B
395 B 170ms
119ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/f7f65e89a785dc99fc24f84b9dcad010/insights.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7311e76d0df711b21ef501b880bf5c372883d7f635a020637403b830fc68fd39

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
last-modified: Thu, 12 May 2022 11:36:59 GMT
age: 1937972
etag: "296986dfbb9bba4b6b1e4af0acdc16b6"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 157

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 98ms
28ms XHR
text/plain 2a00:1450:400c:c0b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=1222917118.1659799737&jid=601500587&gjid=105798258&_gid=1675385568.1659799737&_u=YEBAAEAAAAAAAC~&z=327954796

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 06 Aug 2022 15:28:57 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=129597629;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;uht=2;fpan=1;fpa=P0-1919995453-1659799737577;pbc=...
pixel.quantserve.com/ 35 B
371 B 189ms
174ms Image
image/gif 2600:1f1c:a99:832c:2412:5a3c:977a:e751
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=129597629;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;uht=2;fpan=1;fpa=P0-1919995453-1659799737577;pbc=;ns=0;ce=1;qjs=1;qv=490d3045-20220805115353;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;dst=0;et=1659799737577;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F06%2F03094019%2Fphish%2Ctype.article%2Ctitle.Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%252C000%25%2Cdescription.Sneaky%20attackers%20are%20flipping%20backslashes%20in%20phishing%20email%20URLs%20to%20evade%20protec%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f1c:a99:832c:2412:5a3c:977a:e751 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 88ms
42ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1222917118.1659799737&jid=601500587&_u=YEBAAEAAAAAAAC~&z=823315785

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 87ms
41ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1222917118.1659799737&jid=601500587&_u=YEBAAEAAAAAAAC~&z=823315785

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:28:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame F96A 0
0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 69ms
31ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

13284e48fb45b9497ead0406372fc394ce32d71edadcab4139a73cdf7a651d90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28617
x-xss-protection: 0
server: sffe
etag: "1295 / 808 of 1000 / last-modified: 1659737169"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 06 Aug 2022 15:28:57 GMT

GET
H2 200 4_media.bin Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ce4c15bc-e715-4c0a-8f00-406be8e76721/ Frame F96A 291 B
346 B 54ms
15ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ce4c15bc-e715-4c0a-8f00-406be8e76721/4_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 936fc91de9ad2f9d582d7683630543b144bd21cc9af8b25413c21cfe55bb24c3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
last-modified: Wed, 28 Jul 2021 00:45:53 GMT
age: 84519
etag: "007a26d15bf96bf8df734a4e98efd468"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 255

GET
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame F96A 310 KB
0 87ms
24ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127666
x-xss-protection: 0
expires: Sat, 06 Aug 2022 15:28:57 GMT

GET
H2 200 1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 72ms
16ms Image
image/png 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
age: 1559213
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

GET
H2 200 hls.5b3b785f487abbe00eee.js Show response
cds.connatix.com/p/174545/ Frame F96A 162 KB
47 KB 17ms
17ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/174545/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
last-modified: Fri, 05 Aug 2022 11:57:30 GMT
age: 97101
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

POST ao
capi-tier-2-us-east-2.connatix.com/tr/ Frame F96A 0
0

POST g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame F96A 0
0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
490 B 60ms
58ms XHR
text/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.4.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-4-10.fra56.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
via: 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: MNCSKBH9T41SH25S70M9
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 9wghHIVr0icklfynfS4L7XQZFYmd-Aa0rQIEyd4cPYNcwaF83RCMhQ==

POST ps
capi-tier-2-us-east-2.connatix.com/tr/ Frame F96A 0
0

GET
H2 200 1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ce4c15bc-e715-4c0a-8f00-406be8e76721/ 9 KB
9 KB 19ms
18ms Image
image/jpeg 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ce4c15bc-e715-4c0a-8f00-406be8e76721/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ba3adfc32d82ab22694f8cb477ebe8a3efc9a1fcb3e791a58d1f03f1de1059dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
age: 1813426
etag: "/VPJmxIWRA4bI4sEdyJTRZM9/x7yBSb1pXTS02WA1+o"
access-control-max-age: 86400
fastly-io-info: ifsz=116874 idim=2560x1440 ifmt=jpeg ofsz=9187 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 8759

GET
H2 200 prebid6.20.0-4.js Show response
cds.connatix.com/p/plugins/ 461 KB
121 KB 20ms
20ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.20.0-4.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d6cb3641a88d23be3e45023d313bfd54dd3640a4bfe07b3b88d63e3fba328d19

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 06 Aug 2022 15:28:57 GMT
content-encoding: br
last-modified: Fri, 08 Jul 2022 12:47:31 GMT
age: 2515195
etag: "aacab17b3b3de88c898ee654d218646f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 123905

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 102ms
24ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 06 Aug 2022 15:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 73ms
24ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 06 Aug 2022 15:28:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 109 KB
22 KB 603ms
591ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3846569395554398&correlator=2014301329924920&eid=31068591%2C31068741%2C31068745%2C31068811%2C42531605%2C31068721&output=ldjh&gdfp_req=1&vrg=2022080401&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681&sfv=1-0-38&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F%26urlquery%3Dgoogfc%26contentid%3D164132%26category%3Dmost-recent-threatlists%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1659799738369&lmt=1659799738&dlt=1659799735689&idt=945&adxs=-9%2C-9%2C-9%2C-9&adys=-9%2C-9%2C-9%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1%7C-1%7C-1&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&frm=20&vis=1&psz=0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1&fws=2%2C2%2C2%2C2&ohw=0%2C0%2C0%2C0&ga_vid=1222917118.1659799737&ga_sid=1659799738&ga_hid=493070444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080401.js?cb=31068811

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

fae8db4ce4b266008aa79aa0fe0d6ac27187c96d43ccb345931852c834f39dd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:28:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22589
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D51 6 KB
4 KB 138ms
23ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022080401.js?cb=31068811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 Aug 2022 15:28:58 GMT
expires: Sun, 06 Aug 2023 15:28:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 3E5B 37 B
140 B 62ms
16ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Sat, 06 Aug 2022 15:29:03 GMT

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame EC52 668 B
730 B 41ms
28ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f8ce7892921c87384e952835fa0872d75d572e3c062d2c79c91407fe99c812dc

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 418
content-type: text/html
date: Sat, 06 Aug 2022 15:29:03 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame D851 3 KB
2 KB 101ms
23ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Sat, 06 Aug 2022 15:29:03 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0790 52 KB
17 KB 141ms
31ms Document
text/html 2.21.184.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.184.188 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-184-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sat, 06 Aug 2022 15:29:03 GMT
ETag: "623de86a-cf34"
Expires: Sun, 07 Aug 2022 15:29:05 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 952C 9 KB
4 KB 83ms
15ms Document
text/html 18.66.112.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-110.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82e3811cdfceb32fce78d37685ff4189f3927def60304312c3519603939f0ba8

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 183736
cache-control: max-age=345600
content-encoding: br
content-type: text/html
date: Thu, 04 Aug 2022 12:26:48 GMT
etag: W/"dded7396fbe6d087909057448e1ad0c8"
last-modified: Tue, 26 Jul 2022 15:11:15 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-id: 6NRC6Ojce9C9EZQbxoO7erbaNdssDsp163SWSdPUY27guHZUjbjHbg==
x-amz-cf-pop: FRA56-P5
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:37f5e49a-fa66-49da-8441-dd45098ed05e
x-amz-meta-codebuild-content-md5: b40e23c2c399349f8349f9ae9edec2ec
x-amz-meta-codebuild-content-sha256: 495aaab93a2848b45bf77774751801430fcd8a0741179b148bb54de4435f2b80
x-cache: Hit from cloudfront

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 264E 15 KB
6 KB 84ms
25ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=144062
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 15:29:03 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Mon, 08 Aug 2022 07:30:05 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D62C 281 B
554 B 102ms
27ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 06 Aug 2022 15:29:03 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 2000891.html Show response
sync.serverbid.com/ss/ Frame C9AF 3 KB
1 KB 127ms
27ms Document
text/html 99.86.240.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.serverbid.com/ss/2000891.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-7.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1e6113fa95a41038fb32382334e134009323370c3d81fe93cb814df2e7a3b882

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 26087
content-encoding: gzip
content-type: text/html
date: Sat, 06 Aug 2022 08:14:28 GMT
etag: W/"9d38f19b1f72497b7d28393d5a032ecc"
last-modified: Mon, 01 Aug 2022 16:28:28 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 03f23a59e296041c07602d699fc87484.cloudfront.net (CloudFront)
x-amz-cf-id: 9l5AVOq9g_JlGtXViscjpAfEOxs-j6zUtT8oOmXZQii0NqfiySAndA==
x-amz-cf-pop: VIE50-C1
x-cache: Hit from cloudfront

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame EC52
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=973f62ee-88c0-4b00-882a-e6d23dfef6ff

43 B
61 B

25ms
24ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=973f62ee-88c0-4b00-882a-e6d23dfef6ff
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sat, 06 Aug 2022 15:29:04 GMT
Server: MT3 4475 c1dc35a master hkg-pixel-x20 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=973f62ee-88c0-4b00-882a-e6d23dfef6ff
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 06 Aug 2022 15:29:03 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame EC52
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=clVvE3xfaE9pBj0UJQQnRHIEM0FpBTtHcVNxghKw

43 B
61 B

68ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=clVvE3xfaE9pBj0UJQQnRHIEM0FpBTtHcVNxghKw
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=clVvE3xfaE9pBj0UJQQnRHIEM0FpBTtHcVNxghKw
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame EC52
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3017107934732674128

43 B
61 B

25ms
25ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3017107934732674128
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=3017107934732674128
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame EC52 70 B
265 B 266ms
51ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=3c083298-c5c0-36fa-7d4c-e2b8a296f253&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame EC52 170 B
243 B 66ms
27ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTA2N2UxNTItMGNiNy02ODVlLTY4YWMtYjgwMTY4NzQzYzMz

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame EC52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDQjVZeviokbKKAr6x7up9I&google_cver=1

43 B
122 B

65ms
25ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDQjVZeviokbKKAr6x7up9I&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDQjVZeviokbKKAr6x7up9I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 1B40 15 KB
6 KB 27ms
26ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=144062
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 15:29:03 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Mon, 08 Aug 2022 07:30:05 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 26CD 4 KB
2 KB 199ms
39ms Document
text/html 52.48.21.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.21.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-21-211.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3158fb24402048864588d7b2f55e65128e92d3a7301d4d50e9b36fc6ee46ab05

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 06 Aug 2022 15:29:04 GMT
etag: W/"01002519017830bb47548823572de139e"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame 5EE1 0
0 175ms
16ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 464F 1 KB
1 KB 383ms
41ms Document
text/html 185.86.139.102
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.102 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: af1380519ef20cd6758a6eaf7fa9ebc22f28720ea6cb20bad1a48ea949aee2bd

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 1060
content-type: text/html
date: Sat, 06 Aug 2022 15:29:03 GMT

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 818F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

2 KB
1 KB

190ms
46ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f7880f407af281301c7f90fb583965d2581bb44930fafc8c44a9a3f9bb8b6fc

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7368ce51281abb9e-FRA
content-encoding: br
content-type: text/html
date: Sat, 06 Aug 2022 15:29:04 GMT
dropped-udsids: 230|241|45|39|190|4|188|111
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRuY7Zf64IuOYabA8n%2BQSM%2BX6Wyy%2FwJT4hyM9G8hneprCbH0mfjZBy1WTmA2PRsZvRPGLhpY%2B3xN0jJ1v2KRpkwdmf%2F%2FsdfZqrtPNTF1a2a53FLTzbMSRUIcbizihHgGS0m0"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7368ce5009868fc5-FRA
content-type: text/html; charset=iso-8859-1
date: Sat, 06 Aug 2022 15:29:04 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxERkngiGhaLld2js%2FngtZBkoEcAXpawqGd1cgQab5dIzS%2FpYy%2FGBrcMmDZPy3SzGeohYVh2iJDVMjBCu0UOWVxAWBpbZ7xIXERpBGVf8JRjI9lWX9DtrBJr12aaZPGdZ9frkupHbn6Hdw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 952C 0
239 B 193ms
16ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fads.servenobid.com%252Fsync%253Fpid%253D312%2526uid%253D%2524UID
https://ads.servenobid.com/sync?pid=312&uid=3930112574233973267

0
344 B

36ms
36ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=3930112574233973267
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:03 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:03 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2277f757-00df-4cac-8429-0f107b0ed264
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=3930112574233973267
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ads.servenobid.com/sync?pid=310&uid=FGegpBZHkuXkDmLLRDC9sqgz

0
350 B

36ms
36ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=FGegpBZHkuXkDmLLRDC9sqgz
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=FGegpBZHkuXkDmLLRDC9sqgz
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap6ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 952C 0
277 B 28ms
24ms Image
text/plain 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 06 Aug 2022 15:29:03 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTlhNDNlNjEtZjk2NS00ODRiLTliODktMDczYjE4YjVjZGY1IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wOC0wNlQxNToyOTowNC4zMzQwNDZaIn0=

0
432 B

39ms
39ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTlhNDNlNjEtZjk2NS00ODRiLTliODktMDczYjE4YjVjZGY1IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wOC0wNlQxNToyOTowNC4zMzQwNDZaIn0=
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTlhNDNlNjEtZjk2NS00ODRiLTliODktMDczYjE4YjVjZGY1IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wOC0wNlQxNToyOTowNC4zMzQwNDZaIn0=
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 952C
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1659799744334
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8790692405

70 B
264 B

39ms
39ms

Image
image/gif

3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8790692405
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
ETag: RX29a1a966fb14400798af161c1b7de95f005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8790692405
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5140084921463961134

0
344 B

39ms
37ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5140084921463961134
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5140084921463961134
Date: Sat, 06 Aug 2022 15:29:04 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 952C 0
500 B 550ms
106ms Image
text/plain 69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-114
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=c78bb0c1-ecd6-402b-a085-513e6ad9e922&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
355 B

36ms
36ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=c78bb0c1-ecd6-402b-a085-513e6ad9e922&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:03 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=c78bb0c1-ecd6-402b-a085-513e6ad9e922&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Sat, 06 Aug 2022 15:29:03 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 0
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
https://ads.servenobid.com/sync?pid=337&uid=y-8Y7LV55E2uEYHRxXh61EIzTESdrJh_lapLs2kDI-~A

0
367 B

37ms
37ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-8Y7LV55E2uEYHRxXh61EIzTESdrJh_lapLs2kDI-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-8Y7LV55E2uEYHRxXh61EIzTESdrJh_lapLs2kDI-~A
date: Sat, 06 Aug 2022 15:29:04 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID
https://ads.servenobid.com/sync?pid=346&uid=86780061-8e35-6c7d-fa24-d337dc1a888d

0
356 B

37ms
36ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=346&uid=86780061-8e35-6c7d-fa24-d337dc1a888d
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=346&uid=86780061-8e35-6c7d-fa24-d337dc1a888d
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: no-store
content-length: 0
vary: origin
expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 952C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58632/occ
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true
https://ads.servenobid.com/sync?pid=339&uid=y-uPF6QRlE2uE4w1hm_IRviaDBXD.yoTjwLNOGKfY-~A

0
367 B

36ms
36ms

Image
image/avif

34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=339&uid=y-uPF6QRlE2uE4w1hm_IRviaDBXD.yoTjwLNOGKfY-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=339&uid=y-uPF6QRlE2uE4w1hm_IRviaDBXD.yoTjwLNOGKfY-~A
date: Sat, 06 Aug 2022 15:29:04 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 264E 0
42 B 450ms
110ms Script
text/plain 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=31753022&p=156858&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:03 GMT
content-length: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D62C 31 KB
10 KB 25ms
25ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sat, 06 Aug 2022 15:29:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=49279
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Sun, 07 Aug 2022 05:10:22 GMT

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame A8DF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
1 KB

202ms
52ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1322416941f42a07aa5bdb5a1d1e02d9a1e5ab03fe42d30e6614770c5c1e3875

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7368ce512818bb9e-FRA
content-encoding: br
content-type: text/html
date: Sat, 06 Aug 2022 15:29:04 GMT
dropped-udsids: 230|39|241|45|24|218|41|17
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6iWGpf%2FgzZSwryryQYNZuSTKEmSbOrOmdkmo%2BXpfDrrCU6c%2BbvajqUivsPZOc0MK9C7fAUTTxIn2vL9rxBUCiEnFSIfQGAuwwVIqGIgvlBd1c%2FnV8j0TmbV6Vj4ak8UknYS%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7368ce5009878fc5-FRA
content-type: text/html; charset=iso-8859-1
date: Sat, 06 Aug 2022 15:29:04 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMS6uc0rNEafUEQMek3v8XeEUHAPub917k6zJYHiozd6QnMYpK9El1wNp1KNCnbliGB7QZOrK2dmnkaAfprEqpn9fwNmkT%2BiMBeLiDFgPWYbAoZtFMu6wcpeyw6rwbEMRx8SJKsSu7iTtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame D62C
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Ec6stGsVTHqVuZ9UaDw_XA&rk=usync-other&gdpr=0
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Ec6stGsVTHqVuZ9UaDw_XA&gdpr=0

43 B
556 B

56ms
56ms

Image
image/gif

52.95.122.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Ec6stGsVTHqVuZ9UaDw_XA&gdpr=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

HTTP/1.1

Server

52.95.122.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 92VNE07JJFBHNE45GACX
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Ec6stGsVTHqVuZ9UaDw_XA&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame D62C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEM4EjVgO0g9vc658gNV-JPE&google_cver=1

0
239 B

16ms
16ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEM4EjVgO0g9vc658gNV-JPE&google_cver=1
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEM4EjVgO0g9vc658gNV-JPE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame D62C
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
https://pr-bh.ybp.yahoo.com/sync/rubicon/McQWKwydukNFtcLp3ozsNA?csrc=&gdpr=0
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3823467633521452841

0
239 B

19ms
18ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3823467633521452841
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

date: Sat, 06 Aug 2022 15:29:04 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3823467633521452841
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

setuid
px.ads.linkedin.com/ Frame D62C
Redirect Chain

https://token.rubiconproject.com/token?pid=36584&gdpr=0
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6I1WPUE-R-FR9O&gdpr=0

0
707 B

540ms
175ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6I1WPUE-R-FR9O&gdpr=0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6FD8675D2F334BCBA36F42D2E68363E3 Ref B: FRAEDGE1211 Ref C: 2022-08-06T15:29:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXllD4rfUf8+swMZhkc3Q==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6I1WPUE-R-FR9O&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame D62C 70 B
264 B 52ms
50ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame D62C
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=VgjaD9vfQjKQWKEzxtMteg&rk=usync-na&gdpr=0
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VgjaD9vfQjKQWKEzxtMteg&gdpr=0

43 B
556 B

108ms
108ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VgjaD9vfQjKQWKEzxtMteg&gdpr=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 9AV7B0D61QMYW6XRXWZD
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VgjaD9vfQjKQWKEzxtMteg&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D62C
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZJMVdQVUUtUi1GUjlP&gdpr=0

170 B
188 B

25ms
25ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZJMVdQVUUtUi1GUjlP&gdpr=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZJMVdQVUUtUi1GUjlP&gdpr=0
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

esync
token.rubiconproject.com/ Frame D62C
Redirect Chain

https://id.rlcdn.com/709414.gif?gdpr=0
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e

0
214 B

18ms
17ms

Image
text/plain

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Sat, 06 Aug 2022 15:29:04 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 /
onetag-sys.com/usync/ Frame C757 0
0 19ms
16ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=6c68086c0c61793

Requested by

Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.serverbid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame AC00 15 KB
6 KB 28ms
26ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://sync.serverbid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=144061
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 15:29:04 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Mon, 08 Aug 2022 07:30:05 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame C9AF 63 B
392 B 127ms
41ms Fetch
application/json 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: da723b38eb9b9d7b3544f379cc622eca04f870db15ec83ea81c79beadee6a01e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sync.serverbid.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Mon, 05 Sep 2022 15:29:04 GMT

GET
H2

200

usersync
x.serverbid.com/ Frame C9AF
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=FGegpBZHkuXkDmLLRDC9sqgz

35 B
240 B

108ms
107ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=FGegpBZHkuXkDmLLRDC9sqgz
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: https://sync.serverbid.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

Date: Sat, 06 Aug 2022 15:29:04 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=FGegpBZHkuXkDmLLRDC9sqgz
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

200

usersync
x.serverbid.com/ Frame C9AF
Redirect Chain

https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24UID
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24EMXUID&b64_redi...
https://cs.emxdgt.com/umcheck?apnxid=3930112574233973267&redirect=https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=9&spui=&dpui=$EMXUID&b64_redirect=aHR0cHM6Ly94LnNlcnZlcmJpZC5jb20vdXNlcnN5bm...
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=9&spui=&dpui=3930112574233973267brt54361659799744487219ab

35 B
217 B

102ms
102ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=9&spui=&dpui=3930112574233973267brt54361659799744487219ab
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: https://sync.serverbid.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

location: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=9&spui=&dpui=3930112574233973267brt54361659799744487219ab
date: Sat, 06 Aug 2022 15:29:03 GMT
content-length: 0
content-type: text/html

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame C9AF
Redirect Chain

https://p.rfihub.com/cm?pub=42786&in=1
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588521048361520

35 B
99 B

102ms
102ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588521048361520
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: https://sync.serverbid.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=53&userId=5144588521048361520
Date: Sat, 06 Aug 2022 15:29:04 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

usersync
x.serverbid.com/ Frame C9AF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D
https://r.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D&s=185073&C=1
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=Yu6IwE8HwIULwrHEdzjubgAA%261180

35 B
217 B

104ms
103ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=Yu6IwE8HwIULwrHEdzjubgAA%261180
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: https://sync.serverbid.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

cf-ray: 7368ce51281cbb9e-FRA
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWIB2C7DFqfKYasfNdxxarTKsnOt6yzfjh5GvtjA1aZVA%2FEkBJRpjqw5RSWdVkUV%2FGHPb6QlaEy%2BRl7k9AxZcgPSuA2vmdxaf7XOmTJmQSRudFoQ6ZEAzQ0IxF%2FLabFGA01G"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=Yu6IwE8HwIULwrHEdzjubgAA%261180
cache-control: no-cache
content-type: text/html; charset=iso-8859-1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H2

200

usersync
x.serverbid.com/ Frame C9AF
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3930112574233973267

35 B
268 B

108ms
104ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3930112574233973267
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:03 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: https://sync.serverbid.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: cd4def85-f2b3-408b-987d-8c8610a28f5c
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=3930112574233973267
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame C9AF 0
500 B 442ms
109ms Image
text/plain 69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5444%26spui%3D%26dpui%3D

Requested by

Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-131
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame C9AF
Redirect Chain

https://pixel.advertising.com/ups/56621/occ
https://ups.analytics.yahoo.com/ups/56621/occ
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=

35 B
99 B

104ms
103ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: https://sync.serverbid.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=
date: Sat, 06 Aug 2022 15:29:04 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0790 0
741 B 46ms
25ms Script
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 177d1451-8314-408c-b47c-7f21ff43b946
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=3930112574233973267

35 B
250 B

272ms
40ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=3930112574233973267
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: e0e5fb3e-92ca-4d3b-9ded-d0251a5d0db5
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://usersync.gumgum.com/usersync?b=apn&i=3930112574233973267
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_91236c81-720e-4770-a9c5-ce4811154633&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_91236c81-720e-4770-a9c5-ce4811154633&gdpr=0&gdpr_consent=&us_privacy=1---
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=70&user_id=3017107934732674128&ssp=gumgum2
https://usersync.gumgum.com/usersync?b=bsw&i=1a89b240-e006-4997-9c15-e491f18939ad

35 B
250 B

55ms
38ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=bsw&i=1a89b240-e006-4997-9c15-e491f18939ad
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Location: //usersync.gumgum.com/usersync?b=bsw&i=1a89b240-e006-4997-9c15-e491f18939ad
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

cm
u.openx.net/w/1.0/ Frame 26CD
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28xvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_91236c81-720e-4770-a9c5-ce4811154633&obuid=ENC(xvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://u.openx.net/w/1.0/cm?id=00df9f64-6f67-4cae-aeb2-d951da52047c&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopenx%26obUid%3DxvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5...

43 B
123 B

29ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/cm?id=00df9f64-6f67-4cae-aeb2-d951da52047c&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopenx%26obUid%3DxvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98%26uid%3D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:05 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://u.openx.net/w/1.0/cm?id=00df9f64-6f67-4cae-aeb2-d951da52047c&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopenx%26obUid%3DxvmUBTJ5Jx5zKkv4db6UVfJ-WwRRYu3eMDI6Fz95ix0oXJFO9REAea9Ah5jQTw98%26uid%3D
Date: Sat, 06 Aug 2022 15:29:05 GMT
X-TraceId: 239a0c93a5eaae655825c26782a753e5
Content-Length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=cb3596e8-edd5-0eac-1a37-f2556ac6f315

35 B
250 B

315ms
43ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=opx&i=cb3596e8-edd5-0eac-1a37-f2556ac6f315
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

date: Sat, 06 Aug 2022 15:29:04 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://usersync.gumgum.com/usersync?b=opx&i=cb3596e8-edd5-0eac-1a37-f2556ac6f315
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sta&i=0-1e601252-7867-445b-7b83-2a32f1b8e10c$ip$217.64.151.8

35 B
250 B

40ms
40ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sta&i=0-1e601252-7867-445b-7b83-2a32f1b8e10c$ip$217.64.151.8
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=sta&i=0-1e601252-7867-445b-7b83-2a32f1b8e10c$ip$217.64.151.8
Date: Sat, 06 Aug 2022 15:29:04 GMT
Connection: keep-alive
Content-Length: 126
Content-Type: text/html; charset=utf-8

GET
H2 200 gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 26CD 43 B
323 B 60ms
43ms Image
image/gif 2a05:d018:d29:3605:358d:1e8a:10d4:e287
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:358d:1e8a:10d4:e287 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
https://usersync.gumgum.com/usersync?b=vnt&i=f1465025-bc14-45ce-9cff-85630ba1ecb9

35 B
250 B

42ms
41ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=vnt&i=f1465025-bc14-45ce-9cff-85630ba1ecb9
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=vnt&i=f1465025-bc14-45ce-9cff-85630ba1ecb9
Date: Sat, 06 Aug 2022 15:29:04 GMT
X-CI-RTID: 47756210-8f2a-4f63-b3e7-63bd05e59325
Connection: keep-alive
Content-Length: 108
Content-Type: text/html; charset=utf-8

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
https://usersync.gumgum.com/usersync?b=snc&i=GDPR

35 B
250 B

40ms
40ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

date: Sat, 06 Aug 2022 15:29:04 GMT
via: 1.1 varnish
server: nginx
age: 0
location: https://usersync.gumgum.com/usersync?b=snc&i=GDPR
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 86677300
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true
content-length: 0

GET
H2 200 142
match.deepintent.com/usersync/ Frame 26CD 0
44 B 367ms
101ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: c /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:03 GMT
content-length: 0
server: c

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_91236c81-720e-4770-a9c5-ce4811154633&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
https://stags.bluekai.com/site/23178?id=pGwj9E76qhtaMj211ax0&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LO...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT24CHO5VDSRJXGZYWQ5DBJVVDEMJRMF4DA...
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=pGwj9E76qhtaMj211ax0&us_privacy=1---

35 B
250 B

41ms
41ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=pGwj9E76qhtaMj211ax0&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:05 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:05 GMT
P3p: CP="We do not support P3P header."
Location: https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=pGwj9E76qhtaMj211ax0&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 123
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=e0e48be2-5e2a-434b-ae6a-9f07f4b70c5d

35 B
250 B

41ms
40ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=e0e48be2-5e2a-434b-ae6a-9f07f4b70c5d
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=e0e48be2-5e2a-434b-ae6a-9f07f4b70c5d
date: Sat, 06 Aug 2022 15:29:04 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 26CD
Redirect Chain

https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/floor6?zcc=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D&cb=1659799744445
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5620474752

70 B
264 B

43ms
43ms

Image
image/gif

3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5620474752
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
ETag: RX27a914caa225403fae47b5dd33fcec6b005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5620474752
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Expires: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://usersync.gumgum.com/usersync?b=pln&i=GhXdpSVIIZKm&ev=1&pid=558355

35 B
250 B

49ms
49ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=pln&i=GhXdpSVIIZKm&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://usersync.gumgum.com/usersync?b=pln&i=GhXdpSVIIZKm&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-648874c7-r84qd
expires: -1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 26CD
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sad&i=3271110890427523485

35 B
250 B

39ms
39ms

Image
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sad&i=3271110890427523485
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=sad&i=3271110890427523485
date: Sat, 06 Aug 2022 15:29:04 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 26CD 0
357 B 37ms
36ms Image
image/avif 34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_91236c81-720e-4770-a9c5-ce4811154633
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 9D8E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://usersync.gumgum.com/usersync?b=mmh&i=d20462ee-88c0-4100-98e6-a586ffce29ee&gdpr=0&gdpr_consent=

35 B
250 B

41ms
40ms

Document
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=mmh&i=d20462ee-88c0-4100-98e6-a586ffce29ee&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sat, 06 Aug 2022 15:29:05 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Sat, 06 Aug 2022 15:29:04 GMT
Expires: Sat, 06 Aug 2022 15:29:03 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4475 c1dc35a master hkg-pixel-x7 config:1.0.0
location: https://usersync.gumgum.com/usersync?b=mmh&i=d20462ee-88c0-4100-98e6-a586ffce29ee&gdpr=0&gdpr_consent=

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame E784
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=atm&i=Yu6IuQAAAG45NwOJ&gdpr=0&gdpr_consent=

35 B
250 B

63ms
40ms

Document
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=Yu6IuQAAAG45NwOJ&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sat, 06 Aug 2022 15:29:04 GMT
Expires: 0
Pragma: no-cache

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Sat, 06 Aug 2022 15:29:04 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=Yu6IuQAAAG45NwOJ&gdpr=0&gdpr_consent=
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn4067-HHN
x-timer: S1659799744.437161,VS0,VE0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame F617 170 B
188 B 26ms
26ms Document
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV85MTIzNmM4MS03MjBlLTQ3NzAtYTljNS1jZTQ4MTExNTQ2MzM=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Sat, 06 Aug 2022 15:29:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame BD1A 15 KB
6 KB 39ms
38ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=144061
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sat, 06 Aug 2022 15:29:04 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Mon, 08 Aug 2022 07:30:05 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 5EE5 70 B
264 B 46ms
46ms Document
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sat, 06 Aug 2022 15:29:04 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 2F91
Redirect Chain

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY2...
https://cs.emxdgt.com/umcheck?apnxid=3930112574233973267&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID&b64_redirect=aHR0cHM6Ly91c2Vyc3luYy5ndW1ndW0uY29tL3VzZXJzeW5jP2I9ZW14Jmk9JEVNW...
https://usersync.gumgum.com/usersync?b=emx&i=3930112574233973267brt54361659799744487219ab

35 B
250 B

41ms
40ms

Document
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=emx&i=3930112574233973267brt54361659799744487219ab
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sat, 06 Aug 2022 15:29:04 GMT
Expires: 0
Pragma: no-cache

Redirect headers

content-length: 0
content-type: text/html
date: Sat, 06 Aug 2022 15:29:03 GMT
location: https://usersync.gumgum.com/usersync?b=emx&i=3930112574233973267brt54361659799744487219ab

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 84F0
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://usersync.gumgum.com/usersync?b=sus&i=Yu6IwMCo8X8AAH6VLIsAAAAA

35 B
250 B

41ms
41ms

Document
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=sus&i=Yu6IwMCo8X8AAH6VLIsAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sat, 06 Aug 2022 15:29:05 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Sat, 06 Aug 2022 15:29:04 GMT
Location: https://usersync.gumgum.com/usersync?b=sus&i=Yu6IwMCo8X8AAH6VLIsAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 3
X-SO-Cluster-ID: 44
X-SO-HostName: a-ad40116.dc2p.scaleout.jp
X-SO-IP: 217.64.151.8
X-SO-Key: Yu6IwMCo8X8AAH6VLIsAAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":44,"gdpr":true,"ipv4":"0.0.0.0","key":"Yu6IwMCo8X8AAH6VLIsAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40116"}
X-SO-LB-Hostname: m-tgng27.dc4p.scaleout.jp
X-SO-Upstream-ID: a-ad40116

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame B97C
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://usersync.gumgum.com/usersync?b=rth&i=fNjfwUpASNlRc019SM0z&pi=gumgum&tc=1

35 B
250 B

71ms
40ms

Document
image/gif

34.247.205.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=rth&i=fNjfwUpASNlRc019SM0z&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-205-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sat, 06 Aug 2022 15:29:04 GMT
Expires: 0
Pragma: no-cache

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Sat, 06 Aug 2022 15:29:04 GMT Sat, 06 Aug 2022 15:29:04 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://usersync.gumgum.com/usersync?b=rth&i=fNjfwUpASNlRc019SM0z&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame EAE0
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

28ms
27ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 06 Aug 2022 15:29:04 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Sat, 06 Aug 2022 15:29:04 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 818F 170 B
188 B 27ms
25ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 818F
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB&dcc=t

43 B
645 B

154ms
106ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: REQYQ8XQB1ZMV3MCXPNJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: DBQ54Z5GBKF0ZR27W01A
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 818F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yu6IwJjVFWCWHyg-Lc0PJQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1

43 B
1 KB

60ms
40ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 7368ce534d796916-FRA
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Is-Traffic-Usersync, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyz8GbfPjOJCtl%2F167y5dy0nYawuvSq3msw5I4qDMv8gvE9JuuNreGuIvyqUIO%2Bfw06%2FbISzF1DZkS%2Bhcs2zvgd8DCTTPp%2FrAAwbZUiNrmXvO58nzCWvYFy%2FvsjjxN5kUPm1GRk3%2F8%2FZQA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 818F 70 B
264 B 42ms
39ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 818F 0
0 37ms
35ms Image
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 818F
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2796461380285245460

43 B
616 B

35ms
35ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2796461380285245460
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 7368ce52d97e9c01-FRA
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Is-Traffic-Usersync, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNUUmxS5w0x512oqDyJ0xn0BR1s%2Fhao0LqZ3Yopah%2BMf%2FtYno86bj9ONx1p5cVjqrDUet7nGIbiaPDeKC7dH73g0tB5pENFdZSUQhhysljj%2F1VX3XKqrAjdyYbVgpXLIf%2Fo7TXodNUmoFw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=2796461380285245460
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 204 CookieIndex
rtb.adentifi.com/ Frame 818F 0
35 B 328ms
101ms Image
text/plain 54.158.187.59
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.158.187.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-158-187-59.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT

GET
H2 403 match
c1.adform.net/serving/cookie/ Frame 818F 0
330 B 36ms
34ms Image
text/plain 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=29&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 sync
ads.servenobid.com/ Frame 818F 0
356 B 38ms
36ms Image
image/avif 34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 464F 0
344 B 56ms
41ms Image
image/avif 34.249.131.141
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=3271110890427523485&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.131.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-131-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2 200 bsync
visitor.omnitagjs.com/visitor/ Frame 464F 0
158 B 96ms
29ms Image
text/plain 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent=

Requested by

Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 Ivry-sur-Seine, France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
content-length: 0
expires: 0

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 464F
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USE...
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3271110890427523485&gdpr=0&gdpr_consent=

43 B
932 B

168ms
110ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3271110890427523485&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: N243ATYVHZBJ48B4EWRQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3271110890427523485&gdpr=0&gdpr_consent=
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 464F
Redirect Chain

https://demand.trafficroots.com/sync.php?partner=3379&redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D137%26partneruserid%3D%7Btrafficroots_id%7D&gdpr=0&gdpr_...
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=1f7ee0ebbf&gdpr=0&gdpr_consent=

43 B
423 B

32ms
32ms

Image
image/gif

185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=1f7ee0ebbf&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date: Sat, 06 Aug 2022 15:29:04 GMT
Referrer-Policy: origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/html; charset=UTF-8
Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=1f7ee0ebbf&gdpr=0&gdpr_consent=
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 464F
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=3930112574233973267&gdpr=0&gdpr_consent=

43 B
408 B

123ms
29ms

Image
image/gif

185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=3930112574233973267&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:03 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 052e0e5b-100e-4947-80ee-061c7b37cb95
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=3930112574233973267&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame A8DF 170 B
188 B 40ms
26ms Image
image/png 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame A8DF 70 B
264 B 49ms
40ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame A8DF
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB&dcc=t

43 B
645 B

154ms
106ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Z0GCB4ES0S17SNDAFVKB
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Y7DMS6WFPK3J0AJZYF3R
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yu6IwJjVFWCWHyg_Lc0PJQAABLsAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame A8DF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yu6IwJjVFWCWHyg-Lc0PJQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1

43 B
1 KB

45ms
43ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 7368ce534d7b6916-FRA
pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Is-Traffic-Usersync, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BN6oGSAe1zG%2BGV4qYdQNa1fb4En1anD1XkpcA0jFO6w7Fz3ZOFNTwUbE7qFQXamxI8tbmUwIZW8kJJDhRE1SVNlUD7nD1wWDd107mNufkAZ5nHhWTTJwRM9IuR75qNRwQGr3H7i5uEEeSw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOxSgReSgcn7Xh8k1WW99KQ&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A8DF
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=7c297a59-2056-4cbf-949c-c489e69721a9&us_privacy=null&gdpr_consent=null&gdpr=1

43 B
572 B

34ms
34ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=7c297a59-2056-4cbf-949c-c489e69721a9&us_privacy=null&gdpr_consent=null&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Is-Traffic-Usersync, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KyLicFkniuDPZSGWmvFs3ditupu%2FlvgEHaZpq0p%2FfzwFsJWKbdXh8WraQ7ZKCmLzDfSCF3DZ%2BSWZPSBtnCce0SFqV4BrLdBnlTAb0o0nBYiydkHJtiY%2BdoJpNvtLH7NCShkqC6jLq9mHtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache
cf-ray: 7368ce536db66916-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

Redirect headers

date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=7c297a59-2056-4cbf-949c-c489e69721a9&us_privacy=null&gdpr_consent=null&gdpr=1
cf-ray: 7368ce531c0301db-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK ibs:dpid=23728&dpuuid=Yu6IwJjVFWCWHyg-Lc0PJQAA%261211
dpm.demdex.net/ Frame A8DF 0
0 124ms
118ms Image
application/json 34.249.212.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Yu6IwJjVFWCWHyg-Lc0PJQAA%261211?gdpr_consent=&us_privacy=&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.212.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-212-46.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H/1.1 200
OK bridge
cm.adgrx.com/ Frame A8DF 43 B
408 B 357ms
22ms Image
image/gif 173.231.180.197
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.180.197 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: ams-delivery-4.sys.adgear.com
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
server: Cowboy
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
X-RealServer-NX: ams-delivery-1
Content-Length: 43
Expires: Thu, 23 Sep 2004 17:42:04 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame A8DF
Redirect Chain

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1

43 B
570 B

35ms
35ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Is-Traffic-Usersync, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HN4qoU83sgqI0M%2F5hna03qqoK71d3ggg0ENa7WSelnJh17e6jNphQM%2BD2e0BCZRUHeh%2Fs7eidRWRCEw0%2FiMxUPdJwiTMhfgTWiPnYTbb4ZUtygwuuCFuEZ7jLqwNZUzOIqFL0awrIi7ihQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache
cf-ray: 7368ce5518436916-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 106
Content-Type: text/html; charset=utf-8

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame A8DF 43 B
425 B 121ms
28ms Image
image/gif 2606:4700::6812:d4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?Yu6IwJjVFWCWHyg-Lc0PJQAA%261211
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fthreatpost.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 06 Aug 2022 15:29:04 GMT
cf-cache-status: HIT
age: 173
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "761e21-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7368ce534f880211-ZRH
expires: Sat, 06 Aug 2022 19:29:04 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame EAE0 31 KB
10 KB 33ms
31ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sat, 06 Aug 2022 15:29:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=49278
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Sun, 07 Aug 2022 05:10:22 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame EAE0 0
239 B 19ms
18ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L6I1WPUE-R-FR9O
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0790 0
741 B 22ms
22ms Script
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 Aug 2022 15:29:05 GMT
X-Proxy-Origin: 217.64.151.8; 217.64.151.8; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8c95f2e7-65a1-4301-a15c-60c7eb1903b7
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client

Domain: kaspersky.demdex.net
URL: https://kaspersky.demdex.net/dest5.html?d_nsid=0

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=174545

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=174545

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=174545

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=174545

Verdicts & Comments Add Verdict or Comment

382 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

87 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.threatpost.com/	1970-01-20 05:03:21	Name: _cs_mk Value: 0.7588245165000569_1659799736593
threatpost.com/	1970-01-20 05:46:31	Name: _pbjs_userid_consent_data Value: 6683316680106290
.demdex.net/	1970-01-20 09:22:31	Name: demdex Value: 12155719913609134422205874910212657368
.lijit.com/	1970-01-20 13:48:55	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 13:48:55	Name: ljt_reader Value: FGegpBZHkuXkDmLLRDC9sqgz
.threatpost.com/	1969-12-31 23:59:59	Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg Value: 1
.threatpost.com/	1970-01-20 14:39:19	Name: _ga Value: GA1.2.1222917118.1659799737
.threatpost.com/	1970-01-20 05:04:46	Name: _gid Value: GA1.2.1675385568.1659799737
.threatpost.com/	1970-01-20 05:03:19	Name: _gat_UA-35676203-21 Value: 1
.rubiconproject.com/	1970-01-20 13:48:55	Name: khaos Value: L6I1WPUE-R-FR9O
.rubiconproject.com/	1970-01-20 13:48:55	Name: audit Value: 1\|naVuGyos1qpJA4mzC45QJTpcd3HBZZ775PzI6EyVJjnj+CQiMALPWQImKV8nXqjyb05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
threatpost.com/	1970-01-20 13:48:55	Name: usprivacy Value: 1---
.everesttech.net/	1970-01-20 13:48:55	Name: everest_g_v2 Value: g_surferid~Yu6IuQAAAG45NwOJ
.openx.net/	1970-01-20 13:48:55	Name: i Value: efa40dc1-6c47-090d-279a-2a50c6b1c1ae\|1659799737
.t.co/	1970-01-20 14:39:19	Name: muc_ads Value: 37c0a571-5c54-4ca2-9259-b23b6058994a
.dpm.demdex.net/	1970-01-20 09:22:31	Name: dpm Value: 12155719913609134422205874910212657368
.prebid.a-mo.net/	1970-01-20 13:48:55	Name: __amc Value: 1_1659799737_1659799737
.quantserve.com/	1970-01-20 14:33:34	Name: mc Value: 62ee88b9-a7bac-26c97-b1154
.serverbid.com/	1970-01-20 05:24:55	Name: CONSUMABLEID Value: bbc24bc927fe4405824bc927fe140577
.threatpost.com/	1970-01-20 14:27:48	Name: __qca Value: P0-1919995453-1659799737577
.twitter.com/	1970-01-20 14:39:19	Name: personalization_id Value: "v1_Pfsd+lggrHI3sHdglz6OpA=="
.threatpost.com/	1970-01-20 14:24:55	Name: __gads Value: ID=a565b1beccc21f4e-220362d3e7cd007c:T=1659799738:S=ALNI_MbcFci_xmxEaf_8-K0ABjah8vPb7Q
.threatpost.com/	1970-01-20 14:39:19	Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19211%7CMCMID%7C21990077571142078641208708686383005314%7CMCAAMLH-1660404537%7C6%7CMCAAMB-1660404537%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1659806939s%7CNONE%7CMCSYNCSOP%7C411-19218%7CMCAID%7CNONE%7CvVersion%7C4.4.0
.openx.net/	1970-01-20 05:24:55	Name: pd Value: v2\|1659799743\|gekin0vNiygu
.doubleclick.net/	1970-01-20 14:24:55	Name: IDE Value: AHWqTUmWNozi1expXDRfGLscBtNA8NVaY0Ia1Yj1czdI7cIrnpYo2OKkmmfd919bYok
.adnxs.com/	1970-01-20 07:12:55	Name: uuid2 Value: 3930112574233973267
.quantserve.com/	1970-01-20 07:12:55	Name: d Value: EMkBDAHlJoqsMA
.servenobid.com/	1970-01-20 05:13:24	Name: pid_312 Value: 3930112574233973267
.servenobid.com/	1970-01-20 05:13:24	Name: pid_327 Value: c78bb0c1-ecd6-402b-a085-513e6ad9e922
.adform.net/	1970-01-20 05:47:58	Name: C Value: 1
.lijit.com/	1970-01-20 13:48:55	Name: _ljtrtb_273657 Value: 273657
.gumgum.com/	1970-01-20 13:48:55	Name: vst Value: e_91236c81-720e-4770-a9c5-ce4811154633
.casalemedia.com/	1970-01-20 07:12:55	Name: CMPS Value: 1126
.adform.net/	1970-01-20 06:29:30	Name: uid Value: 3017107934732674128
.servenobid.com/	1970-01-20 05:13:24	Name: pid_310 Value: FGegpBZHkuXkDmLLRDC9sqgz
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1MjQwsTA2MzQ1MhDiM9TNMDAICA628Ddxzy0EAJX_daQlAAAA
.rfihub.com/	1970-01-20 14:24:55	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1MjQwsTA2MzQ1MhDiM9TNMDAICA628Ddxzy0EAJX_daQlAAAA
.rfihub.com/	1970-01-20 14:24:55	Name: eud Value: H4sIAAAAAAAA_-sS5zU0M7U0t7Q0NzExMDUGADgQeCYQAAAA
.servenobid.com/	1970-01-20 05:13:24	Name: pid_324 Value: 5140084921463961134
.servenobid.com/	1970-01-20 05:13:24	Name: pid_309 Value: e_91236c81-720e-4770-a9c5-ce4811154633
.casalemedia.com/	1970-01-20 05:04:46	Name: CMST Value: Yu6IwGLuiMAA
.smartadserver.com/	1970-01-20 14:33:34	Name: pid Value: 3271110890427523485
.casalemedia.com/	1970-01-20 13:48:55	Name: CMID Value: Yu6IwJjVFWCWHyg-Lc0PJQAA
.casalemedia.com/	1970-01-20 07:12:55	Name: CMPRO Value: 1211
.disqus.com/	1970-01-20 13:48:55	Name: zeta-ssp-user-id Value: 86780061-8e35-6c7d-fa24-d337dc1a888d
.rlcdn.com/	1970-01-20 13:48:55	Name: rlas3 Value: KIWG0Xhf/IEs5zAFNMB5X3E3LhOpvpT7iJ9xccWn9Uo=
.rlcdn.com/	1970-01-20 06:29:43	Name: pxrc Value: CMCRupcGEgYIkLwrEAA=
.servenobid.com/	1970-01-20 05:13:24	Name: pid_346 Value: 86780061-8e35-6c7d-fa24-d337dc1a888d
.servenobid.com/	1970-01-20 05:13:24	Name: pid_333 Value: Yu6IwEjtj8_ae_cxsWhzIwAABHcAAAAB
.yieldlift.com/	1970-01-20 13:48:55	Name: xuids Value: eyJ4dWlkIjoiNTlhNDNlNjEtZjk2NS00ODRiLTliODktMDczYjE4YjVjZGY1IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wOC0wNlQxNToyOTowNC4zMzQwNDZaIn0=
.yahoo.com/	1970-01-20 13:49:17	Name: A3 Value: d=AQABBMCI7mICECzTDJl58ysu61ktnmJ-ytMFEgEBAQHa72L4YgAAAAAA_eMAAA&S=AQAAAoMUURLwodiTn5O-wWJMsH0
.servenobid.com/	1970-01-20 05:13:24	Name: pid_314 Value: eyJ4dWlkIjoiNTlhNDNlNjEtZjk2NS00ODRiLTliODktMDczYjE4YjVjZGY1IiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wOC0wNlQxNToyOTowNC4zMzQwNDZaIn0=
.servenobid.com/	1970-01-20 05:13:24	Name: pid_337 Value: y-8Y7LV55E2uEYHRxXh61EIzTESdrJh_lapLs2kDI-~A
.servenobid.com/	1970-01-20 05:13:24	Name: pid_339 Value: y-uPF6QRlE2uE4w1hm_IRviaDBXD.yoTjwLNOGKfY-~A
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s85131\|Yu6It
.turn.com/	1970-01-20 09:22:31	Name: uid Value: 2796461380285245460
.creativecdn.com/	1970-01-20 13:48:55	Name: u Value: fNjfwUpASNlRc019SM0z
.creativecdn.com/	1970-01-20 13:48:55	Name: ts Value: 1659799744
.bidswitch.net/	1970-01-20 13:48:55	Name: tuuid Value: 1a89b240-e006-4997-9c15-e491f18939ad
.bidswitch.net/	1970-01-20 13:48:55	Name: c Value: 1659799744
.bidswitch.net/	1970-01-20 13:48:55	Name: tuuid_lu Value: 1659799744
.servenobid.com/	1970-01-20 05:13:24	Name: pid_317 Value: 3271110890427523485
.amazon-adsystem.com/	1970-01-20 14:39:19	Name: ad-privacy Value: 0
.csync.loopme.me/	1970-01-20 07:15:48	Name: viewer_token Value: 7c297a59-2056-4cbf-949c-c489e69721a9
.emxdgt.com/	1970-01-20 07:12:55	Name: uid Value: 54361659799744487219ab
.360yield.com/	1970-01-20 07:12:55	Name: tuuid Value: e0e48be2-5e2a-434b-ae6a-9f07f4b70c5d
.360yield.com/	1970-01-20 07:12:55	Name: tuuid_lu Value: 1659799744
.casalemedia.com/	1970-01-20 07:12:55	Name: CMTS Value: 1136
.casalemedia.com/	1970-01-20 13:48:55	Name: CMRUM3 Value: 2762ee88c00b40&2d62ee88c02760CAESEOxSgReSgcn7Xh8k1WW99KQ&1162ee88c005a0&1862ee88c005a0&e662ee88c02760&f162ee88c005a0&da62ee88c02760&2962ee88c005a0&0462ee88c027602796461380285245460
.1rx.io/	1970-01-20 13:48:55	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-27a914ca-a225-403f-ae47-b5dd33fcec6b-005%22%2C%22zdxidn%22%3A%221506%22%2C%22nxtrdr%22%3A%22https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D%22%7D
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 13:48:55	Name: bcookie Value: "v=2&77fef273-40d1-4bcf-81fc-bc04acbe94e7"
.linkedin.com/	1970-01-20 09:22:31	Name: li_gc Value: MTswOzE2NTk3OTk3NDQ7MjswMjE0pufM4lqxrZ7lNzDCAuBvIivGmCtk6SGJbHYD4I2rjw==
.linkedin.com/	1970-01-20 05:04:46	Name: lidc Value: "b=TGST06:s=T:r=T:a=T:p=T:g=2480:u=1:x=1:i=1659799744:t=1659886144:v=2:sig=AQH5_dmagiHj10tGhUNhTUYWjXaZTjpo"
.technoratimedia.com/	1970-01-20 14:39:19	Name: tads_uid Value: GDPR
.ipredictive.com/	1970-01-20 13:48:55	Name: cu Value: f1465025-bc14-45ce-9cff-85630ba1ecb9\|1659799744577
sync.srv.stackadapt.com/	1970-01-20 13:48:55	Name: sa-user-id Value: s%3A0-1e601252-7867-445b-7b83-2a32f1b8e10c.xa2m8YfgrGY6D2o80O3yr3WC%2FQ%2B1KF2Cb8%2B1xD7AKPE
.srv.stackadapt.com/	1970-01-20 13:48:55	Name: sa-user-id-v2 Value: s%3AHmASUnhnRFt7gyoy8bjhDNlAlwg.aEPn82BFxzoweWatGJ48Avk6WNMuFydP66yHHBwVmGg
.analytics.yahoo.com/	1970-01-20 13:48:55	Name: IDSYNC Value: "198o~26fr:17ot~26fr"
.outbrain.com/	1970-01-20 07:12:55	Name: obuid Value: 402172be-c2ba-4a75-aa80-cd76fb86bf65
.emxdgt.com/	1970-01-20 07:12:55	Name: apn_id Value: 3930112574233973267
.zemanta.com/	1970-01-20 13:48:55	Name: zuid Value: pGwj9E76qhtaMj211ax0
.amazon-adsystem.com/	1970-01-20 10:46:02	Name: ad-id Value: A1AaDsQLPkzDjndJmOW1X74
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: ac86c56c3110a930
.trafficroots.com/	1970-01-20 13:48:55	Name: PARTNER_ID_3379 Value: 1f7ee0ebbf
.smartadserver.com/	1970-01-20 13:48:55	Name: csync Value: 86:3930112574233973267\|137:1f7ee0ebbf
.mathtag.com/	1970-01-20 14:29:14	Name: uuid Value: 973f62ee-88c0-4b00-882a-e6d23dfef6ff

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://cd.connatix.com/connatix.player.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid6.20.0-4.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cd.connatix.com/connatix.player.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid6.20.0-4.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2ad43688a556459347d89116ee76d8ba.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
c2shb.pubgw.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.id5-sync.com
cdn.indexww.com
cds.connatix.com
ce.lijit.com
cm.adgrx.com
cm.everesttech.net
cm.g.doubleclick.net
creativecdn.com
cs.emxdgt.com
csync.loopme.me
demand.trafficroots.com
dpm.demdex.net
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
g2.gumgum.com
geo.ipify.org
hb.yellowblue.io
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
ins.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lb.eu-1-id5-sync.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
media.kaspersky.com
media.kasperskycontenthub.com
media.threatpost.com
mp.4dex.io
onetag-sys.com
p.rfihub.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
qd.admetricspro.com
r.casalemedia.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rules.quantcount.com
s.amazon-adsystem.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
visitor.omnitagjs.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
x.serverbid.com
x.yieldlift.com
capi-tier-2-us-east-2.connatix.com
hbopenbid.pubmatic.com
kaspersky.demdex.net
103.229.206.241
104.18.18.126
104.18.19.126
104.244.42.131
104.244.42.133
107.20.229.204
108.138.4.10
124.146.215.44
132.226.63.138
141.95.33.111
141.95.98.71
142.250.184.194
145.40.89.200
15.188.95.229
151.101.130.137
151.101.2.137
151.101.66.49
159.89.246.130
162.254.186.187
169.197.150.7
172.217.16.194
173.231.180.197
18.205.144.126
18.208.63.59
18.232.9.126
18.233.94.66
18.66.112.110
18.66.139.100
185.184.8.90
185.255.84.153
185.85.15.31
185.86.137.133
185.86.139.102
185.89.210.180
185.89.210.46
193.0.160.129
198.148.27.140
199.127.204.142
199.232.16.157
2.21.184.188
2001:678:cb4:bbbb::11
213.19.147.43
216.52.2.30
23.205.235.133
23.206.210.112
23.35.236.201
23.35.236.247
23.75.240.210
2600:1f1c:a99:832c:2412:5a3c:977a:e751
2600:9000:223c:6e00:1b:d000:d280:93a1
2600:9000:2304:d800:6:44e3:f8c0:93a1
2600:9000:2490:b400:0:5c46:4f40:93a1
2602:803:c003:200::31
2606:4700:10::6816:3456
2606:4700:20::681a:7da
2606:4700:20::681a:8a9
2606:4700::6812:272
2606:4700::6812:d4c
2606:4700::6813:ad6c
2620:1ec:21::14
2a00:1450:4001:801::200a
2a00:1450:4001:809::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2003
2a00:1450:4001:812::2008
2a00:1450:4001:82a::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:400c:c0b::9c
2a05:d018:d29:3605:358d:1e8a:10d4:e287
3.125.77.13
3.229.251.39
3.229.66.54
3.33.220.150
34.247.205.196
34.248.32.199
34.249.131.141
34.249.212.46
34.98.64.218
35.157.139.2
35.157.246.167
35.173.160.135
35.190.60.146
37.157.2.234
44.208.243.83
51.89.9.252
52.45.33.138
52.46.151.131
52.48.21.211
52.72.207.90
52.95.122.74
54.158.187.59
64.140.160.2
64.202.112.127
64.74.236.223
69.166.1.10
69.173.144.138
69.192.160.219
72.251.249.14
76.223.111.18
8.28.7.81
99.86.240.7
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0de5867fb96beb7a6df6147dea8d8f921d522b0822b0bdc46ac1af2277d3215c
0ec643833db7e4351c673473da97bbd8645989190729387757838f7fecb50d69
1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68
109202419541751882096017a2de53ec1f34e0e0d783cacad6a336c435c341a9
1322416941f42a07aa5bdb5a1d1e02d9a1e5ab03fe42d30e6614770c5c1e3875
13284e48fb45b9497ead0406372fc394ce32d71edadcab4139a73cdf7a651d90
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
191811219b6b369ab661dfe168e0cd56f43a0372d393b8d6d0f39ec9ca00df2b
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1be7f35fce084c6c152d13cf140409790f3820aa4a2b9b4707c81a3fc547a0b5
1e6113fa95a41038fb32382334e134009323370c3d81fe93cb814df2e7a3b882
1f8707759eb388d405aadd0dfa3a41b9856827d5516764085ee71268b34ae703
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
2362e0948b37833b8820327e2425670bbe4a65f392cc1ec18973ec7ff6064e63
23a6497cdcf74fd11b7f9ee489b70ed8b22da049c81bfacd3c59de5002d48094
2505db71214b53bec821b6ae1c99abd4c8b9ea56965cf3d1d70c35f3064cf08b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bc409492d455cddcb045729beca897303d4a321684b6396d8988b40a72ceb91
2cb68a2abc787bb2fd15d97924fba4a4624aa5b0d290eb98a9520de60c5faa33
2d9ca0de257791a277a2a5f53d00cb15d923a8b4f2c259e17c70e8ab2c7aa844
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3158fb24402048864588d7b2f55e65128e92d3a7301d4d50e9b36fc6ee46ab05
3307268982e18bae27fb0691dea184c6a6ce845db0f6ce1f41ca63e948dde8a6
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e9eefb59277748bb91f68907a4ddbc3d5ff18307fb8af50285f925427145afd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
4703e5b3e68ffbe470a6d961ed24e7d1daf80b35640c7775e152f0c5a0e6b41b
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
570434f23ca8564a14604e6a36ceb60ffa6852987ffc60b708660c4425466108
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5f3cef397ae78a294aba6d2b965586863f84ab3331f3b59a4a1db6c712a93296
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
68f4df745814aa5264e977432e04de56a99629f2c968b7c20dbe6f4eab651880
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
7311e76d0df711b21ef501b880bf5c372883d7f635a020637403b830fc68fd39
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
763e8baad4579e1c1ee71410e201c14e49f83e48170c614b729c8c70ec1a9b0a
793c1fa20d428c9cc9f0af0179d9de217c124f5d19d31c6b36878ba793bbacd2
7a4a0db7884806d3e65929f40fdfa92798fd7ef99df0e9615eae15e88197790e
7f7e6e995618480710459b924bae8c1fee53d4f6ccc5d0f99d2f41a7341acf76
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
82e3811cdfceb32fce78d37685ff4189f3927def60304312c3519603939f0ba8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844f2e3a86dcb6f46977b0be523ad7311b7d294e52a6b0cd6eb6eca973983488
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89db7cd798c3cc4d894bf8771702a7a0c025a5305d0888ffa5da327da4472dc9
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d341b1c3a0d55c1f013033618b78dcd6b1c193a41fe2e68e6d17f394a76e6e1
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
90b0805db3333148fe2321c544f453ad8d0c3dd1fd65736387d6fbfeb8c75ab4
91019d68bea2d2ad44c6248bec0a412f663176eb219144f8f1298814103d82ee
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
936fc91de9ad2f9d582d7683630543b144bd21cc9af8b25413c21cfe55bb24c3
949ce08c8b86d6d986c1dd7043588e95515b6cd7f799575317d19705543d500c
958e52063f880f9326df5e6e71e0f94a90e82fc389a8c279e383bc8a22d2fdc7
97c42d28f70d21116c01e0a6d582cb3f4513113f56241ee0b01aa09349e6454f
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
9a7e2f2daef118825ab8bb58bc3cd9dbb3c83cb84772a08f6c5758d706fef173
9f7880f407af281301c7f90fb583965d2581bb44930fafc8c44a9a3f9bb8b6fc
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1267fb5f954298273455537282a988283137c3ebeb9bef9f99d653a0a7ccd71
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9cd0da089c8a9f68edc523eb56ab5fe5ec6df35e989dfdd54cdc04c871b9a93
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086
af1380519ef20cd6758a6eaf7fa9ebc22f28720ea6cb20bad1a48ea949aee2bd
af44d280920264564147250d0841eebf33288a04c932c182c06ec21600a228c2
afe98d9f5c1b655a178938b72c1cc9882d39e32e1c4221a64f2e4bc2f4261cbf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6
b713c4d60db13b6748f0e57674ff4a364c1ee805223c52786c9ce2ea8d07a8fa
b95939599754deb2250672a0ecba1494e7af2352a3598695df9684d77f953d73
ba3adfc32d82ab22694f8cb477ebe8a3efc9a1fcb3e791a58d1f03f1de1059dc
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc18ab4ad12d2b253a6666d753d63c33bf327bf2196cfa8b888cf9ad7d6a6d1a
c144dfdf12c4fb5520be9acbf56669fa59cac648cac1d659821d8e0c4ec11a20
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2b1d3e721d38c46cbaaa362388526ed9b9f661780ffa85e1ed50b69af5643ad
c2e37877957a84efc2e5604969599edfa9be30f963d56f8a8ea5352443f72892
c39bad04b15a4691018de4abf7a625d46adf8ca9bcf6d3f27429d7673eb43f2f
c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02
cad6c04e5003edd838a4827aeb9e321889c35cc865d583ddf59c2d4cf83954c8
d1fb63f766f0256878a7764edc2c02fa45b2399f1ce95ba60fb30d7f8dd12c79
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d46e8d865660f9a9201e33cb3e7bac4ce5cb8778caceb0eb1b27ce8f8e2c877c
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d6cb3641a88d23be3e45023d313bfd54dd3640a4bfe07b3b88d63e3fba328d19
da723b38eb9b9d7b3544f379cc622eca04f870db15ec83ea81c79beadee6a01e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b1d71ce0b2ff9afa9fa47974570dd3d8951d7def6f63dd8063295e24b522e9
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e40be17f41b8a149f1ace2e24632816b6111ccc6f1974fb1c804869a4c7d2905
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e7b09255eb2baa24f82cc435b988d86cf28f3c4c495f3da10d1d95cd6166ac1e
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9c45dea6d149ac4de08c8a5af38836a97d0c08144d2f1858247748b29615da3
eb72764c337f97f25717fd945fa4321771e37dceb9cb3ffe9d820b3879f671dd
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a4d16aad94ac27eb35c9707b8a74b3c383baaccac7d80fbd2822830c52cc18
f383c9d665701194066c208c394a1387bbc99a2350ef8995aa629ce298760e13
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f8a4d22788f301f09228c9e1310aff25262fc5d72368fd63538789a7b69cbf04
f8ce7892921c87384e952835fa0872d75d572e3c062d2c79c91407fe99c812dc
f97858d8c4ed825d49246a820d20f437c406246361fe3c1ebf912d02ff753a24
fae8db4ce4b266008aa79aa0fe0d6ac27187c96d43ccb345931852c834f39dd8

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

255 Requests

78 %HTTPS

23 %IPv6

76 Domains

121 Subdomains

76 IPs

12 Countries

2935 kBTransfer

8271 kBSize

87 Cookies

0 Outgoing links

Redirected requests

255 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

255
Requests

78 %
HTTPS

23 %
IPv6

76
Domains

121
Subdomains

76
IPs

12
Countries

2935 kB
Transfer

8271 kB
Size

87
Cookies

255 HTTP transactions
0 data transactions