securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Submission: On September 24 via api (September 24th 2020, 2:36:47 pm UTC) from US

Summary HTTP 244 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 37 IPs in 5 countries across 34 domains to perform 244 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to ONEANDONE-AS Brauerstrasse 48, DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust RSA CA 2018 on March 8th 2020. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
41	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2600:9000:20a... 2600:9000:20ae:e000:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:e800:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
22	104.108.144.24 104.108.144.24	16625 (AKAMAI-AS) (AKAMAI-AS)
7	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
9	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:20a... 2600:9000:20ae:7200:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:c400:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
2	3.127.132.197 3.127.132.197	16509 (AMAZON-02) (AMAZON-02)
9	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::ac43:4671	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
45	2a00:1450:400... 2a00:1450:4001:817::2001	15169 (GOOGLE) (GOOGLE)
5 34	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1 5	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	18.194.102.50 18.194.102.50	16509 (AMAZON-02) (AMAZON-02)
2	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
2	104.19.132.78 104.19.132.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	198.148.27.134 198.148.27.134	19189 (PULSEPOINT) (PULSEPOINT)
2 3	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
2 4	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
2	23.210.249.83 23.210.249.83	16625 (AKAMAI-AS) (AKAMAI-AS)
2 6	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2	23.210.249.92 23.210.249.92	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.29.133.199 185.29.133.199	30419 (MEDIAMATH...) (MEDIAMATH-INC)
12	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
6 6	213.19.147.150 213.19.147.150	3356 (LEVEL3) (LEVEL3)
5 5	34.249.135.160 34.249.135.160	16509 (AMAZON-02) (AMAZON-02)
1 1	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE)
7 7	35.157.168.25 35.157.168.25	16509 (AMAZON-02) (AMAZON-02)
2 2	185.31.128.128 185.31.128.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	54.194.211.3 54.194.211.3	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	15169 (GOOGLE) (GOOGLE)
244	37

41 2001:8d8:100f:f000::289 (Germany)

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20ae:e000:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:e800:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 104.108.144.24 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20ae:7200:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:c400:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.132.197 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-132-197.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:4671 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f2ace2b5415b91d1381f7bd495477a8e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
48f11e65a3524dbf8c2117b21085bbf8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
701aeca85d94e07994da0ca38d3797ce.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.159.8 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.102.50 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-102-50.eu-central-1.compute.amazonaws.com

ice.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.88 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.132.78 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.134 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 2 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.83 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-83.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.148.27.139 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.92 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.133.199 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.19.147.150 (United Kingdom) 6 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.249.135.160 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-135-160.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.157.168.25 (Frankfurt am Main, Germany) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.31.128.128 (Netherlands) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.211.3 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	googlesyndication.com f2ace2b5415b91d1381f7bd495477a8e.safeframe.googlesyndication.com tpc.googlesyndication.com 48f11e65a3524dbf8c2117b21085bbf8.safeframe.googlesyndication.com 701aeca85d94e07994da0ca38d3797ce.safeframe.googlesyndication.com pagead2.googlesyndication.com	354 KB
41	securityaffairs.co securityaffairs.co	1 MB
22	media.net contextual.media.net lg3.media.net hblg.media.net	233 KB
20	doubleclick.net 6 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	323 KB
16	ampproject.org cdn.ampproject.org	339 KB
14	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	10 KB
13	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com	860 KB
11	wp.com i0.wp.com i1.wp.com i2.wp.com stats.wp.com pixel.wp.com	40 KB
9	google.com 2 redirects adservice.google.com www.google.com	2 KB
8	contextweb.com 2 redirects bid.contextweb.com bh.contextweb.com	2 KB
7	bidswitch.net 7 redirects x.bidswitch.net	3 KB
6	google-analytics.com www.google-analytics.com google-analytics.com	37 KB
5	adsrvr.org 5 redirects match.adsrvr.org	2 KB
5	openx.net 1 redirects pixfuture2-d.openx.net eu-u.openx.net	1 KB
5	google.de adservice.google.de	672 B
5	googletagservices.com www.googletagservices.com	106 KB
5	twitter.com platform.twitter.com	31 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	39 KB
4	1rx.io 4 redirects sync.1rx.io	3 KB
4	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	178 B
4	adnxs.com ib.adnxs.com acdn.adnxs.com	1 KB
3	advertising.com 2 redirects adserver-us.adtech.advertising.com	776 B
2	admedo.com 2 redirects pool.admedo.com	788 B
2	avct.cloud 2 redirects ads.avct.cloud	890 B
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	mgid.com prebid.mgid.com	876 B
2	360yield.com ice.360yield.com	620 B
2	facebook.net connect.facebook.net	63 KB
1	gravatar.com secure.gravatar.com	1 KB
1	consensu.org c.sharethis.mgr.consensu.org
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	5 KB
0	googleapis.com Failed fonts.googleapis.com Failed
244	34

	Domain	Requested by
41	securityaffairs.co	securityaffairs.co
29	tpc.googlesyndication.com	securepubads.g.doubleclick.net securityaffairs.co tpc.googlesyndication.com cdn.ampproject.org pagead2.googlesyndication.com
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net cdn.pixfuture.com pagead2.googlesyndication.com securityaffairs.co
16	cdn.ampproject.org	securepubads.g.doubleclick.net
12	sync.go.sonobi.com
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net securityaffairs.co
8	hblg.media.net	securityaffairs.co
7	x.bidswitch.net	7 redirects
7	lg3.media.net	securityaffairs.co
7	served-by.pixfuture.com	securityaffairs.co served-by.pixfuture.com
7	contextual.media.net	securityaffairs.co contextual.media.net
6	cm.g.doubleclick.net	6 redirects
6	bh.contextweb.com	2 redirects cdn.pixfuture.com
6	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com
5	match.adsrvr.org	5 redirects
5	googleads.g.doubleclick.net	securityaffairs.co pagead2.googlesyndication.com
5	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
5	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
5	www.googletagservices.com	securityaffairs.co pagead2.googlesyndication.com
5	www.google-analytics.com	securityaffairs.co www.google-analytics.com
5	platform.twitter.com	securityaffairs.co platform.twitter.com
4	sync.1rx.io	4 redirects
4	www.google.com	2 redirects securityaffairs.co
3	eu-u.openx.net	1 redirects cdn.pixfuture.com
3	adserver-us.adtech.advertising.com	2 redirects securityaffairs.co
3	i2.wp.com	securityaffairs.co
3	i1.wp.com	securityaffairs.co
3	i0.wp.com	securityaffairs.co
2	pool.admedo.com	2 redirects
2	ads.avct.cloud	2 redirects
2	p.rfihub.com	2 redirects
2	sync.targeting.unrulymedia.com	2 redirects
2	sync.mathtag.com	2 redirects
2	ads.pubmatic.com	cdn.pixfuture.com
2	acdn.adnxs.com	cdn.pixfuture.com
2	bid.contextweb.com	cdn.pixfuture.com
2	hbopenbid.pubmatic.com	cdn.pixfuture.com
2	prebid.mgid.com	cdn.pixfuture.com
2	ib.adnxs.com	cdn.pixfuture.com
2	ice.360yield.com	cdn.pixfuture.com
2	apex.go.sonobi.com	cdn.pixfuture.com
2	pixfuture2-d.openx.net	cdn.pixfuture.com
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	701aeca85d94e07994da0ca38d3797ce.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	48f11e65a3524dbf8c2117b21085bbf8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	f2ace2b5415b91d1381f7bd495477a8e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	pixel.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
0	fonts.googleapis.com Failed	securityaffairs.co
244	57

This site contains links to these domains. Also see Links.

Domain
www.cert.govt.nz
csirt.gov.it
www.ncsc.nl
twitter.com
www.bleepingcomputer.com
www.linkedin.com
www.facebook.com
reddit.com
www.pinterest.com
plus.google.com
www.tumblr.com

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust RSA CA 2018	`2020-03-08` - `2021-04-07`	a year	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
served-by.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-15` - `2021-04-24`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2019-02-01` - `2021-02-04`	2 years	crt.sh
*.360yield.com Amazon	`2020-08-26` - `2021-09-26`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh

This page contains 34 frames:

Primary Page: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Frame ID: CF49555D7070890A84DDACE604956E48
Requests: 95 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal-v2.html
Frame ID: 93D653204765AD81716DB69F06917751
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HB41O6BH&prvid=77%2C80%2C82%2C97%2C109%2C148%2C175%2C178%2C184%2C188%2C192%2C193%2C201%2C203%2C214%2C222%2C226%2C3008&rtime=12&https=1&gdpr=1&gdprconsent=2&usp_status=0&usp_consent=1
Frame ID: 99C8C0CE3539CD370E169DD2F4DF8E00
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 4D6F7742B71C80A99D596CAC6A9B1056
Requests: 11 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: B7AD3F82DE8740B595C0E0224297EE28
Requests: 10 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: C4A2D738040FA9F089ADA114F23893F7
Requests: 10 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fsecurityaffairs.co
Frame ID: 86E9B5A7EBC3DDD5B8440CF1FC35BF65
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Frame ID: D56D92758F364B2794564F3F8A14A735
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Frame ID: 6FEA59836E5897965FA846D3433FDC5B
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1308207245843341312&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=219d021%3A1598982042171&width=500px
Frame ID: E506BF557EF2C9E89A2B651887B675A9
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-1&frame=false&hideCard=false&hideThread=false&id=1308644335307698176&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=219d021%3A1598982042171&width=500px
Frame ID: 45E10B9F30EFBF9696B555629B63DDC4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 5195FA85ACB6CD0D556F9B1751741A44
Requests: 19 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 05D24C3177C8DEDD9E99CA6F2FA8B05B
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 5995540748CCC9EB30121147ED0E6D57
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 0B7B0FE45B1D5A1D85B56D02C34A63A9
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: F87C314B3247A9245BA3AA18EC2509EE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: DF1C74AD8BC5A6010E2244A360481756
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: 2B6A2CF54D163401EC8B612E04E80E17
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200922/r20190131/zrt_lookup.html
Frame ID: 74F1F296E3F840DA11A181DCD59448E5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492133&w=300&lmt=1600958190&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&flash=0&wgl=1&dt=1600958190486&bpp=22&bdt=79&idt=90&shv=r20200922&cbv=r20190131&ptt=5&saldr=sa&correlator=2312505961911&frm=21&ife=1&pv=2&ga_vid=1499007502.1600958189&ga_sid=1600958191&ga_hid=1115260329&ga_fc=1&iag=63&icsg=170&nhd=3&dssz=6&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=3518&biw=1600&bih=1200&isw=300&ish=250&ifk=4269566075&scr_x=0&scr_y=0&eid=42530672%2C21066468&oid=3&pvsid=4467758055660252&pem=178&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.e6wohfnc4z6t&btvi=1&fsb=1&xpc=a8mT0H2alm&p=https%3A//securityaffairs.co&dtd=110
Frame ID: B351B8FB35E09CC6053A32EC33EE66BB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 93184BC6614404EB27FA3F08ACD8D714
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492132&w=320&lmt=1600958190&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&flash=0&wgl=1&dt=1600958190694&bpp=4&bdt=29&idt=93&shv=r20200922&cbv=r20190131&ptt=5&saldr=sa&correlator=2312505961911&frm=21&ife=1&pv=1&ga_vid=1499007502.1600958189&ga_sid=1600958191&ga_hid=1978272599&ga_fc=1&iag=63&icsg=170&nhd=3&dssz=6&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=3437&biw=1600&bih=1200&isw=320&ish=50&ifk=3907440428&scr_x=0&scr_y=0&eid=21067348%2C21065724&oid=3&pvsid=1080921787487671&pem=178&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.eaogul569f6m&btvi=1&fsb=1&xpc=x4UwdM8gnF&p=https%3A//securityaffairs.co&dtd=99
Frame ID: B34410B6AC75D39FA552F311A089603A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: F30CCB70D45522929820A06C4B911722
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: 840C921FB2E24C1CEFBA941651E8945B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: B67BFBC15D31F28C8DD8A61A3ED2019E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: EF7568C1E0B1ED7F652576C4062D2C15
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 5F22A80F09650351D00B7B55B3082792
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: F1D84F50B92FE44D66AF843382755A6B
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: E47E0B69AD7AC6339DD0613CDB22DECD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 44C3BC4242979489E09567EFFB551CBF
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: EB3CF7525E707BEE3195DD1E415CD158
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F6984358D6598C7DB8B99B9E5AB944AC
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 6BDD6E18B552191D2890EF5A53CACA93
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: ED7F83C69377C1178C70EB3E55A8037B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

244
Requests

98 %
HTTPS

43 %
IPv6

34
Domains

57
Subdomains

37
IPs

5
Countries

3578 kB
Transfer

6659 kB
Size

0
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cert.govt.nz/it-specialists/advisories/emotet-malware-being-spread-via-email/
Title: Computer Emergency Response Team

Search URL Search Domain Scan URL

URL: https://csirt.gov.it/contenuti/campagna-malspam-per-veicolare-emotet-a-utenti-italiani-al01-200921-csirt-ita
Title: Italy

Search URL Search Domain Scan URL

URL: https://www.ncsc.nl/actueel/nieuws/2020/september/16/toename-spam-campagnes-emotet
Title: the Netherlands

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel/status/1308207245843341312
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/emotet-malware-strikes-us-businesses-with-covid-19-spam/
Title: COVID-19 information

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-ryuks-successor/
Title: Conti (TrickBot)

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/
Title: ProLock (QBot)

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html&text=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaigns%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html&title=Microsoft,%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaigns
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 128

https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A55c4da02-fe73-11ea-843b-12c8450abec2;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022

Request Chain 164

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 205

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 222

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Request Chain 225

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=80125f6c-aeef-4800-ae18-3b47c17ee3e4

Request Chain 226

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7678209891 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7678209891 HTTP 302
https://sync.1rx.io/usersync/tradedesk/499f5536-7d51-4224-9d09-ff92ffce6cca HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003

Request Chain 227

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=1ec42f89-c30c-46b9-84c4-a8d58a62aaa0&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=SnREV203ZG9ZNDYzbXB6LUxEY2JUQQ&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MWVjNDJmODktYzMwYy00NmI5LTg0YzQtYThkNThhNjJhYWEw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm=&google_hm=MWVjNDJmODktYzMwYy00NmI5LTg0YzQtYThkNThhNjJhYWEw&google_tc= HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEszv1uSObVy3HQidC0SN-4&google_cver=1

Request Chain 229

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=97bead32-8979-43a6-aea1-f7b4f40d7aae&pubid=0b24fdfc82

Request Chain 230

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=b3dadb0e-21ed-4424-b7b9-5873f33ee088&google_hm=YjNkYWRiMGUtMjFlZC00NDI0LWI3YjktNTg3M2YzM2VlMDg4 HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESELPPiStMzF4tUb3pKljYT68&google_cver=1&ssp=sonobi&bsw_param=b3dadb0e-21ed-4424-b7b9-5873f33ee088 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088

Request Chain 231

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909

Request Chain 234

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dsonobi HTTP 302
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dsonobi HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=a61d79b8-98fa-4062-bc19-6d48572ac245&ssp=sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088

Request Chain 235

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003&rndcb=84874545 HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=b3dadb0e-21ed-4424-b7b9-5873f33ee088 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=b3dadb0e-21ed-4424-b7b9-5873f33ee088 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=c001f7d3-5ec8-4d5c-8271-e178ed4a2300&user_group=1&ssp=adconductor&bsw_param=b3dadb0e-21ed-4424-b7b9-5873f33ee088 HTTP 302
https://sync.1rx.io/usersync/bidswitch/b3dadb0e-21ed-4424-b7b9-5873f33ee088?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003

Request Chain 236

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909

Request Chain 237

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=499f5536-7d51-4224-9d09-ff92ffce6cca&pubid=0b24fdfc82

Request Chain 238

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MWVjNDJmODktYzMwYy00NmI5LTg0YzQtYThkNThhNjJhYWEw HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDqm0TPku9R0om6Y3UmEGm8&google_cver=1

Request Chain 239

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=1ec42f89-c30c-46b9-84c4-a8d58a62aaa0&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=RUtqa2hmX0pkNVdsZk1oSVlXTllEQQ&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1

Request Chain 240

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9e65f6c-aeef-4f00-ada2-c1bed1824ffd

244 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request emotet-europe-alerts.html Show response
securityaffairs.co/wordpress/108685/malware/ 82 KB
23 KB 104ms
72ms Document
text/html 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.33
Resource Hash: 22f906059a556127bca0fcc62c70f321718fa81ee1dbe602ffc8ad87bf60e7eb

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/108685/malware/emotet-europe-alerts.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=UTF-8
date: Thu, 24 Sep 2020 14:36:27 GMT
server: Apache
x-powered-by: PHP/7.2.33
vary: Accept-Encoding,Cookie
cache-control: max-age=3, must-revalidate
content-encoding: gzip

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 64 KB
64 KB 63ms
55ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 093fa1b3be5a5ed806dc8873e932ce049231b1b9bab39fb85e63ab8229d57c0b

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Tue, 01 Sep 2020 21:33:33 GMT
server: Apache
etag: "fe23-5ae47455cdf29"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 65059

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 60ms
52ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.9.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Thu, 10 Sep 2020 22:51:46 GMT
server: Apache
etag: "c25-5aefd69b3c055"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 3109

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 27 KB
27 KB 77ms
68ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.9.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Thu, 10 Sep 2020 22:51:46 GMT
server: Apache
etag: "6cdf-5aefd69b3c055"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 27871

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
5 KB 476ms
21ms Stylesheet
text/css 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=ab666092e6aa075ec4beae7c3cab6002

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
status: 200
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 83ms
75ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
etag: "4d92-52704407f72c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 19858

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 74ms
66ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
etag: "21b-526fe6d7cd700"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 539

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 85ms
77ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
etag: "1851-5270441180940"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 6225

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 78ms
71ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.13-9993131
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b834a80037718e3da7f92199034dc59611ed774af41f1e84fa1e0d97c4261192

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
etag: "2ca1-597430d7ee92b"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 11425

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 79ms
71ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "6b4-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1716

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 85ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "4574-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 17780

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 94ms
20ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
etag: "118d-526fe6e527680"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 4493

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 95ms
21ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "14e-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 334

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 100ms
21ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
etag: "1b844-526fe6d7cd700"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 112708

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 132ms
56ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.33
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 24 Sep 2020 14:36:27 GMT
server: Apache
x-powered-by: PHP/7.2.33
content-type: text/css; charset: UTF-8;charset=UTF-8

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 97ms
18ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
etag: "c5f2-526fe6d6d94c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 50674

GET
H2 200 frontend.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 23 KB
23 KB 112ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend.js?ver=1600956702
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9b5b9b8b1984a7b55656ca3d243deb436e049467353f6e61e73ac8bd0ab2a636

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Tue, 11 Aug 2020 22:25:27 GMT
server: Apache
etag: "5b01-5aca18c51f533"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 23297

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 95 KB
95 KB 103ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Tue, 21 May 2019 21:49:10 GMT
server: Apache
etag: "17a69-5896cd1a361be"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 96873

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 33 KB
33 KB 103ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.9.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: fec6411c0449c2f2b631cdb40900e968c49501f4e92e7b12e75e1e1bc6ed2813

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Thu, 10 Sep 2020 22:51:46 GMT
server: Apache
etag: "8344-5aefd69b3cff5"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 33604

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 25 KB
8 KB 80ms
25ms Script
application/javascript 2600:9000:20ae:e000:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ae:e000:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: b397f92e5f197af9b4d9ceac02bdb1e06c304fb8fc8b22ce7689eb0e837a4e78

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 03:38:49 GMT
content-encoding: gzip
age: 125858
x-cache: Hit from cloudfront
status: 200
content-length: 7377
server: nginx/1.16.1
etag: "5f4b0a17-6446"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 b3b1689b5de3293227c415784ed3c268.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: WAW50-C1
x-robots-tag: noindex, nofollow
x-amz-cf-id: u1TFRIaNqTCo9D04UouWUb1qMX-w95BsO7spEqLKmBPmJUoXemoYAg==
expires: Sat, 26 Sep 2020 03:38:49 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 98 KB
31 KB 25ms
7ms Script
text/javascript 2600:9000:2057:e800:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:e800:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ec4344adc742b2fbf294aeb340c91f1119885d17d96912e7163d2eec59a1ab69

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:30:12 GMT
content-encoding: gzip
age: 375
etag: W/"1867f-xSYf4UVSCF6CF7Uc3P7bbVwijO0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
status: 200
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: Qka3krdozpAOKthYynMUuC0-JzRaPRPtGzxuLb6D1Lu17bnS5UBfyQ==
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)

GET
H2 200 shield-antibot.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
3 KB 103ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shield-antibot.js?ver=9.2.1&mtime=1599258549
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:27 GMT
last-modified: Fri, 04 Sep 2020 22:29:09 GMT
server: Apache
etag: "c00-5ae8465bab616"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3072

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 23ms
23ms Image
image/png 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
etag: "b0e9-5270743f5f480"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 45289

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/419B) /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:28 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 20:40:54 GMT
Server: ECS (fcn/419B)
Age: 949
Etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28881

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 486 KB
153 KB 148ms
96ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9e163502e82cedeb12e1a9eb2e8f2402aaac18ef27db285f151f9121c23ef4c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h: 10-6
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "b56c6d56e8989294b680922542c0866f"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Thu, 24 Sep 2020 14:36:28 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-10
expires: Thu, 24 Sep 2020 15:36:28 GMT

GET
H/1.1 200
OK headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 9 KB
10 KB 274ms
91ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 6083ab99860d08b524463c0a71edb943916013b9dfb088c99afcdd92131cf8fe

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:29 GMT
Last-Modified: Tue, 15 Sep 2020 19:50:17 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f611af9-257e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 9598
Expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 48ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Thu, 24 Sep 2020 14:36:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 49ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Thu, 24 Sep 2020 14:36:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "93b18115ddb7cc81"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 49ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Thu, 24 Sep 2020 14:36:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "c9a9d33942c7897d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 reddit.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 49ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Thu, 24 Sep 2020 14:36:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:18:21 GMT
server: nginx
etag: "6a02164672eeeebc"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png>; rel="canonical"
content-length: 1566
expires: Sat, 11 Jun 2022 08:18:21 GMT

GET
H2 200 pinterest.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
2 KB 50ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

3afe47d0fe0b16bc5bddecdc9bcaca94ed420b8fd0ddee2ae77364403c794bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 2
date: Thu, 24 Sep 2020 14:36:28 GMT
x-content-type-options: nosniff
x-bytes-saved: 1227
last-modified: Mon, 04 Feb 2019 06:29:18 GMT
server: nginx
etag: "9a8b1a5335d6cfb5"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png>; rel="canonical"
content-length: 1502
expires: Wed, 03 Feb 2021 18:29:18 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 9ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be9eae694a2f542e08b09ce5dc661ff0fd7c6593b2bd415eec46b2f84b4b02ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: R4ZG3JvilDYmiN+Wk6GjBg==
status: 200
cross-origin-resource-policy: cross-origin
expires: Thu, 24 Sep 2020 14:36:42 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
etag: "7d48d4f3bb825deda7ece68d1b2e8a1f"
x-fb-debug: cdrhZT6NGp88JylBQGJI15H2z8XYBOF4g9fZAhMLZfj3XRJ2GC0sWWBApmeqTJGeOlWE4undIeNsEnQtxKY7zg==
x-fb-trip-id: 664085054
x-fb-content-md5: 66e43ec021463c8af529d784059b2815
date: Thu, 24 Sep 2020 14:36:28 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 167
date: Thu, 24 Sep 2020 14:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 24 Sep 2020 16:33:41 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 27 KB
28 KB 22ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: ee657fa9cbe48aeeda44b31ed4ae2ca1d021a82e301e36a456eafb7c8dda7fb7

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Tue, 11 Aug 2020 22:24:47 GMT
server: Apache
etag: "6d6a-5aca189f1cc8c"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 28010

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
etag: "231d-5a22e608152f1"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8989

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 ZeroLogon-flaw.png
securityaffairs.co/wordpress/wp-content/uploads/2020/09/ 168 KB
168 KB 20ms
20ms Image
image/png 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2020/09/ZeroLogon-flaw.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 576b217bbe84b6b64d0779553b53c7370a3cb667cb47d59bb35df28170919040

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Mon, 14 Sep 2020 11:26:38 GMT
server: Apache
etag: "29fe0-5af444ed06691"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 172000

GET
H2 200 data-leak-US-Government.jpg
securityaffairs.co/wordpress/wp-content/uploads/2019/10/ 47 KB
47 KB 18ms
17ms Image
image/jpeg 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2019/10/data-leak-US-Government.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 907a82c1e3c68d9cfea54a838b9ced9079ea1b886c073ece0f497f642f301b8f

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Tue, 22 Oct 2019 19:36:39 GMT
server: Apache
etag: "bae3-59584eb50e43b"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 47843

GET
H2 200 data-leak-US-Government.jpg
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/10/ 4 KB
4 KB 21ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/10/data-leak-US-Government.jpg?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

f9a8b6486b932f30659598dbdff8ddb4069135999d1d720c73ff7f84cd3e2dad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Thu, 24 Sep 2020 14:36:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 07:02:58 GMT
server: nginx
etag: "2902313fd8a59587"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2019/10/data-leak-US-Government.jpg>; rel="canonical"
content-length: 3734
expires: Sat, 24 Sep 2022 19:02:58 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 122 KB
122 KB 19ms
19ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Sep 2020 22:37:21 GMT
server: Apache
etag: "1e76e-5af75e92c24d8"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 124782

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 17ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Sep 2020 22:37:14 GMT
server: Apache
etag: "6e0-5af75e8bea561"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1760

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 17ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 23 Sep 2020 23:15:50 GMT
server: Apache
etag: "16d-5b00343b4dda4"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 365

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 18ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Sep 2020 22:37:21 GMT
server: Apache
etag: "792-5af75e92c8298"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1938

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "3db-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 987

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "1113-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 4371

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "1fa1-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8097

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 23ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
etag: "a36-526fe6e33f200"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 2614

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 20ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
etag: "53ae-5270441274b80"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 21422

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
etag: "1f6c-526fe6e527680"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8044

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
etag: "11571-5270441645480"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 71025

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "2a67-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 10855

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 17ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "c18-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3096

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "3225-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 12837

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
etag: "31d4-526fe6e33f200"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 12756

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=ab666092e6aa075ec4beae7c3cab6002
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "c8e-5826f6315ef61"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3214

GET
H2 200 e-202039.js Show response
stats.wp.com/ 9 KB
3 KB 47ms
14ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202039.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 19 Sep 2021 23:22:39 GMT

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
379 B 555ms
507ms Script
text/javascript 2600:9000:20ae:7200:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ae:7200:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
via: 1.1 5f0256b858eb482d76fb1e14a1b7a667.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: WAW50-C1
etag: "e6e1643313740711175f51662a65b42f"
x-cache: RefreshHit from cloudfront
content-type: text/javascript
status: 200
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: PE_BOtXrLz8TSCivWU3e5BqlSsqwVL2Y_EuIgPmcuT9z0Q32ZJ1Esw==

GET
H2 200 analytics.js Show response
google-analytics.com/ 45 KB
19 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 199
date: Thu, 24 Sep 2020 14:33:09 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 24 Sep 2020 16:33:09 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 19ms
19ms Font
application/font-woff 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:28 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
etag: "ad90-526fe6dc92240"
content-type: application/font-woff
status: 200
accept-ranges: bytes
content-length: 44432

GET
H2 200 portal-v2.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 93D6 0
0 25ms
6ms Document
text/html 2600:9000:2057:c400:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:c400:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /v1.0/cmp/portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-encoding: gzip
last-modified: Wed, 26 Aug 2020 05:25:30 GMT
date: Thu, 24 Sep 2020 14:13:03 GMT
cache-control: max-age=3600, public
etag: W/"83a-174293a7110"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: MfLwUEuSlHCD1M-xTue1nfGXwC6KaV8fa0igz0FcwolbQHb7VR58fQ==
age: 1405

GET
H2 200 Emotet-italy.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/09/ 9 KB
9 KB 16ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/09/Emotet-italy.png?w=747&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

f4906a5a6ea68dea07e2e62a8b5b1bf84742e182a65565abc848197217deaead

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Thu, 24 Sep 2020 14:36:29 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 07:02:58 GMT
server: nginx
etag: "e9b0af81c5a76ddc"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/09/Emotet-italy.png>; rel="canonical"
content-length: 9108
expires: Sat, 24 Sep 2022 19:02:58 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 24ms
9ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 1
date: Thu, 24 Sep 2020 14:36:29 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Thu, 24 Sep 2020 14:41:29 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=3a662a765315145dd5a24ad0c6bde4d6&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2f12258640d2af6abdfd7fd917e2bb0045dca5582ed6e88a891107dd9a12e966

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: PV/X1Xb3oDFQ0vmVdT3SrA==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 62343
etag: "aeacb958e61e137cc0e410734955124d"
x-fb-debug: Nkofq3feGc8hBy62yXQceidGpFFAWGAwD2goPDVu+2iSKfTfeywlz5+LXDFzN08Pgq537D35GbP4iq2tZefFXQ==
x-fb-trip-id: 664085054
x-fb-content-md5: 6eca0c3b70374915d64fbb46143424d6
x-frame-options: DENY
date: Thu, 24 Sep 2020 14:36:29 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Fri, 24 Sep 2021 13:05:33 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
124 B 13ms
13ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=584636494&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&ul=en-us&de=UTF-8&dt=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaignsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1165120874&gjid=138215391&cid=1499007502.1600958189&tid=UA-59069958-1&_gid=1553022344.1600958189&_r=1&_slc=1&z=185152966

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
210 B 6ms
6ms Image
image/gif 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=584636494&t=pageview&_s=2&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&ul=en-us&de=UTF-8&dt=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaignsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=&gjid=&cid=1499007502.1600958189&tid=UA-59069958-1&_gid=1553022344.1600958189&z=336538716

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 23 Sep 2020 19:27:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68952
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 99C8 0
0 100ms
99ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HB41O6BH&prvid=77%2C80%2C82%2C97%2C109%2C148%2C175%2C178%2C184%2C188%2C192%2C193%2C201%2C203%2C214%2C222%2C226%2C3008&rtime=12&https=1&gdpr=1&gdprconsent=2&usp_status=0&usp_consent=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HB41O6BH&prvid=77%2C80%2C82%2C97%2C109%2C148%2C175%2C178%2C184%2C188%2C192%2C193%2C201%2C203%2C214%2C222%2C226%2C3008&rtime=12&https=1&gdpr=1&gdprconsent=2&usp_status=0&usp_consent=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Sun, 28 Mar 2021 14:36:29 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2439597892243584000V10; Expires=Fri, 24 Sep 2021 14:36:29 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=28467
expires: Thu, 24 Sep 2020 22:30:56 GMT
date: Thu, 24 Sep 2020 14:36:29 GMT
content-length: 6816

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 4D6F 52 KB
17 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bbd38bcab362fe6b30fe76ccb24266b59335c401c8a432f7b71b0189c49d217

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "642 / 294 of 1000 / last-modified: 1600945960"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17601
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 84 KB
25 KB 634ms
634ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=762221962&size=300x250&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&nse=0&vi=1600958188259766993&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9265bf969f057d9897e30caf40e8f7f5ada20d7c41b206fe72f0f3095bff79fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Thu, 24 Sep 2020 14:36:29 GMT
x-mnt-w: 8-4, 8-21
content-length: 25257
expires: Thu, 24 Sep 2020 14:41:29 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame B7AD 52 KB
17 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b846e3256bfb4b9904c071001321ec879ee871621dea0343f6ee87003df8374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "642 / 563 of 1000 / last-modified: 1600945841"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17783
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
24 KB 639ms
639ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&nse=0&vi=1600958188174706648&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

061fb6b101f6cb81e50049afd09b45c6d007c8efc19c04c17080519ec0c949e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Thu, 24 Sep 2020 14:36:29 GMT
x-mnt-w: 8-21, 8-21
content-length: 24694
expires: Thu, 24 Sep 2020 14:41:29 GMT

GET
H2 200 rtbsmpubs.php Show response
contextual.media.net/ 7 KB
1 KB 253ms
252ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HB41O6BH&region=nv&ptrid=8PREB0781&requestString=555212031*4%7C300x600%7C8CU5BD6EW%7C639665355%7C%40555212031*97%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C%40555212031*175%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C%40555212031*178%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C%40555212031*201%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C%40555212031*203%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C%40555212031*214%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C%40555212031*222%7C300x600%7C8CU5BD6EW%7C639665355_8CU5BD6EW%7C&crid=555212031&sd=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&bl=1&rt=5&dn=https://securityaffairs.co&https=1&act=headerBid&prvReqId=118667652053835521600958189233&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.27258480427553655&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A4531%7D&itype=HB-CM&cc=NL&ct=AMSTERDAM&bt=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

569401433c4890b8a3030abf143df07686cc42655cb23c298eb41a1a9384a443

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Thu, 24 Sep 2020 14:36:29 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 1272
x-mnet-hl2: E
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 rtbsmpubs.php Show response
contextual.media.net/ 1 KB
852 B 390ms
389ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/rtbsmpubs.php?&gdpr=1&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HB41O6BH&region=nv&ptrid=8PREB0781&requestString=555212031*3008%7C1x1__1%7C8CU5BD6EW%7C639665355%7C&crid=555212031&sd=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&bl=1&rt=5&dn=https://securityaffairs.co&https=1&act=headerBid&prvReqId=363410858255230711600958189238&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.21477342445686354&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A4531%7D&itype=HB-CM&cc=NL&ct=AMSTERDAM&at=3&bt=1&callback=window.hbCMBidxc.rtbsnativeheaderBid3S0

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

417d15857e57eee2ce57b556139e557387cd712f128c327b0d1f0741b6919774

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Thu, 24 Sep 2020 14:36:29 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 642
x-mnet-hl2: E
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C4A2 52 KB
17 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b846e3256bfb4b9904c071001321ec879ee871621dea0343f6ee87003df8374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "642 / 647 of 1000 / last-modified: 1600945841"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17783
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 58ms
55ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=762221962&vi=1600958188259766993&ugd=4&lf=6&cc=NL&wsip=2886781041&r=1600958189166&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001600958189161031177223683247&gdpr=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:29 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 46ms
43ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1600958188174706648&ugd=4&lf=6&cc=NL&wsip=2886781041&r=1600958189217&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001600958189215031177223687920&gdpr=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:29 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 56ms
54ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=639665355&vi=1600958188141481019&ugd=4&lf=6&cc=NL&wsip=2886781041&r=1600958189226&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001600958189225031177223684862&gdpr=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:29 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 17ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 6
date: Thu, 24 Sep 2020 14:36:29 GMT
x-content-type-options: nosniff
x-bytes-saved: 46713
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "012d3c7ccbeb8560"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 22ms
21ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 7
date: Thu, 24 Sep 2020 14:36:29 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
content-length: 10314
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 7ms
6ms Image
image/gif 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=584636494&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&ul=en-us&de=UTF-8&dt=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaignsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=1499007502.1600958189&tid=UA-59069958-1&_gid=1553022344.1600958189&z=598295894

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 23 Sep 2020 19:27:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68952
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 8ms
7ms Image
image/gif 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=584636494&t=pageview&_s=2&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&ul=en-us&de=UTF-8&dt=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaignsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=1499007502.1600958189&tid=UA-59069958-1&_gid=1553022344.1600958189&z=1449863103

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 23 Sep 2020 19:27:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68952
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame 86E9 0
0 8ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fsecurityaffairs.co
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4187) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 750976
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 24 Sep 2020 14:36:29 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Tue, 01 Sep 2020 17:58:17 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4187)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 94ms
22ms XHR
text/plain 3.127.132.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&fpc=6f69f6a-174c08b4d3a-6e3ec77-1&sessionID=1600958188858.22469&hostname=securityaffairs.co&location=%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&product=simpleshare&fcmp=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&title=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaignsSecurity%20Affairs&sop=false&description=Experts%20worldwide%20warn%20about%20a%20surge%20in%20the%20Emotet%20activity%2C%20this%20time%20the%20alerts%20are%20from%20Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies.%20Two%20weeks%20ago%2C%20cybersecurity%20agencies%20across%20Asia%20and%20Europe%20warned%20of%20Emotet%20spam%20campaigns%20targeting%20businesses%20in%20France%2C%20Japan%2C%20and%20New%20Zealand.%20The%20French%20national%20cyber-security%20agency%20published%20an%20alert%20to%20warn%20of%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.132.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-132-197.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:29 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 16ms
14ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.9.1&blog=29506073&post=108685&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=1218&rand=0.44606700111881703
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Thu, 24 Sep 2020 14:36:29 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame D56D 6 KB
7 KB 141ms
131ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 587e9afa3875d2ba7d763e56c960c5ebd7523ec8d13e0f13dd94266571bdda17

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:29 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 6FEA 6 KB
7 KB 285ms
123ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: a46e38f2813c308d41ae008b8320a4377779d23aa3e5bb587fdf7a671b513480

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:29 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 pubads_impl_2020092201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4D6F 264 KB
93 KB 102ms
50ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

5e1390f7c515a04fbd18d7c3e864de65e7fc473f8a2e5134f74a79e122911dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Sep 2020 08:40:46 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94816
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 pubads_impl_2020091601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B7AD 263 KB
93 KB 72ms
31ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Sep 2020 08:40:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94378
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 pubads_impl_2020091601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C4A2 263 KB
92 KB 84ms
62ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Sep 2020 08:40:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94378
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H/1.1 200
OK horizon_tweet.890a062bcacdb49527deac08bf9879da.js Show response
platform.twitter.com/js/ 6 KB
3 KB 9ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.890a062bcacdb49527deac08bf9879da.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40F9) /
Resource Hash: 23b775e4e3b5b93742dad8a1bbfacb2ffc3271a15dbfc6d3ded21d713f2c3489

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:08 GMT
Server: ECS (fcn/40F9)
Age: 750976
Etag: "8069bf9882ddc98f8144708faf345f30+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2197

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 28ms
24ms Image
text/plain 3.127.132.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&fpc=6f69f6a-174c08b4d3a-6e3ec77-1&sessionID=1600958188858.22469&hostname=securityaffairs.co&location=%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&product=simpleshare&fcmp=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&title=Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies%20warn%20of%20EMOTET%20campaignsSecurity%20Affairs&sop=false&description=Experts%20worldwide%20warn%20about%20a%20surge%20in%20the%20Emotet%20activity%2C%20this%20time%20the%20alerts%20are%20from%20Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies.%20Two%20weeks%20ago%2C%20cybersecurity%20agencies%20across%20Asia%20and%20Europe%20warned%20of%20Emotet%20spam%20campaigns%20targeting%20businesses%20in%20France%2C%20Japan%2C%20and%20New%20Zealand.%20The%20French%20national%20cyber-security%20agency%20published%20an%20alert%20to%20warn%20of%20%5B%E2%80%A6%5D&description=Experts%20worldwide%20warn%20about%20a%20surge%20in%20the%20Emotet%20activity%2C%20this%20time%20the%20alerts%20are%20from%20Microsoft%2C%20Italy%20and%20the%20Netherlands%20agencies.%20Two%20weeks%20ago%2C%20cybersecurity%20agencies%20across%20Asia%20and%20Europe%20warned%20of%20Emotet%20spam%20campaigns%20targeting%20businesses%20in%20France%2C%20Japan%2C%20and%20New%20Zealand.%20The%20French%20national%20cyber-security%20agency%20published%20an%20alert%20to%20warn%20of%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.132.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-132-197.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:29 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 log
hblg.media.net/ 35 B
194 B 83ms
26ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=prlog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=4884&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&pvid=4&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=31&pcId=0000EEA&pseat=&bdp=0.09&cbdp=0.09&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.09&nms=1&di=&dt=O&epc=639665355&ogbdp=0.09&s=2&snm=nobid&dbf=1&bdata=sd2%3Dnull%7C%7Cbb%3D100%7C%7Cvv%3D0%7C%7Cerpm%3D0.09%7C%7Cogerpm%3D0.09%7C%7Csid%3D639665355%7C%7Csd%3D1%7C%7Cuid%3Dl0JggmO60EUECAI7m%7C%7Cdc2%3D1%7C%7Cbtd%3D168749648060760625029724425757007872%7C%7Cbat%3D0%2C0%2C0%7C%7Cscd%3Dnh%7C%7Cuim%3D0%7C%7Css%3D1600x1200%7C%7Cuiw%3D-1%7C%7Clast%3D0%7C%7CCI%3D2139%7C%7Cip%3D3oZE1J%7C%7Cfbb%3D0%7C%7Ctb%3D-1%7C%7Cct%3Damsterdam%7C%7Crc%3D1%7C%7Cbasis2%3D196%7C%7Curl_b%3D0.09%7C%7Cbasis1%3D196%7C%7CisRef%3D0%7C%7Clc%3D2%7C%7Curl_tvi%3D0%7C%7Curl_l%3D10%7C%7Cbid%3D%25%25ERPM_OR_OGBDP%25%25%7C%7Cdc%3D7%7C%7Cgcat%3D-1%7C%7Cogbid%3D%25%25ORIGINAL_CPM%25%25%7C%7Ccbdp%3D%25%25CBDP%25%25%7C%7Cbflag%3D%25%25ERPM_FLAG%25%25%7C%7Csobp%3D%25%25SC_ORIGINAL_CPM%25%25%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cibc%3D1%7C%7Cddt%3D-1%7C%7Cnsz%3D1%7C%7Ctgs%3D300x600%7C%7Cbsb%3D0%7C%7Cbsp%3D0&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=49&ba=3&ybnca_gbid=&ybnca_erpm=0.09&ybnca_vbid=0.09&yogbdp=&yErpmFlag=1&smsrc=1&strg=&ybnca_bbid=-1.0&prvReqId=38890938334414191_1285486257_555212031141&dStat=&ogbid=0.28&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=25&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=286&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=300x600&mx_nsz=1&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=1&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&pvid=97&prvAccId=NL&prvApiId=8CU5BD6EW&exid=9&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=ssProfile%3D0%7Cebc%3D1%7Csfl%3Dfalse%7Cebv%3D1%7CssBucket%3D0%7Cmd_rq%3D1%7Cbfl%3D-100%7Cfl_rl%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=1&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=293&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=0&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&pvid=175&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=64&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cfl_rl%3D1%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=69&ba=0&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=296&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=0&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 83ms
27ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=prlog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=4884&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&pvid=178&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=65&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cbrm%3D1%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=0&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=299&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=0&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mx_sent_seats%3C%3E=&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&pvid=201&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=78&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=3&ba=0&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=38890938334414191_1285486257_5552120312011&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=108&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=305&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=1&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mx_sent_seats%3C%3E=&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&pvid=203&prvAccId=&prvApiId=8CU5BD6EW&exid=43&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7Cebv%3D1%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=3&ba=0&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=38890938334414191_1285486257_5552120312031&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=25&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=307&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_sent_seats%3C%3E=165%23%2344%23%23354%23%2316%23%2380%23%23250%23%2374&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=1&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&pvid=214&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=84&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=0&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=309&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=0&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mx_sent_seats%3C%3E=&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H/1.1 200
OK index.html
platform.twitter.com/embed/ Frame E506 0
0 21ms
19ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1308207245843341312&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=219d021%3A1598982042171&width=500px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40FC) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 975
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 24 Sep 2020 14:36:29 GMT
Etag: "462a23b15781d788fb9d65f4cb1fe44d"
Last-Modified: Wed, 09 Sep 2020 20:24:51 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40FC)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 577

GET
H/1.1 200
OK index.html
platform.twitter.com/embed/ Frame 45E1 0
0 20ms
8ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-1&frame=false&hideCard=false&hideThread=false&id=1308644335307698176&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&siteScreenName=securityaffairs&theme=light&widgetsVersion=219d021%3A1598982042171&width=500px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40D0) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 636
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 24 Sep 2020 14:36:29 GMT
Etag: "462a23b15781d788fb9d65f4cb1fe44d"
Last-Modified: Wed, 09 Sep 2020 20:24:51 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40D0)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 577

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 5195 28 KB
28 KB 172ms
137ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24b5b710e6775ec2974c8b28d69d4344c6384734de05cec54dcee8741edf8c61

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 14 Sep 2020 15:51:58 GMT
server: cloudflare
etag: "5f5f919e-6fa1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
status: 200
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5d7d3ced6bec2b1a-FRA
content-length: 28577
cf-request-id: 056224686100002b1a36a1a200000001
expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 auc.js Show response
cdn.pixfuture.com/ Frame 5195 298 KB
299 KB 168ms
132ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/auc.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ef666022c3b2e7ce78c9a82d0629305bf3812f8d787cb957f218159637ee7d4

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 19 Aug 2020 13:43:38 GMT
server: cloudflare
etag: "5f3d2c8a-4a928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
status: 200
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5d7d3ced6bee2b1a-FRA
content-length: 305448
cf-request-id: 056224686200002b1a36a1b200000001
expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame B7AD 109 B
168 B 15ms
14ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame B7AD 109 B
168 B 16ms
15ms Script
application/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B7AD 48 KB
12 KB 487ms
458ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=265022136779784&correlator=1094851388422004&output=ldjh&impl=fif&eid=21065516%2C21067201%2C21066706&vrg=2020091601&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200924&iu_parts=45361917%2C8CU5BD6EW-184323154-Single_post_ads&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=crid%3D184323154%26mnet_variant%3D98%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DNL%26mnet_bucketid%3Da2%26mnet_dfp_ol%3D1%26PubMaticSS%3D1610%26RubiconSS%3D2209%26mnet_pid%3D8PRHGG6T9%26fp%3Dqcqq&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1600958189705&dlt=1600958189219&idt=424&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=980&adys=413&adks=4133934225&ucis=u0an3l8p7l9v&ifi=1&ifk=4269566075&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1499007502.1600958189&ga_sid=1600958190&ga_hid=558603177&ga_fc=true&fws=256&ohw=0&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

d5d95b07869d9c969e3ebaf863e29c2b7a4a7f92c223c66b57cecfacebfb0001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11428
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
f2ace2b5415b91d1381f7bd495477a8e.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame B7AD 0
0 73ms
39ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://f2ace2b5415b91d1381f7bd495477a8e.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame B7AD 0
0 6ms
5ms Other
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 102 KB
27 KB 701ms
701ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=639665355&size=300x600&cc=NL&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&nse=0&vi=1600958188141481019&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b060ff595bbf90873533d920c62521c2ac28f11b029b4afa6389c7aefc913691

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-7
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Thu, 24 Sep 2020 14:36:30 GMT
x-mnt-w: 8-18, 8-19
content-length: 26914
expires: Thu, 24 Sep 2020 14:41:30 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 29ms
27ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=aplog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=4912&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=0&prvAccId=&prvApiId=&exid=&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0&cbdp=0&dcbdp=0&ckfl=&cs=&mnet_ckfl=&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=&dfpBd=0&nms=1&di=&dt=&epc=&ogbdp=0&s=1&snm=success&dbf=1&bdata=&cmpid=&bId=&pcrid=&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0&exp=&bfs=0&seat=&nbr=&ba=1&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=&rtbsv2=&apid=&wsip=&ltime=&abs=&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint=&pc=&spSource=0&spIvt=0&spId=&spFst=0&spIsReq=0&spTo=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=%7C&pvNbr=&pvNbrDtls=&lper=1&patint%3C%3E=&mx_SD=&mx_PC=&mx_SPRIG=&mx_UCC=&mx_GCID=&mx_IAB2=&mx_vsGap=&mx_dgf=&mx_bsBucket=&mx_ssProfile=&mx_BCE=&mx_lr=&mx_BCI=&mx_uid_sent=&mx_SC=&mx_BCT=&mx_BCW=&mx_bsProfile=&mx_ssBucket=&mx_TAF=&mx_supply_path=&mx_sbp=&mx_aqcpl_crid=&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=&pvid=4&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=31&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&bdp=0.09&cbdp=0.09&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.09&nms=1&di=&dt=O&epc=639665355&ogbdp=0.09&s=2&snm=nobid&dbf=1&bdata=sd2%3Dnull%7C%7Cbb%3D100%7C%7Cvv%3D0%7C%7Cerpm%3D0.09%7C%7Cogerpm%3D0.09%7C%7Csid%3D639665355%7C%7Csd%3D1%7C%7Cuid%3Dl0JggmO60EUECAI7m%7C%7Cdc2%3D1%7C%7Cbtd%3D168749648060760625029724425757007872%7C%7Cbat%3D0%2C0%2C0%7C%7Cscd%3Dnh%7C%7Cuim%3D0%7C%7Css%3D1600x1200%7C%7Cuiw%3D-1%7C%7Clast%3D0%7C%7CCI%3D2139%7C%7Cip%3D3oZE1J%7C%7Cfbb%3D0%7C%7Ctb%3D-1%7C%7Cct%3Damsterdam%7C%7Crc%3D1%7C%7Cbasis2%3D196%7C%7Curl_b%3D0.09%7C%7Cbasis1%3D196%7C%7CisRef%3D0%7C%7Clc%3D2%7C%7Curl_tvi%3D0%7C%7Curl_l%3D10%7C%7Cbid%3D%25%25ERPM_OR_OGBDP%25%25%7C%7Cdc%3D7%7C%7Cgcat%3D-1%7C%7Cogbid%3D%25%25ORIGINAL_CPM%25%25%7C%7Ccbdp%3D%25%25CBDP%25%25%7C%7Cbflag%3D%25%25ERPM_FLAG%25%25%7C%7Csobp%3D%25%25SC_ORIGINAL_CPM%25%25%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cibc%3D1%7C%7Cddt%3D-1%7C%7Cnsz%3D1%7C%7Ctgs%3D300x600%7C%7Cbsb%3D0%7C%7Cbsp%3D0&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=49&ba=210&ybnca_gbid=&ybnca_erpm=0.09&ybnca_vbid=0.09&yogbdp=&yErpmFlag=1&smsrc=1&strg=&ybnca_bbid=-1.0&prvReqId=38890938334414191_1285486257_555212031141&dStat=&ogbid=0.28&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=25&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=286&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=300x600&mx_nsz=1&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=1&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=454&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&patint=&pvid=97&prvAccId=NL&prvApiId=8CU5BD6EW&exid=9&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=ssProfile%3D0%7Cebc%3D1%7Csfl%3Dfalse%7Cebv%3D1%7CssBucket%3D0%7Cmd_rq%3D1%7Cbfl%3D-100%7Cfl_rl%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=206&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=293&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&patint=&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 29ms
27ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=aplog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=4912&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=175&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=64&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cfl_rl%3D1%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=69&ba=207&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=296&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&pvid=178&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=65&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cbrm%3D1%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=208&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=299&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&pvid=201&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=78&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=3&ba=203&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=38890938334414191_1285486257_5552120312011&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=108&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=305&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=1&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 33ms
32ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=aplog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=4912&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=203&prvAccId=&prvApiId=8CU5BD6EW&exid=43&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7Cebv%3D1%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=3&ba=203&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=38890938334414191_1285486257_5552120312031&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=25&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=307&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_sent_seats%3C%3E=165%23%2344%23%23354%23%2316%23%2380%23%23250%23%2374&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=1&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&pvid=214&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=84&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=204&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=309&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&mx_sent_seats%3C%3E=&pvid=222&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=87&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=202&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=312&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&mx_sent_seats%3C%3E=&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:29 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4D6F 109 B
126 B 40ms
22ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4D6F 109 B
868 B 39ms
22ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4D6F 47 KB
11 KB 1088ms
1084ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1173236321000016&correlator=307535121455697&output=ldjh&impl=fif&eid=21066465%2C21067535%2C21067200%2C44725624&vrg=2020092201&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200924&iu_parts=45361917%2C8CU5BD6EW-762221962-300x250_inside_post&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=crid%3D762221962%26mnet_variant%3D98%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DNL%26mnet_bucketid%3Da1%26mnet_dfp_ol%3D1%26PubMaticSS%3D1610%26RubiconSS%3D2209%26mnet_pid%3D8PRHGG6T9%26fp%3Dqcqq&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1600958189789&dlt=1600958189208&idt=562&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=476&adys=2846&adks=3236558092&ucis=1ta7t6c2fv8o&ifi=1&ifk=4269566075&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1499007502.1600958189&ga_sid=1600958190&ga_hid=773617876&ga_fc=true&fws=256&ohw=0&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

71a7990ac054bafa3230fd3632d091434f4b97fce7e3af09b9248c5dfb4b5b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11175
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
48f11e65a3524dbf8c2117b21085bbf8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 4D6F 0
0 55ms
38ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://48f11e65a3524dbf8c2117b21085bbf8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 4D6F 0
0 30ms
12ms Other
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame C4A2 109 B
126 B 17ms
16ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame C4A2 109 B
126 B 16ms
15ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame C4A2 97 KB
20 KB 437ms
437ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1503750058275153&correlator=3017762592726081&output=ldjh&impl=fif&eid=21067524&vrg=2020091601&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200924&iu_parts=45361917%2C8CU5BD6EW-639665355-Skyscraper_post_yahoo_300_x_600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&prev_scp=crid%3D639665355%26mnet_segment%3D0.00%26mnet_variant%3D50%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DNL%26mnet_bucketid%3Db3%26PubMaticSS%3D1610%26RubiconSS%3D2209%26mnet_pid%3D8PRHGG6T9%26fp%3Dqcqq&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1600958189811&dlt=1600958189241&idt=563&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=600&oid=3&adxs=980&adys=1520&adks=2499085226&ucis=i793e8nwtctf&ifi=1&ifk=4269579155&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x600&msz=300x600&ga_vid=1499007502.1600958189&ga_sid=1600958190&ga_hid=289516990&ga_fc=true&fws=256&ohw=0&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

75aa33437c8d3ba9de5af7d78ec1db8b87ab3c6e427c65604a2d84e282dbeb75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20841
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
701aeca85d94e07994da0ca38d3797ce.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame C4A2 0
0 54ms
39ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://701aeca85d94e07994da0ca38d3797ce.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame C4A2 0
0 11ms
10ms Other
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 5195 87 KB
88 KB 127ms
126ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
status: 200
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5d7d3cee7f6a2b1a-FRA
content-length: 89476
cf-request-id: 056224690a00002b1a36a2b200000001
expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 05D2 28 KB
28 KB 131ms
130ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24b5b710e6775ec2974c8b28d69d4344c6384734de05cec54dcee8741edf8c61

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 14 Sep 2020 15:51:58 GMT
server: cloudflare
etag: "5f5f919e-6fa1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
status: 200
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5d7d3cee8fa02b1a-FRA
content-length: 28577
cf-request-id: 056224691200002b1a36a2e200000001
expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 auc.js Show response
cdn.pixfuture.com/ Frame 05D2 298 KB
299 KB 134ms
133ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/auc.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=microsoft,italy,netherlands,agencies,warn,emotet,campaignssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ef666022c3b2e7ce78c9a82d0629305bf3812f8d787cb957f218159637ee7d4

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 19 Aug 2020 13:43:38 GMT
server: cloudflare
etag: "5f3d2c8a-4a928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
status: 200
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5d7d3cee8f9f2b1a-FRA
content-length: 305448
cf-request-id: 056224691200002b1a36a2d200000001
expires: Sat, 26 Sep 2020 14:36:29 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 5195 173 B
561 B 119ms
71ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=7c9e6bcf-d144-47bf-96c7-79bad50c8880&nocache=1600958189878&gdpr=0&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divIds=24272x320x50x4142x_ADSLOT1&auid=540580841&tps=bXlrZXl3b3JkPW1pY3Jvc29mdCxpdGFseSxuZXRoZXJsYW5kcyxhZ2VuY2llcyx3YXJuLGVtb3RldCxjYW1wYWlnbnNzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPW1pY3Jvc29mdCxpdGFseSxuZXRoZXJsYW5kcyxhZ2VuY2llcyx3YXJuLGVtb3RldCxjYW1wYWlnbnNzZWN1cml0eSxhZmZhaXJz
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.193.0 /
Resource Hash: fcc08b5478cae22197e8925b8bc4e97a4f3da913291f965fa8a9648d1053ef75

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
content-encoding: gzip
server: OXGW/16.193.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 5195 1 KB
2 KB 112ms
60ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%224327d6239b2e8b%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.1%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&s=d047b629-27af-4497-9ba9-175a86437b6d&pv=c1eba4ae-1a26-4a3c-a5e4-3894229c000c&vp=mobile&lib_name=prebid&lib_v=3.21.0&us=0&ius=1&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=microsoft%2Citaly%2Cnetherlands%2Cagencies%2Cwarn%2Cemotet%2Ccampaignssecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

6f3af67a7881551afc4bfb5872410212aeb48c17feb64381c4a53c3799e9e87a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:29 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 594
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 hb Show response
ice.360yield.com/ Frame 5195 94 B
310 B 68ms
24ms XHR
application/json 18.194.102.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2215f1aaa3308310d%22%2C%22version%22%3A%227.0.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226c48212843374d%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22pid%22%3A22292114%2C%22tid%22%3A%227c9e6bcf-d144-47bf-96c7-79bad50c8880%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.102.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-102-50.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ebaf6e34e5df3164e4e9d20a72144eb0940ef03daae9896b84202edae698f736

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Thu, 24 Sep 2020 14:36:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co
content-type: application/json; charset=UTF-8
content-length: 94
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 5195 19 B
715 B 66ms
16ms XHR
application/json 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.88 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:29 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 726.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.79:80
AN-X-Request-Uuid: c870dd20-8253-446c-8485-d3ef5d0e40b9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 2 Show response
prebid.mgid.com/prebid/ Frame 5195 0
657 B 112ms
67ms XHR
text/plain 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.mgid.com/prebid/2
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:29 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 59f09abf-3717-4813-b3f4-0005462edf66
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 204
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://securityaffairs.co
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 5d7d3cef2ce91e7d-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 056224697500001e7d76146200000001
server: cloudflare

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 5195 0
117 B 49ms
17ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 24 Sep 2020 14:36:29 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame 5195 0
372 B 757ms
563ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
server: envoy
status: 204
cwdl: 22/4212
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 468
cw-server: bid-deployment-8694d784f8-gzv4j

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 05D2 87 KB
88 KB 125ms
124ms Script
application/javascript 2606:4700:20::ac43:4671
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4671 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
status: 200
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5d7d3cef5a3b2b1a-FRA
content-length: 89476
cf-request-id: 056224699b00002b1a36a32200000001
expires: Sat, 26 Sep 2020 14:36:30 GMT

GET
H2

200

ADTECH;apid=1A55c4da02-fe73-11ea-843b-12c8450abec2;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ Frame 05D2
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022;
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A55c4da02-fe73-11ea-843b-12c8450abec2;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=16009...

47 B
104 B

123ms
119ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A55c4da02-fe73-11ea-843b-12c8450abec2;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 571002e2b1e2689769278aecc402835073ae0647fc5e67aa53b4388636c06f7d

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://securityaffairs.co
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 47
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A55c4da02-fe73-11ea-843b-12c8450abec2;cfp=1;rndc=1600958189;v=2;cmd=bid;cors=yes;alias=175dfabec57d618;misc=1600958190022
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://securityaffairs.co
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 05D2 1 KB
2 KB 43ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%224b0e1b704764%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.1%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&s=f763c9c5-b57f-406e-a340-cb7655ea0aa5&pv=b4a1a64d-8801-492d-b5d9-826f90e94cad&vp=mobile&lib_name=prebid&lib_v=3.21.0&us=0&ius=1&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=microsoft%2Citaly%2Cnetherlands%2Cagencies%2Cwarn%2Cemotet%2Ccampaignssecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

295c7e860f5c8ca155455c40ae5b74e4eac12f1a34e812a28374188546343419

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:30 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 599
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 2 Show response
prebid.mgid.com/prebid/ Frame 05D2 0
219 B 72ms
72ms XHR
text/plain 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.mgid.com/prebid/2
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 1dda8f23-2329-4102-9211-d1afa024c561
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 204
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://securityaffairs.co
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 5d7d3cefbe021e7d-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 05622469d100001e7d76149200000001
server: cloudflare

GET
H2 200 hb Show response
ice.360yield.com/ Frame 05D2 94 B
310 B 23ms
23ms XHR
application/json 18.194.102.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2218ea1f9adfec294%22%2C%22version%22%3A%227.0.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22814a7bc535bbb2%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22pid%22%3A22254128%2C%22tid%22%3A%2296c233c1-4738-4f56-9df3-590a73ef8bad%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.102.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-102-50.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 77fc22ad5ba2f43b6e079e2d97df508e67503c8bb1cabdc36f55ebcaecd00d38

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Thu, 24 Sep 2020 14:36:30 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co
content-type: application/json; charset=UTF-8
content-length: 94
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame 05D2 0
505 B 171ms
113ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 24 Sep 2020 14:36:29 GMT
server: envoy
status: 204
cwdl: 22/4212
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 18
cw-server: bid-deployment-8694d784f8-h28km

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 05D2 19 B
716 B 16ms
15ms XHR
application/json 185.33.221.88
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.88 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:30 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 726.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.117:80
AN-X-Request-Uuid: cea5aca3-c464-4333-a9bb-8d6ac4ecaebf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 05D2 172 B
357 B 122ms
122ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=96c233c1-4738-4f56-9df3-590a73ef8bad&nocache=1600958190028&gdpr=0&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divIds=24270x300x250x4142x_ADSLOT1&auid=540580840&tps=bXlrZXl3b3JkPW1pY3Jvc29mdCxpdGFseSxuZXRoZXJsYW5kcyxhZ2VuY2llcyx3YXJuLGVtb3RldCxjYW1wYWlnbnNzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPW1pY3Jvc29mdCxpdGFseSxuZXRoZXJsYW5kcyxhZ2VuY2llcyx3YXJuLGVtb3RldCxjYW1wYWlnbnNzZWN1cml0eSxhZmZhaXJz
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.193.0 /
Resource Hash: 8e3c275e10e0eceb96bc54f7dad8afded23435def955d6db00f0c4c1a4fd0e38

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
server: OXGW/16.193.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 05D2 0
61 B 17ms
16ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 24 Sep 2020 14:36:29 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 5995 206 KB
56 KB 40ms
14ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14990
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 5995 16 KB
6 KB 39ms
13ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14963
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 5995 95 KB
30 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14951
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 5995 4 KB
2 KB 45ms
19ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14952
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 5995 47 KB
14 KB 41ms
16ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14984
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
DATA 200
OK truncated
/ Frame 5995 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82b84e397d29e4ec99f85401947b5051a897c956999f0a6b3003319431ecddb6

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12978769845826435743/ Frame 5995 8 KB
8 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12978769845826435743/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIjQIQjQEYASABLQAAAD8wjgI4jQFFAACAPw&rs=AOga4qncZ849NJ0I2rMX51IHogMMA-f4Bw

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d53aba1ad67e8f8f749ad171cf1a82d605a0db2e5598d4a5ca3385bc4d44d44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 16:33:57 GMT
x-content-type-options: nosniff
last-modified: Fri, 06 Dec 2019 14:24:34 GMT
server: sffe
age: 165753
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8082
x-xss-protection: 0
expires: Wed, 22 Sep 2021 16:33:57 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5995 0
0 58ms
57ms Image
text/html 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CVFdU7a5sX9vMMdiA7gO7j4iYB-2kxaJfpJ3b1L4KsJP38pASEAEg0JaYHGCRhJOF_BegAePPmb8DyAEG4AIAqAMByAMKqgSYAk_Qa1jcczWrPyknVTVr6DcZEsHSTRIh9k6Ym5bp2Kh_l-f4qvQjIP0jiEeOR_wZ65s7GWXw0-jCM8N874PjKSSSz_rldh6JeWOY9gD_neHsBC7yLHfgsypXDPAQ3AlJWBVKPiaaCHfROfyMKt_qbFXTHIFo8wOo0QlztCCKjnMHIh4rFsUq3LQLXXirhDeITEQHTulU2n0JfFX9CwL9WtBTiCcFWUhZSkwUHbPYu-7zfigA8UYu3X6gmAickD5PVOJj47DkL0QbG6YsPDUi2-10HY964x1k9iLLPfu1r7-4VAz8hwmc7-5nggx0IlYNweEdbo-_ayzpzCFIVX7V_UiIM3n0PtflvXVkVsbP6x75OhlwIceI-kDABLO1l5PFAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAfd9pMwqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEMruCNIICQiA4YBwEAEYHfIIG2FkeC1zdWJzeW4tNzI0MzM1MjQzOTEwMjU1M4AKA8gLAbIMFHB1Yi03NDM5MDQxMjU1NTMzODA42BMMiBQB&sigh=stiYRMTnMIo&template_id=492&tpd=AGWhJmudUX5bePc5Ms3QZxHOrL-Zs1cPFGi28Y0ITTgDjybWPQ
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5995 0
0 14ms
13ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS2JCcCtG96yLTG-yBEAAN2C3AvXHy-WFq0kjy8CXyi14gEKwtAXc_OBfzXL55XLaEwC1VV
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5995 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 12452
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 25 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5995 295 B
388 B 7ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 23 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 61772
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 24 Sep 2020 21:26:58 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B7AD 9 KB
7 KB 41ms
20ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020091601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dba017aeb5a42f26a16e95cfe20e236c9321d8cbd23df9397365841f4bdf38f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6701
x-xss-protection: 0

GET
H2 200 rtblog.php
lg3.media.net/ 35 B
189 B 30ms
26ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/rtblog.php?&gdpr=1&vgd_l1rakh=1600958188156668585&vgd_hbReqId=T1600863112C8S19U6&vgd_uspa=0&vgd_isiolc=1&l3ch=4&cc=NL&vgd_implt=0&movlimp=0&vgd_dfp_tgt={%22crid%22:%22184323154%22,%22mnet_variant%22:%2298%22,%22pub_domain%22:%22securityaffairs.co%22,%22mnet_cc%22:%22NL%22,%22mnet_bucketid%22:%22a2%22,%22mnet_dfp_ol%22:1,%22mnet_nat_tpid%22:%22%22,%22PubMaticSS%22:%221610%22,%22RubiconSS%22:%222209%22,%22mnet_pid%22:%228PRHGG6T9%22}&vgd_asn=9009&vgd_scr_h=1200&vgd_scr_w=1600&vgd_optout=0&vgd_l2type=setting&vgd_is_amp=0&vgd_rensize=300_250&vgd_l2wsip=2886781338&wsip=2886781338&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&pid=8PO4A4J48&size=300x250&vi=1600958188174706648&ugd=4&bdrid=153&subBdr=98&bdrct=0.01&adx=1&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_crefurl=undefined&vgd_dfpnc=0&vgd_refadx=14&vgd_demp=false&vgd_refcnf={%22a2y%22:{%22afterLoadSecs%22:30,%22afterViewSecs%22:10,%22percentTraffic%22:95,%22ignoreSessionDisable%22:true,%22both%22:false}}&rtbsd=10&bto=13&vgd_rt=1&pti=41&https=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&hvsid=00001600958189215031177223687920&gdpr=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:30 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 0B7B 206 KB
56 KB 34ms
17ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14990
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 0B7B 16 KB
6 KB 35ms
18ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14963
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 0B7B 95 KB
29 KB 36ms
19ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14951
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-animation-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 0B7B 76 KB
18 KB 35ms
18ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-animation-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1ee7d241bb9729ba813536e6a54d708b6d809a87f9d02457170d61904d52ac8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 530941
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18081
x-xss-protection: 0
server: sffe
date: Fri, 18 Sep 2020 11:07:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ce99181b35637f75"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Sep 2021 11:07:29 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 0B7B 4 KB
2 KB 35ms
18ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14952
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 0B7B 47 KB
15 KB 30ms
14ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14984
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0B7B 2 KB
2 KB 8ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 12452
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 25 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0B7B 295 B
319 B 9ms
7ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 23 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 61772
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 24 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 0B7B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43e7e40b50bda58a6afd27074c6d1ff62ed70535e06cf1b2f270053806e6c007

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 0B7B 0
0 17ms
14ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS5jcHmIB5IJzwh0k3A8qq4FpFxGub0meREnwUXmnZhDiqeGGTKbAd3PuVBcVYlRtO_UR1X
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0B7B 0
0 59ms
56ms Image
text/html 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CH0Tn7a5sX86uNYnvgAeCqIyYC5aY-KNf8IGa98MMv-EeEAEg0JaYHGCRhJOF_BegAc2o19UDyAEJ4AIAqAMByAMIqgSXAk_QC3SK9462vnO_oji3IOS00y8UJDvGaUS6CUsKJ8KYkYKYy5bDrlVGM8yuv18nSCUVtHn8XwY2JUFESqeLGsPpzZgO0e-6i54nDdKBmDiGfICMmKc-bsygjRz7tZ8HDGO50mwAlF0bmiPZdIB2RaCo6Cr_jdWBbGaD7ycidxtsmPa0aAk3wWQfcGtoQ85vzPtqtYyhRvPYpXgYT7Bku48bv2P4hp5YfuTYlCN-1u9NgxcSUa_uDCA3Q1hz4s5M1_Xvm8BKmQ7fy2dBBEfAKW77GgMjfYMXLA7nM9FZeaXDuSZUa30SyawQKD_-ZFiwJumQJYVTV3JspDWxx1tMli_WDUNqnaPxY9e0r3jF13DA1SbiFwmfecAEuMig8ZAD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5vXqCqoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwDyBwQQg64R0ggJCIDhgHAQARgd8ggbYWR4LXN1YnN5bi03MjQzMzUyNDM5MTAyNTUzgAoDyAsBsgwUcHViLTc0MzkwNDEyNTU1MzM4MDjYEw0&sigh=QTZo0sUO1Xs&template_id=419&tpd=AGWhJms4zH_sKZwtnYmOIJoVzq1wOpylDQYOV5PKhTATQVa4lQ
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C4A2 8 KB
7 KB 42ms
27ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020091601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b1fc44ed700e8ce76530d509f658481b8effa2954e4296ed501f7f356816e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6420
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B7AD 16 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H2 200 rtblog.php
lg3.media.net/ 35 B
189 B 27ms
27ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/rtblog.php?&gdpr=1&vgd_l1rakh=1600958188156668585&vgd_hbReqId=T1600863112C8S19U6&vgd_uspa=0&vgd_isiolc=1&l3ch=4&cc=NL&vgd_implt=0&movlimp=0&vgd_dfp_tgt={%22crid%22:%22639665355%22,%22mnet_segment%22:%220.00%22,%22mnet_variant%22:%2250%22,%22pub_domain%22:%22securityaffairs.co%22,%22mnet_cc%22:%22NL%22,%22mnet_bucketid%22:%22b3%22,%22mnet_nat_tpid%22:%22%22,%22PubMaticSS%22:%221610%22,%22RubiconSS%22:%222209%22,%22mnet_pid%22:%228PRHGG6T9%22}&vgd_asn=9009&vgd_scr_h=1200&vgd_scr_w=1600&vgd_optout=0&vgd_l2type=setting&vgd_is_amp=0&vgd_rensize=300_600&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=639665355&pid=8PO4A4J48&size=300x600&vi=1600958188141481019&ugd=4&bdrid=8&subBdr=50&bdrct=0.00&adx=1&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_crefurl=undefined&vgd_dfpnc=0&vgd_refadx=15&vgd_demp=false&vgd_refcnf={%22a2y%22:{%22afterLoadSecs%22:30,%22afterViewSecs%22:10,%22percentTraffic%22:95,%22ignoreSessionDisable%22:true,%22both%22:false}}&rtbsd=10&bto=102&vgd_aid=238338828031027111600958189228&vgd_rt=530&pti=41&https=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&vgd_mseg=0.00&hvsid=00001600958189225031177223684862&gdpr=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:30 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C4A2 16 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 5995
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
40ms

Image
text/html

2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 24 Sep 2020 14:36:30 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame F87C 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Thu, 24 Sep 2020 14:11:00 GMT
expires: Fri, 24 Sep 2021 14:11:00 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1530
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame DF1C 90 KB
32 KB 42ms
28ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b99296f442e2a0de1a11fb3c5c54a691ea10e85b0e0fde4e602d930fcb64d110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 32277
x-xss-protection: 0
server: cafe
etag: 397483994775321627
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 05D2 3 KB
3 KB 95ms
94ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v160
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:30 GMT
Last-Modified: Mon, 06 Jul 2020 13:30:16 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f032768-a4e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2638
Expires: Sat, 26 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12978769845826435743/ Frame 5995 8 KB
8 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d53aba1ad67e8f8f749ad171cf1a82d605a0db2e5598d4a5ca3385bc4d44d44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 16:33:57 GMT
x-content-type-options: nosniff
last-modified: Fri, 06 Dec 2019 14:24:34 GMT
server: sffe
age: 165753
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8082
x-xss-protection: 0
expires: Wed, 22 Sep 2021 16:33:57 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5995 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 12452
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 25 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5995 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 23 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 61772
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 24 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame 2B6A 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Thu, 24 Sep 2020 14:11:00 GMT
expires: Fri, 24 Sep 2021 14:11:00 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1530
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/ Frame DF1C 229 KB
86 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54675ec64473f421a8faf763c391556bccf81ac1e3cde6f61201f3b45190ecd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87838
x-xss-protection: 0
server: cafe
etag: 10014622774852573794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200922/r20190131/ Frame 74F1 0
0 9ms
8ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200922/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200922/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl3qA56HGU8YKmGf1FMOjTFchbzj21QWNNqmXqKs3LCHX-A4h3eUWU7pxzh; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Wed, 23 Sep 2020 20:55:32 GMT
expires: Wed, 07 Oct 2020 20:55:32 GMT
content-type: text/html; charset=UTF-8
etag: 17942277541989656716
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4728
x-xss-protection: 0
age: 63658
cache-control: public, max-age=1209600
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0B7B 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 12452
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 25 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0B7B 295 B
319 B 9ms
7ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 23 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 61772
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 24 Sep 2020 21:26:58 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 05D2 36 B
615 B 267ms
95ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v160
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:30 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 26 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame DF1C 109 B
126 B 18ms
17ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame DF1C 109 B
149 B 16ms
16ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame B351 0
0 409ms
408ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492133&w=300&lmt=1600958190&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&flash=0&wgl=1&dt=1600958190486&bpp=22&bdt=79&idt=90&shv=r20200922&cbv=r20190131&ptt=5&saldr=sa&correlator=2312505961911&frm=21&ife=1&pv=2&ga_vid=1499007502.1600958189&ga_sid=1600958191&ga_hid=1115260329&ga_fc=1&iag=63&icsg=170&nhd=3&dssz=6&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=3518&biw=1600&bih=1200&isw=300&ish=250&ifk=4269566075&scr_x=0&scr_y=0&eid=42530672%2C21066468&oid=3&pvsid=4467758055660252&pem=178&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.e6wohfnc4z6t&btvi=1&fsb=1&xpc=a8mT0H2alm&p=https%3A//securityaffairs.co&dtd=110

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492133&w=300&lmt=1600958190&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&flash=0&wgl=1&dt=1600958190486&bpp=22&bdt=79&idt=90&shv=r20200922&cbv=r20190131&ptt=5&saldr=sa&correlator=2312505961911&frm=21&ife=1&pv=2&ga_vid=1499007502.1600958189&ga_sid=1600958191&ga_hid=1115260329&ga_fc=1&iag=63&icsg=170&nhd=3&dssz=6&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=3518&biw=1600&bih=1200&isw=300&ish=250&ifk=4269566075&scr_x=0&scr_y=0&eid=42530672%2C21066468&oid=3&pvsid=4467758055660252&pem=178&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.e6wohfnc4z6t&btvi=1&fsb=1&xpc=a8mT0H2alm&p=https%3A//securityaffairs.co&dtd=110
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl3qA56HGU8YKmGf1FMOjTFchbzj21QWNNqmXqKs3LCHX-A4h3eUWU7pxzh; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 24 Sep 2020 14:36:31 GMT
server: cafe
content-length: 20492
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame DF1C 72 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27610
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 9318 90 KB
32 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b99296f442e2a0de1a11fb3c5c54a691ea10e85b0e0fde4e602d930fcb64d110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 32277
x-xss-protection: 0
server: cafe
etag: 397483994775321627
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 5195 3 KB
3 KB 90ms
90ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v201
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 24 Sep 2020 14:36:30 GMT
Last-Modified: Mon, 06 Jul 2020 13:30:16 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f032768-a4e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2638
Expires: Sat, 26 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/ Frame 9318 229 KB
86 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54675ec64473f421a8faf763c391556bccf81ac1e3cde6f61201f3b45190ecd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87838
x-xss-protection: 0
server: cafe
etag: 10014622774852573794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7AD 0
87 B 40ms
39ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020091601&jk=265022136779784&bg=!DwylDBRYheZ2l-SoCYICAAAAv1IAAAAQCgBoRWz3qGPxbxO8iA6tNl-LrA16YfANvLJCfXnYcuvCj-sAtqZrDA98RmboI4KujbZbVVW5p-SOoz34BL1vqJAoBEQfEroeM7pX028zCUGqAlg7Rhrj6ju0OnRncx_0dAvCnL48gFvBJwOZAdoV80g2AHFWVJBalKP09enaHoQkgM_Nc48fuI6DRYOrylgDd5pKCpClHfPu4T5WlqUq5Fl1k0_fnw-XkiPMpMW3OyTtTYAvlrAwZqDCO6DWi4_CpCKdk9hA7UHU6w3mYB9-W3gtZsidUiy3ojyC2B1e1NKVF6mcTXWvNEoeU9xXckiWcyip49jYKij_A8gIx5gT6h4tx1T0pDuCesV-fjCOxjfonEnPx_Evy3y-i-6rM5xybC8fDRmfE54uHrqb_bcbydOFaubkxXIkCX6QzamCXJEdWcX-aBf3fgncqo1Gl0GrFnGsmqkErr33YrM2KSNmubb89iBkRP3D1FBoPKwow8O9_SS2ZAHUJ71U85qKbEIJ3iL47JnvU37p0vaFTiAAe7DZXn-6mWEjrJuzGC-sDkOopjOOOtEdCGWy-StChXCHQFrcqsR-i0OIYtsVzM42PwP18zVW8tgy4R3lLTfujuUpk2uVatRy7rf2UTcsOJoGPBmft_EDp3dSy4Rs4AE4u445VEA9vyXll4jP6Zgw_nYouMqj-NHbwn66S2TEmcvQU2tlnerrlzzQtJIIdUM7CcmS0wfyb1kQTsRBVKtA4SEHtFbRtaOWkrtJqkfwh4IbvTVctfPCIrQ

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C4A2 0
22 B 43ms
42ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020091601&jk=1503750058275153&bg=!rq2lrbVY7bmlYnjPwecCAAAAglIAAAAYCgHjOkikL1Mklt3UVcFQsmwNL5DJ037k5GWKEiepokjSC9Hi7A4-NANJE7yLw9Nu9oQ62P1A7Coeb38pFOX-pBZ7Df02P9K2b3grXMPpR5Noi15s6YMF50GdggRmZurzpowxqWQfx729-xf0nQ1wOywcK1iFSI7kXVIp1URKQq8pCYp3j7NYdCxhTN4gFa_ePac58KDhpW1A7NbYphwgaXwhYzi_tqUcx72zdtK5LQbiI_gMwUYugmlKBfrPqLZxazAIRSnFAklmAwH8x-UN8IhHb0Li9fkZZURjRJK99sB1zTtKb68_NK4IIHiGWT5E-P6Ovy4lOkkNoga9s1boXUgnov1GQJBp_Tb0y1g7YXOk1jsJrdSqIYVUsYKo7phplpxifYynlJxf1B5ZGLgBYZdkOZILWWC_wNJj7JeWyqEVANw5WMGSk7OBgxy2VwiUP7FWc7RS4A8yhFUjxtDP4MIjnegaVWra4SlXbv3iG6ZijQmIh36PHkmQ1itZrYkACCSGquai2o4WEUlIz-dGGEmnRnNuQcQOdWarrhD1RyiyFmt2SeoT5_O_H967mJTP7L0k1n7BZrFWFrII2ukceqRYra3aowBgupaIom4O1FrehFO1lIJt-L818P0XLG3hkoJ1Zu5vmQHHIxK1XGV0_jOn7rXiSLrD39PRaXQD8iTK0i8DE0VwGHItCmElJZOZXgHyYZ3FEebb-NSfClwnEIo16tk5JqU1u1ciqg0oAtz8WfBXEwKSjwgPQ4Dq9bBuZ-m3a28gKdglsHL-liqWyHOqFXjmozeNJDJrUvpl1IRSDpG3sMqQIJN3vjwVZwQGVY1lPV-8pc-YTPSP_OLV7tz4ec6ZHv_bizQg57r9ZxWIP5B7VzfI2SjQlSdMWj5xBaXiB3An4X-6YR89MOtR6Ih3MXtC8I4bcAkGiSrkPiHds_q-02ukWllAMuXDPMDak7-SPPObAb5u0oGFnvJm2kdlBl4Ahs8S0Q6PXeRLpDFZxcGIKtBmRrCn1VFMIZAV5-jDZNHM4p1HvJYHZSr4d1VjfIm282QqU0cpKx6tUyapKucGFW2tteOdg0orKIi9tVUiyvULHb5KV51yckPaATbLHpB-O6henj-ABYgGCmy_VsQgmzYoSGTZnjicwkIboRHlWqNMVmn5iTDkN5t6Xz9r7vkAmJPbvwo91K-iX8t2nQmWRfEPow04_rBakj5-gKPzDrPWbZVlW3UlQvdEDoWbY9-LxxybutJA5ECW1zs

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 5195 36 B
615 B 161ms
95ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v201
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:30 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Sat, 26 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9318 109 B
126 B 18ms
17ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9318 109 B
126 B 17ms
16ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame B344 0
0 295ms
294ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492132&w=320&lmt=1600958190&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&flash=0&wgl=1&dt=1600958190694&bpp=4&bdt=29&idt=93&shv=r20200922&cbv=r20190131&ptt=5&saldr=sa&correlator=2312505961911&frm=21&ife=1&pv=1&ga_vid=1499007502.1600958189&ga_sid=1600958191&ga_hid=1978272599&ga_fc=1&iag=63&icsg=170&nhd=3&dssz=6&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=3437&biw=1600&bih=1200&isw=320&ish=50&ifk=3907440428&scr_x=0&scr_y=0&eid=21067348%2C21065724&oid=3&pvsid=1080921787487671&pem=178&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.eaogul569f6m&btvi=1&fsb=1&xpc=x4UwdM8gnF&p=https%3A//securityaffairs.co&dtd=99

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492132&w=320&lmt=1600958190&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&flash=0&wgl=1&dt=1600958190694&bpp=4&bdt=29&idt=93&shv=r20200922&cbv=r20190131&ptt=5&saldr=sa&correlator=2312505961911&frm=21&ife=1&pv=1&ga_vid=1499007502.1600958189&ga_sid=1600958191&ga_hid=1978272599&ga_fc=1&iag=63&icsg=170&nhd=3&dssz=6&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=3437&biw=1600&bih=1200&isw=320&ish=50&ifk=3907440428&scr_x=0&scr_y=0&eid=21067348%2C21065724&oid=3&pvsid=1080921787487671&pem=178&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.eaogul569f6m&btvi=1&fsb=1&xpc=x4UwdM8gnF&p=https%3A//securityaffairs.co&dtd=99
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl3qA56HGU8YKmGf1FMOjTFchbzj21QWNNqmXqKs3LCHX-A4h3eUWU7pxzh; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 24 Sep 2020 14:36:31 GMT
server: cafe
content-length: 24476
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9318 72 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27610
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4D6F 0
22 B 39ms
39ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=1173236321000016&r=300x250&w=300&h=250&a=0

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame F30C 206 KB
56 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14990
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F30C 16 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14963
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F30C 95 KB
29 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14951
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F30C 4 KB
2 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14952
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame F30C 47 KB
14 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 14984
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F30C 2 KB
2 KB 10ms
10ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 12452
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 25 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F30C 295 B
319 B 10ms
10ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 23 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 61772
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 24 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame F30C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a6ac3622ab589dabf87e83f2784e7cc0199bd6225a54f2df9999770e9d015fad

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2691126725077084152/ Frame F30C 11 KB
11 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2691126725077084152/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIjQIQjQEYASABLQAAAD8wjgI4jQFFAACAPw&rs=AOga4qlYNVRk3ma6ZzGa1mvY4pDpzSbH8A

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7066646bf9bda795e008aa09863f4fbc08f0c05774d08c0303efabdd3bb51512

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 08:54:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Jun 2020 21:43:07 GMT
server: sffe
age: 106950
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10959
x-xss-protection: 0
expires: Thu, 23 Sep 2021 08:54:00 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F30C 0
0 58ms
57ms Image
text/html 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CVhY17a5sX5WvNYLjgQemuIn4CbnNgbJfpNGgiaUMv-EeEAEg0JaYHGCRhJOF_BegAdOb7-YDyAEG4AIAqAMByAMKqgSXAk_QkqUQemPO7uRSIFH3uBccaFluaz0dvpqB8zLpASZ_JsUl0hdCBvfO6FZu-wIy_f8SgxTsNYGwXV1PKOiyN-C5FupijYEhvBvUX9WLsqpSV1R_eIvM55jXFcrk-i8GI8Y4pBc05T-u4Xuvj7V37FendqjprI6xTeg7oCCvVWLCHgNSWDvG1YIIvAGxRvWeGwW-yfv0RJpiIhmHAxrcfiH2SbFp2znv_Vpe9_V5Mbfua0mgVSiCTTUVwReU_vVFsYp0oGkwqk3GGIsUKZtZ4CxJAgu5iNozGhtMpCFFRhn-yXaThbk5t9Ow3MbG4uXa_bQOvbu14SqkD_UDFFS935n8kugPi6lGCjRbn8wzoklTSHVvky9dKsAEvO_mqIUD4AQBkgUECAQYAZIFBAgFGASgBjeAB8_Y1jeoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQyusc0ggJCIDhgHAQARgd8ggbYWR4LXN1YnN5bi03MjQzMzUyNDM5MTAyNTUzgAoDyAsBsgwUcHViLTc0MzkwNDEyNTU1MzM4MDjYEwKIFAE&sigh=3GO0Ff4qpdk&template_id=492&tpd=AGWhJmvn3NZ_CKb84OeD9LSOwoaUQIBTg8qgC5HwW8oX6OMTTg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4D6F 8 KB
6 KB 24ms
24ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020092201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2f13e89bc922e025af4da52c4191de4c3dc7b28823da7d65c53ea424c006e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6400
x-xss-protection: 0

GET
H2 200 rtblog.php
lg3.media.net/ 35 B
189 B 30ms
26ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/rtblog.php?&gdpr=1&vgd_l1rakh=1600958188156668585&vgd_hbReqId=T1600863112C8S19U6&vgd_uspa=0&vgd_isiolc=1&l3ch=4&cc=NL&vgd_implt=0&movlimp=0&vgd_dfp_tgt={%22crid%22:%22762221962%22,%22mnet_variant%22:%2298%22,%22pub_domain%22:%22securityaffairs.co%22,%22mnet_cc%22:%22NL%22,%22mnet_bucketid%22:%22a1%22,%22mnet_dfp_ol%22:1,%22mnet_nat_tpid%22:%22%22,%22PubMaticSS%22:%221610%22,%22RubiconSS%22:%222209%22,%22mnet_pid%22:%228PRHGG6T9%22}&vgd_asn=9009&vgd_scr_h=1200&vgd_scr_w=1600&vgd_optout=0&vgd_l2type=setting&vgd_is_amp=0&vgd_rensize=300_250&vgd_l2wsip=2886781338&wsip=2886781338&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=762221962&pid=8PO4A4J48&size=300x250&vi=1600958188259766993&ugd=4&bdrid=153&subBdr=98&bdrct=0.09&adx=1&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_crefurl=undefined&vgd_dfpnc=0&vgd_refadx=14&vgd_demp=false&vgd_refcnf={%22a2y%22:{%22afterLoadSecs%22:30,%22afterViewSecs%22:10,%22percentTraffic%22:95,%22ignoreSessionDisable%22:true,%22both%22:false}}&rtbsd=10&bto=13&vgd_rt=0&pti=41&https=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&hvsid=00001600958189161031177223683247&gdpr=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:30 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4D6F 16 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067535

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:30 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F30C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
15ms

Image
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 24 Sep 2020 14:36:30 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame 840C 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Thu, 24 Sep 2020 14:11:00 GMT
expires: Fri, 24 Sep 2021 14:11:00 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1530
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2691126725077084152/ Frame F30C 11 KB
11 KB 13ms
6ms Image
image/jpeg 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7066646bf9bda795e008aa09863f4fbc08f0c05774d08c0303efabdd3bb51512

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 08:54:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Jun 2020 21:43:07 GMT
server: sffe
age: 106951
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10959
x-xss-protection: 0
expires: Thu, 23 Sep 2021 08:54:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F30C 2 KB
3 KB 13ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 12453
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 25 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F30C 295 B
388 B 13ms
7ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 23 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 61773
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 24 Sep 2020 21:26:58 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4D6F 0
55 B 40ms
40ms Image
image/gif 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020092201&jk=1173236321000016&bg=!NTalNi5YPSG4ut0DP2QCAAAAxVIAAAAMCgDcnb-m8cc83sJTyaP4AsAfESdA2aJKZjBlwfzKpi2A3o5A9nSp9zpvFd5AXTmKn_ayrR8XWdGFs5YCZ5atHalosgbpT-uNaqDfhZgyeNj5giBwh38fE6Qi5FFQippQyk8O3XJ4V1ZM10tJ_S3NCinb4ipg2ImmiBsTYtQMDLfEtoHZoxwsiusay-yKhrHt5DUfE-aShoMGcZC3FBn-9fJwJRgzTMUM-VA-i229JqhgrSyMgyA7t4lTMRn4Y4XuGwLtUqCkXwKlRUxjAqt3rtcnuYWFuKEYporDQdg0V5kBx2pGVYRRqAhsxJLBijxq5dA9OHS7Od7PX_BXpBda6nryg4auxHIcOWgk5oTeHZQ3mW8wJLiiXGmKwQVTjsJ8CsYoXRk5t0mYjVak6xOlY_yihTtaABmcVTzYaoJe5v299grDDB38-hIq4kgTkoEhEFrec-t2kL1UAYW5oPcYUk7hSwuIDvVXqX3rlcrqRzVflHQNca3c4uUh0vaDIPLAfQDASvG-R_FYPKI2b6WrsyoWQLlpFHOiQI4zJ0TPgiQ4UtOTJSnA8AATlmhLPxgtbgyRt5aNVCwzsTVweBggWZpX8rnNWknWAdv5BNqyaa8eWzrp9I-g_oqis_9qWOdXAS6vC_4V4zy5J0nkGA4jSUWNGK2ALh4PC5dCTp7aoUzxXUoQ1Qk1esygD4SNNR9ys1-EDjMUZAJEmSoaFjvj-akaz23Iyx8tGGM3xWVHmnsJ2HJeE49ryjItpAWDJE-SJ-omrqnzS3E8Gdh9vARK7J3NhI9ipepIooav5awyDVgohrDKPFsJ4Q8aZFoVsqPWIda2J1KXzg3qcNCSVx1G9Wb-pTzm2vD-vefzta7O1tJe0p-4h6JBZtmUp8MrLQ9kNTUfPvyS7n_y

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 26ms
26ms Image
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&vgd_viab=1&katid=801338175&kals=ttype=10002||pc=2&katen=1&pc=2&kata=aton&katbid=-21&kasts=tstype=-10408||gbid=-1&cme=EmX4F68WjWmzqpNTQGPYVmX9A0lfh2DWugcqd62ZAVlrZOx5yX4OGRr4G6_wwiTwOKUjv9S_5pRARa9i0a73Ot2PvF0JhCWGkEnfFSJMKIz4QKPpCcfh2d2_ftnATWyf3qjsFUQ48xi2UfnzFh7Mxlt6-chLqdgeuTvumhcLGYObWSVDVeDV1XNIOt80oxZvsZcl9hBoSPQuDnMbrz2oxMEkiS1cRCKE||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|vEQR6AiE842DrNb49M5SxQtJafhPGerareWeaBSJmg-ZXyNAsO8vcZgrfqz7_EkSy5sx7ixcJmUDmVA6swRDL7FnZ0krHbrxcGtbBBIIidE=|N7fu2vKt8_s=|ZyEDHKZrjjSf4Ds7-NXpv1MdDDT-ho5j-TjEx_OevEFT_k0rMuVZcI9T5_OU5nCV0YmkrocnFIbICzLzZfq9eQMjX2SDVkIyeuaMUpp8eYTyLZ4RvlnWUL6GoZ6FzgHbJu5wz1rVnY_aYnUJ_p5KxZ4iBngbRvnW0Nh8GK_fFFHZfp42vkMoM7EF0YcWM4ep8ZlTLyEJg19aibxmSP7Fqg==|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&pid=8PO4A4J48&size=300x250&vi=1600958188174706648&l1ch=1&l2ch=0&l2wsip=2886781338&ugd=4&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&bdrid=153&subBdr=98&cc=NL&vgd_isiolc=1&hvsid=00001600958189215031177223687920

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 24 Sep 2020 14:36:31 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DF1C 8 KB
6 KB 25ms
25ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200922&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af08ee123b911072c525fece60932992a23ec00ba1178286d877ada82691c2ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6367
x-xss-protection: 0

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9318 8 KB
6 KB 19ms
19ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200922&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7f09c5c0d3e1874301fca15c84d4f4ef874a8c663243ed3a960b65c2f75465a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 14:36:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6389
x-xss-protection: 0

GET
H2 200 log
hblg.media.net/ 35 B
194 B 26ms
25ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=prlog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=5145&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&mowxReqId=118667652053835521600958189233&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&pvid=222&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=87&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7CssProfile%3D0%7Cebc%3D1%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=5&ba=0&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-22&ltime=312&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=253&wt=252&patkey=&patint%3C%3E=&pc=&spSource=6&spIvt=1&spId=b323405a-6556-44a6-99f9-4270849cfb4d&spFst=0&spIsReq=0&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=0&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=0&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&mowxReqId=363410858255230711600958189238&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&pvid=3008&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=3052&pcId=0000EEA&pseat=&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cmd_rq%3D1%7Cbfl%3D-100%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=69&ba=30&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-48&ltime=491&abs=0&ssregion=&ssreqid=&sssvnm=&cnt=0&dnst=0&dwnt=0&sslt=0&dur=390&wt=389&patkey=&patint%3C%3E=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=1&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&osnbr=&binfobid=&toconsider=0&pvNbr=&pvNbrDtls=&td=r%3Dstr%7Cab%3D0%7C&lper=10&mnrf=0&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 28ms
27ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=aplog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=5145&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=3008&prvAccId=639665355&prvApiId=8CU5BD6EW&exid=3052&pcId=0000EEA&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=363410858255230711600958189238&crid=555212031&g=0&size=300x600&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&bdp=0.00&cbdp=0.00&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=null&dfpBd=0.00&nms=1&di=&dt=O&epc=639665355&ogbdp=0.00&s=2&snm=nobid&dbf=1&bdata=&cmpid=&bId=&pcrid=555212031&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cmd_rq%3D1%7Cbfl%3D-100%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D0%7Ctkd%3Dnull&bfs=0&seat=&nbr=69&ba=24&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=238338828031027111600958189228&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=nydc&rtbsv2=&apid=1&wsip=c10-mowx-web-48&ltime=491&abs=0&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint%3C%3E=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=1&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_SC=1&mx_BCT=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=&mx_supply_path=&mx_sbp=-10&mx_aqcpl_crid=0&mx_tgs=&mx_nsz=&mx_TAS=&mx_aurt=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=0&toconsider=0&dcs=&auMxTm=&actltime=502&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=&bbdrid=&td=r%3Dstr%7Cab%3D0%7C&pvNbr=&pvNbrDtls=&lper=10&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 28ms
28ms Image
image/gif 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=kfk&evtid=relog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020092310_40&servname=hbcm_na&gdpr=1&csex=2&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001600958189529031177223681386&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=NL&sc=&ct=AMSTERDAM&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=0&vw=1600&vh=1200&pht=5145&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&ffp=0.00&efp=qcqq&mdf=&mdk=&rp=&rf=&rfs=nfetched&dfpAdPath=%2F45361917%2F8CU5BD6EW-184323154-Single_post_ads&src=Rules&lper=1&ffp=0.00&efp=qcqq&mdf=&mdk=&rp=&rf=&rfs=nfetched&dfpAdPath=%2F45361917%2F8CU5BD6EW-762221962-300x250_inside_post&src=Rules&lper=1&ffp=0.00&efp=qcqq&mdf=&mdk=&rp=&rf=&rfs=nfetched&dfpAdPath=%2F45361917%2F8CU5BD6EW-639665355-Skyscraper_post_yahoo_300_x_600&src=Rules&lper=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F108685%2Fmalware%2Femotet-europe-alerts.html&kwrf=&epurl=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DF1C 16 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9318 16 KB
6 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200922/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 14:36:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame B67B 0
0 6ms
5ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Thu, 24 Sep 2020 14:11:00 GMT
expires: Fri, 24 Sep 2021 14:11:00 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1531
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame EF75 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Thu, 24 Sep 2020 14:11:00 GMT
expires: Fri, 24 Sep 2021 14:11:00 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1531
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 5F22 0
0 67ms
22ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Fri, 24 Sep 2021 14:36:31 GMT
Date: Thu, 24 Sep 2020 14:36:31 GMT
Connection: keep-alive

GET
H2

200

pd
eu-u.openx.net/w/1.0/ Frame F1D8
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

0
0

31ms
31ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.193.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=862c53d6-b75b-07be-20ee-c265c49db193|1600958191
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=862c53d6-b75b-07be-20ee-c265c49db193|1600958191; Version=1; Expires=Fri, 24-Sep-2021 14:36:31 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1600958191|gekin0vNiygu; Version=1; Expires=Fri, 09-Oct-2020 14:36:31 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.193.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 24 Sep 2020 14:36:31 GMT
content-type: text/html
content-length: 415
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=862c53d6-b75b-07be-20ee-c265c49db193|1600958191; Version=1; Expires=Fri, 24-Sep-2021 14:36:31 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.193.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
date: Thu, 24 Sep 2020 14:36:31 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 200 visitormatch
bh.contextweb.com/ Frame E47E 0
0 340ms
150ms Document
text/html 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-577cbfbc5c-tjxb4
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
content-type: text/html;charset=iso-8859-1
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
set-cookie: INGRESSCOOKIE=9db3bd556e9d6a00; path=/; HttpOnly; Secure; SameSite=None

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 44C3 0
0 80ms
23ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=37671
Expires: Fri, 25 Sep 2020 01:04:22 GMT
Date: Thu, 24 Sep 2020 14:36:31 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 05D2
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=80125f6c-aeef-4800-ae18-3b47c17ee3e4

49 B
513 B

82ms
16ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=80125f6c-aeef-4800-ae18-3b47c17ee3e4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 24 Sep 2020 14:36:32 GMT
Server: MT3 3091 d17e67c master zrh-pixel-x16
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=80125f6c-aeef-4800-ae18-3b47c17ee3e4
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 05D2
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7678209891
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7678209891
https://sync.1rx.io/usersync/tradedesk/499f5536-7d51-4224-9d09-ff92ffce6cca
https://sync.targeting.unrulymedia.com/csync/RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-e5b75bb7-e589-4b09-b743-c6d...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003

49 B
509 B

95ms
80ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: Tengine
ETag: RXe5b75bb7e5894b09b743c6dbe2a9eff1003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003
Connection: keep-alive
Content-Type: text/html

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 05D2
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=1ec42f89-c30c-46b9-84c4-a8d58a62aaa0&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=SnREV203ZG9ZNDYzbXB6LUxEY2JUQQ&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1

49 B
333 B

191ms
104ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-577cbfbc5c-c5gnq
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 05D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MWVjNDJmODktYzMwYy00NmI5LTg0YzQtYThkNThhNjJhYWEw
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm=&google_hm=MWVjNDJmODktYzMwYy00NmI5LTg0YzQtYThkNThhNjJhYWEw&google_tc=
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEszv1uSObVy3HQidC0SN-4&google_cver=1

49 B
513 B

94ms
48ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEszv1uSObVy3HQidC0SN-4&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEEszv1uSObVy3HQidC0SN-4&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 05D2
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=97bead32-8979-43a6-aea1-f7b4f40d7aae&pubid=0b24fdfc82

49 B
513 B

55ms
46ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=97bead32-8979-43a6-aea1-f7b4f40d7aae&pubid=0b24fdfc82

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=97bead32-8979-43a6-aea1-f7b4f40d7aae&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 05D2
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=b3dadb0e-21ed-4424-b7b9-5873f33ee088&google_hm=YjNkYWRiMGUtMjFlZC00NDI0LWI3YjktNTg3M2YzM2VlMDg4
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESELPPiStMzF4tUb3pKljYT68&google_cver=1&ssp=sonobi&bsw_param=b3dadb0e-21ed-4424-b7b9-5873f33ee088
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088

49 B
513 B

51ms
45ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Thu, 24 Sep 2020 14:36:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 05D2
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909

49 B
513 B

78ms
16ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5995 42 B
723 B 80ms
79ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstm9vX-VjcRAnrJDCeCc4R0MMaRy5xBRxXOORfs4YG5D8yI2c0BdzVur0EeMGlgNiD8Go1hb5ZakuoN95lmo9t15BJ2cwPeqFoZ8TbsXnGySr0OKnTK-WOLu3GfGCwSA4nVlnDgDXRq-pWsMD6GG6qdfA&sai=AMfl-YQswKhwmguqZ0ZoXMgposu-D0T1H_cpBfmNzjd58D4MlvYkny4WpUicQ09XDTU_YOoMe0W9e5Eaz-PE-HpCOJuV4_pgmL_WUP7QmuYWJb78DgY40dhdWUBEobNVcvU&sig=Cg0ArKJSzMwJy-J7ga1ZEAE&cid=CAASPeRoQcgvoOmbrJLQsE7UCZ4g7G-uiURyLTpM8QkgZC63VpCjW3Q7-i_PoaQQQY4HrU228weA-aAmQ9JRG5I&id=ampim&o=980,413&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=170&tls=1170&g=100&h=100&tt=1170&r=v&avms=ampa&adk=4133934225

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DF1C 0
22 B 63ms
61ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gda_r20200922&jk=4467758055660252&bg=!QUKlQlpYR2NwWTkMs48CAAAAuFIAAAAaCgBZmNVIDhsY1DDJFrdqN9Yr8UJEO_U6fTyGV6ISkfgffRFP2kcZdyma2oB8RbSYZAaqVYdKzeI36Kb6efkIsj0dI3HT1cvmuKEs9GBNtzpGXgZI2mu8HCuKVryZAf_uSKM1BxRSzGnCSc2P9GI_LYy7dVlirx2X0au27FV8hOliytsgwoU5151vR37kp0N18cp4s9ERvmgcCFjfuT2DAPeqatwCDMu_L3cOtmVUPHJ4TGZgXD-EWDr5YE-y6DZQsImdNtN8fwAFqth4cPZTT400mpNEwplktQ4GffpcHFUsIa0v2TXrrE0kClFpA3Ve1DZkEaUS0b95HWqRSC7nzWzunhHTGjHjXocVP1zNCufP42zAANJ602BdhFaTeuLg-Ewy4izZnSPkqoIEJQzaGzRbLTXP8lnIQ-M5qAjnoDeN4eFAKPblyKv6qow4GBJgydbCJ6V4vigMVoCO5S_wKlSwujR4lKbkZQ6TAH3l7XTf-mpN39GvpBHDwdMODkxjvowxz03oBArCVUSViUBOi8NuT18ZkldNH-eMbLCZddVM8AiEZwvOhPx0Rz0QN7TtuDpEC6dRvRuTKVdQEtVRE-_AGejP035m6vVRXExipJCYhhnaVYNWhjw-9oEzowkpYhuf8QbUV2JynDqwvpaKhqCqIEHlzC1b4RZhb8nEj92z4VVDTl5B4xhDeqIMRMupAz04fmw1KTMf6QradYUMUOfeQPhLFSXi0x7HuJY3p2m7ntvjZMuEn7I85g7eMjubtFmoIIOyTIkiRtoyiqvt-WWqWhksZN_aL3U583C2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 5195
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dsonobi
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dsonobi
https://x.bidswitch.net/sync?dsp_id=59&user_id=a61d79b8-98fa-4062-bc19-6d48572ac245&ssp=sonobi
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088

49 B
509 B

19ms
15ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:32 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Thu, 24 Sep 2020 14:36:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=b3dadb0e-21ed-4424-b7b9-5873f33ee088
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 5195
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003&rndcb=84874545
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=b3dadb0e-21ed-4424-b7b9-5873f33ee088
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=adconductor&bsw_custom_parameter=b3dadb0e-21ed-4424-b7b9-5873f33ee088
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=c001f7d3-5ec8-4d5c-8271-e178ed4a2300&user_group=1&ssp=adconductor&bsw_param=b3dadb0e-21ed-4424-b7b9-5873f33ee088
https://sync.1rx.io/usersync/bidswitch/b3dadb0e-21ed-4424-b7b9-5873f33ee088?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-e5b75bb7-e589-4b09-b743-c6d...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003

49 B
513 B

15ms
15ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:33 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 24 Sep 2020 14:36:33 GMT
Server: Tengine
ETag: RXe5b75bb7e5894b09b743c6dbe2a9eff1003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-e5b75bb7-e589-4b09-b743-c6dbe2a9eff1-003
Connection: keep-alive
Content-Type: text/html

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 5195
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909

49 B
513 B

82ms
72ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041527799631063909
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 5195
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=499f5536-7d51-4224-9d09-ff92ffce6cca&pubid=0b24fdfc82

49 B
509 B

80ms
73ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=499f5536-7d51-4224-9d09-ff92ffce6cca&pubid=0b24fdfc82

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=499f5536-7d51-4224-9d09-ff92ffce6cca&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 5195
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MWVjNDJmODktYzMwYy00NmI5LTg0YzQtYThkNThhNjJhYWEw
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDqm0TPku9R0om6Y3UmEGm8&google_cver=1

49 B
513 B

80ms
74ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDqm0TPku9R0om6Y3UmEGm8&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDqm0TPku9R0om6Y3UmEGm8&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 5195
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=1ec42f89-c30c-46b9-84c4-a8d58a62aaa0&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=RUtqa2hmX0pkNVdsZk1oSVlXTllEQQ&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1

49 B
333 B

119ms
101ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-577cbfbc5c-c5gnq
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:31 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKnhTktC5MsNT7Aw-Xa5vrs&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 5195
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9e65f6c-aeef-4f00-ada2-c1bed1824ffd

49 B
513 B

83ms
73ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9e65f6c-aeef-4f00-ada2-c1bed1824ffd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Sep 2020 14:36:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 24 Sep 2020 14:36:32 GMT
Server: MT3 3091 d17e67c master zrh-pixel-x11
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9e65f6c-aeef-4f00-ada2-c1bed1824ffd
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 24 Sep 2020 14:36:31 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame EB3C 0
0 90ms
79ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: "573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Fri, 24 Sep 2021 14:36:31 GMT
Date: Thu, 24 Sep 2020 14:36:31 GMT
Connection: keep-alive

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame F698 0
0 205ms
27ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=158127:2; KADUSERCOOKIE=7551E39F-171C-41E3-88E1-DC1F1261E4C1; chkChromeAb67Sec=1; DPSync3=1602115200%3A197_219_201%7C1600992000%3A174; SyncRTB3=1602115200%3A161_176_5_220_71_22_165_54_7_81_56_223_189_3_88_166_55_78_104_21_8_204_99_13%7C1601510400%3A2_67_15%7C1603497600%3A203%7C1601769600%3A63%7C1602201600%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=37671
Expires: Fri, 25 Sep 2020 01:04:22 GMT
Date: Thu, 24 Sep 2020 14:36:31 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 visitormatch
bh.contextweb.com/ Frame 6BDD 0
0 206ms
99ms Document
text/html 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: INGRESSCOOKIE=1c5a2fc17cd36420
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-577cbfbc5c-c5gnq
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
content-type: text/html;charset=iso-8859-1
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame ED7F 0
0 183ms
89ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/auc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.193.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=862c53d6-b75b-07be-20ee-c265c49db193|1600958191; pd=v2|1600958191|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=862c53d6-b75b-07be-20ee-c265c49db193|1600958191; Version=1; Expires=Fri, 24-Sep-2021 14:36:31 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1600958191|mWkigqiysLommOgevNgunsn0; Version=1; Expires=Fri, 09-Oct-2020 14:36:31 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.193.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 24 Sep 2020 14:36:31 GMT
content-type: text/html
content-length: 316
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9318 0
55 B 99ms
82ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gda_r20200922&jk=1080921787487671&bg=!cnGlcWlYnbpjK0ExEeICAAAB9lIAAABdCgCnWmzlehlz63Y9nZUUziTfk4doSP4NuXZbyPc1QPP-XHBFFGxgdxuINVkOS0lwRrgnsazd3GGumaMZ7Y28VWSscicWf7jOIjor2HRmwJ59UPB-HJac6ZDS2tYEygCwjOsVm9O62DnuJt3g0w5FDRwlnIzBBhpv1T5qhcDVVmDBcKmRbcttxynbnELAjuUvK8d2CevepBIiVL4YbFf-s2wgHZinkJXb8N6ZAf_LJp9uYLmRZuh9NtqpiPXZz8qU4VTqcVFdYdzXUVM7szqQVN78qLAklGHVpGYyth_T7GNM00oiHtY_iVzpjSa6Y5D8fOwetblvAfNVdLi-0oSks2hismtrxO94n-g1Ni67x01D3Kp5x6g8QwdoKMro90MKTc8En9BAXbF_xdIMCJ-2iUNJ0pW23FnkDSXkVzO2gMpOV7GqwV_b0T2UauPqxFmg9MhB25nRnsvMkFss9SlvxS0yI-30oxnqWilnZC9gBU8PyVzCMDJGRlDjCf3i2k5nH5nbNYTXBbWIdytKLRs3rEzgK2jXG8bIA6ALFyxhcS1N4zRaUi6tjfY79GmyvhqQGt-ulK8TTCWWyCaAbslmNWhRbGGVu7_6vhGhwejrmNCOGcYYIKpM4aR4GnyYqqrX5c1JEE1IJLlMmFJvxw1I6XMvbZYW8fQ0ocDvC9PLosiDwbSdXgXBh6FsxBPlBg0CQFTVUHPuaahXb7RywGUrUW7DIJj6FVlsIgK0y59MNlPCk0Ip3bKr6nLrhuvKnmPooIdYZtiVFEc-cAeFHm-59lMyVFIJiYUUtrcCFELYM8gDVFjYelNS1EY4Xs5qOcKLiUKGWzkvFM6fltklY6Q7rTVqD65Y_UQlpAtJM63buhzPb3zsrvvwBkTjkzjas84yBTGqxI6fTy-sK3vD

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:36:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=ab666092e6aa075ec4beae7c3cab6002

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=ab666092e6aa075ec4beae7c3cab6002

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=ab666092e6aa075ec4beae7c3cab6002

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=ab666092e6aa075ec4beae7c3cab6002

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://securityaffairs.co/wordpress/108685/malware/emotet-europe-alerts.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

48f11e65a3524dbf8c2117b21085bbf8.safeframe.googlesyndication.com
701aeca85d94e07994da0ca38d3797ce.safeframe.googlesyndication.com
acdn.adnxs.com
ads.avct.cloud
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
apex.go.sonobi.com
bh.contextweb.com
bid.contextweb.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
cdn.ampproject.org
cdn.pixfuture.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
eu-u.openx.net
f2ace2b5415b91d1381f7bd495477a8e.safeframe.googlesyndication.com
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
hblg.media.net
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
ice.360yield.com
l.sharethis.com
lg3.media.net
match.adsrvr.org
maxcdn.bootstrapcdn.com
p.rfihub.com
pagead2.googlesyndication.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
platform.twitter.com
pool.admedo.com
prebid.mgid.com
secure.gravatar.com
securepubads.g.doubleclick.net
securityaffairs.co
served-by.pixfuture.com
stats.wp.com
sync.1rx.io
sync.go.sonobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagservices.com
x.bidswitch.net
fonts.googleapis.com
104.108.144.24
104.19.132.78
172.217.22.98
172.217.23.162
178.162.133.149
178.162.133.150
18.194.102.50
185.29.133.199
185.31.128.128
185.33.221.88
185.64.189.112
192.0.76.3
192.0.77.2
198.148.27.134
198.148.27.139
2001:4de0:ac19::1:b:1b
2001:8d8:100f:f000::289
213.19.147.150
23.210.249.83
23.210.249.92
2600:9000:2057:c400:c:a9b7:ddc0:93a1
2600:9000:2057:e800:1c:8a07:5e80:93a1
2600:9000:20ae:7200:c:abe:f440:93a1
2600:9000:20ae:e000:3:c04e:c780:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::ac43:4671
2a00:1450:4001:806::2002
2a00:1450:4001:809::2001
2a00:1450:4001:817::2001
2a00:1450:4001:817::2002
2a00:1450:4001:820::200e
2a00:1450:4001:821::2002
2a00:1450:4001:821::2004
2a00:1450:4001:824::2004
2a03:2880:f01c:8012:face:b00c:0:3
2a04:fa87:fffe::c000:4902
3.127.132.197
34.249.135.160
35.157.168.25
35.210.53.219
35.244.159.8
54.194.211.3
68.183.31.14
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
061fb6b101f6cb81e50049afd09b45c6d007c8efc19c04c17080519ec0c949e5
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
093fa1b3be5a5ed806dc8873e932ce049231b1b9bab39fb85e63ab8229d57c0b
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1d53aba1ad67e8f8f749ad171cf1a82d605a0db2e5598d4a5ca3385bc4d44d44
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41
22f906059a556127bca0fcc62c70f321718fa81ee1dbe602ffc8ad87bf60e7eb
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
23b775e4e3b5b93742dad8a1bbfacb2ffc3271a15dbfc6d3ded21d713f2c3489
24b5b710e6775ec2974c8b28d69d4344c6384734de05cec54dcee8741edf8c61
295c7e860f5c8ca155455c40ae5b74e4eac12f1a34e812a28374188546343419
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2f12258640d2af6abdfd7fd917e2bb0045dca5582ed6e88a891107dd9a12e966
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3afe47d0fe0b16bc5bddecdc9bcaca94ed420b8fd0ddee2ae77364403c794bb8
3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070
417d15857e57eee2ce57b556139e557387cd712f128c327b0d1f0741b6919774
43e7e40b50bda58a6afd27074c6d1ff62ed70535e06cf1b2f270053806e6c007
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
4bbd38bcab362fe6b30fe76ccb24266b59335c401c8a432f7b71b0189c49d217
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
51b1fc44ed700e8ce76530d509f658481b8effa2954e4296ed501f7f356816e6
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
54675ec64473f421a8faf763c391556bccf81ac1e3cde6f61201f3b45190ecd0
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6
569401433c4890b8a3030abf143df07686cc42655cb23c298eb41a1a9384a443
571002e2b1e2689769278aecc402835073ae0647fc5e67aa53b4388636c06f7d
576b217bbe84b6b64d0779553b53c7370a3cb667cb47d59bb35df28170919040
587e9afa3875d2ba7d763e56c960c5ebd7523ec8d13e0f13dd94266571bdda17
5b846e3256bfb4b9904c071001321ec879ee871621dea0343f6ee87003df8374
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5e1390f7c515a04fbd18d7c3e864de65e7fc473f8a2e5134f74a79e122911dd7
6083ab99860d08b524463c0a71edb943916013b9dfb088c99afcdd92131cf8fe
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
6f3af67a7881551afc4bfb5872410212aeb48c17feb64381c4a53c3799e9e87a
6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002
7066646bf9bda795e008aa09863f4fbc08f0c05774d08c0303efabdd3bb51512
71a7990ac054bafa3230fd3632d091434f4b97fce7e3af09b9248c5dfb4b5b59
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
75aa33437c8d3ba9de5af7d78ec1db8b87ab3c6e427c65604a2d84e282dbeb75
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897
77fc22ad5ba2f43b6e079e2d97df508e67503c8bb1cabdc36f55ebcaecd00d38
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
82b84e397d29e4ec99f85401947b5051a897c956999f0a6b3003319431ecddb6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e3c275e10e0eceb96bc54f7dad8afded23435def955d6db00f0c4c1a4fd0e38
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
907a82c1e3c68d9cfea54a838b9ced9079ea1b886c073ece0f497f642f301b8f
9265bf969f057d9897e30caf40e8f7f5ada20d7c41b206fe72f0f3095bff79fb
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9b5b9b8b1984a7b55656ca3d243deb436e049467353f6e61e73ac8bd0ab2a636
9e163502e82cedeb12e1a9eb2e8f2402aaac18ef27db285f151f9121c23ef4c2
9ef666022c3b2e7ce78c9a82d0629305bf3812f8d787cb957f218159637ee7d4
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1ee7d241bb9729ba813536e6a54d708b6d809a87f9d02457170d61904d52ac8
a46e38f2813c308d41ae008b8320a4377779d23aa3e5bb587fdf7a671b513480
a6ac3622ab589dabf87e83f2784e7cc0199bd6225a54f2df9999770e9d015fad
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
af08ee123b911072c525fece60932992a23ec00ba1178286d877ada82691c2ca
b060ff595bbf90873533d920c62521c2ac28f11b029b4afa6389c7aefc913691
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b397f92e5f197af9b4d9ceac02bdb1e06c304fb8fc8b22ce7689eb0e837a4e78
b834a80037718e3da7f92199034dc59611ed774af41f1e84fa1e0d97c4261192
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
b99296f442e2a0de1a11fb3c5c54a691ea10e85b0e0fde4e602d930fcb64d110
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
be9eae694a2f542e08b09ce5dc661ff0fd7c6593b2bd415eec46b2f84b4b02ff
c7f09c5c0d3e1874301fca15c84d4f4ef874a8c663243ed3a960b65c2f75465a
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6
d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31
d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e
d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa
d5d95b07869d9c969e3ebaf863e29c2b7a4a7f92c223c66b57cecfacebfb0001
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
dba017aeb5a42f26a16e95cfe20e236c9321d8cbd23df9397365841f4bdf38f4
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e2f13e89bc922e025af4da52c4191de4c3dc7b28823da7d65c53ea424c006e32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
ebaf6e34e5df3164e4e9d20a72144eb0940ef03daae9896b84202edae698f736
ec4344adc742b2fbf294aeb340c91f1119885d17d96912e7163d2eec59a1ab69
ee657fa9cbe48aeeda44b31ed4ae2ca1d021a82e301e36a456eafb7c8dda7fb7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4906a5a6ea68dea07e2e62a8b5b1bf84742e182a65565abc848197217deaead
f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9a8b6486b932f30659598dbdff8ddb4069135999d1d720c73ff7f84cd3e2dad
fcc08b5478cae22197e8925b8bc4e97a4f3da913291f965fa8a9648d1053ef75
fec6411c0449c2f2b631cdb40900e968c49501f4e92e7b12e75e1e1bc6ed2813

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

244 Requests

98 %HTTPS

43 %IPv6

34 Domains

57 Subdomains

37 IPs

5 Countries

3578 kBTransfer

6659 kBSize

0 Cookies

18 Outgoing links

Redirected requests

244 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

244
Requests

98 %
HTTPS

43 %
IPv6

34
Domains

57
Subdomains

37
IPs

5
Countries

3578 kB
Transfer

6659 kB
Size

0
Cookies

244 HTTP transactions
3 data transactions