URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Submission: On December 16 via api from US — Scanned from DE

Summary

This website contacted 30 IPs in 5 countries across 26 domains to perform 233 HTTP transactions. The main IP is 2606:4700:20::681a:25b, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.redpacketsecurity.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2021. Valid for: a year.
This is the only time www.redpacketsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
55 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 104.222.176.201 6762 (SEABONE-N...)
25 2a00:1450:400... 15169 (GOOGLE)
22 2a00:1450:400... 15169 (GOOGLE)
1 142.250.181.226 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
10 104.222.176.10 6762 (SEABONE-N...)
34 2a00:1450:400... 15169 (GOOGLE)
3 5 2a00:1450:400... 15169 (GOOGLE)
2 2600:9000:215... 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:401... 15169 (GOOGLE)
1 108.177.15.157 15169 (GOOGLE)
2 3 2620:116:800d... 16509 (AMAZON-02)
3 3 54.73.238.193 16509 (AMAZON-02)
3 21 142.250.185.226 15169 (GOOGLE)
1 1 34.98.67.61 15169 (GOOGLE)
3 35.227.252.103 15169 (GOOGLE)
4 4 185.64.190.78 62713 (AS-PUBMATIC)
3 3 69.173.151.100 26667 (RUBICONPR...)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 52.29.77.212 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 3 2.18.234.21 16625 (AKAMAI-AS)
3 4 185.33.221.13 29990 (ASN-APPNEX)
11 2a00:1450:400... 15169 (GOOGLE)
2 2 104.111.215.191 16625 (AKAMAI-AS)
2 142.250.185.194 15169 (GOOGLE)
1 213.202.235.10 24961 (MYLOC-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
233 30
Apex Domain
Subdomains
Transfer
58 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
676 KB
55 redpacketsecurity.com
www.redpacketsecurity.com
394 KB
47 doubleclick.net
googleads.g.doubleclick.net
bid.g.doubleclick.net
cm.g.doubleclick.net
static.doubleclick.net
googleads4.g.doubleclick.net
630 KB
14 2mdn.net
gcdn.2mdn.net
r4---sn-4g5e6nz7.c.2mdn.net
s0.2mdn.net
2 MB
12 gstatic.com
fonts.gstatic.com
csi.gstatic.com
www.gstatic.com
117 KB
10 tg.dev
tg.dev
oauth.tg.dev
164 KB
8 google.com
adservice.google.com
www.google.com
2 KB
7 googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
130 KB
5 googletagservices.com
www.googletagservices.com
183 KB
4 adnxs.com
ib.adnxs.com
4 KB
4 pubmatic.com
image6.pubmatic.com
2 KB
4 comments.app
comments.app
48 KB
3 casalemedia.com
dsum-sec.casalemedia.com
3 KB
3 rubiconproject.com
pixel.rubiconproject.com
1 KB
3 openx.net
rtb.openx.net
478 B
3 everesttech.net
pixel.everesttech.net
1 KB
3 quantserve.com
cms.quantserve.com
1 KB
3 google.de
adservice.google.de
1 KB
2 addthis.com
e.dlx.addthis.com
1 KB
2 media-amazon.com
m.media-amazon.com
10 KB
2 cloudflareinsights.com
static.cloudflareinsights.com
11 KB
1 cloudflare.com
cdnjs.cloudflare.com
34 KB
1 exactag.com
m.exactag.com
1 KB
1 agkn.com
d.agkn.com
758 B
1 mookie1.com
odr.mookie1.com
694 B
1 googleadservices.com
partner.googleadservices.com
656 B
233 26
Domain Requested by
55 www.redpacketsecurity.com www.redpacketsecurity.com
static.cloudflareinsights.com
34 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
imasdk.googleapis.com
www.redpacketsecurity.com
24 pagead2.googlesyndication.com www.redpacketsecurity.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
21 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
20 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.redpacketsecurity.com
11 s0.2mdn.net www.redpacketsecurity.com
s0.2mdn.net
9 tg.dev comments.app
6 fonts.gstatic.com fonts.googleapis.com
5 www.googletagservices.com googleads.g.doubleclick.net
5 www.google.com 3 redirects tpc.googlesyndication.com
googleads.g.doubleclick.net
5 fonts.googleapis.com comments.app
googleads.g.doubleclick.net
4 ib.adnxs.com 3 redirects googleads.g.doubleclick.net
4 www.gstatic.com googleads.g.doubleclick.net
4 image6.pubmatic.com 4 redirects
4 comments.app www.redpacketsecurity.com
comments.app
3 dsum-sec.casalemedia.com 1 redirects googleads.g.doubleclick.net
3 static.doubleclick.net googleads.g.doubleclick.net
3 pixel.rubiconproject.com 3 redirects
3 rtb.openx.net googleads.g.doubleclick.net
3 pixel.everesttech.net 3 redirects
3 cms.quantserve.com 2 redirects googleads.g.doubleclick.net
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
2 googleads4.g.doubleclick.net www.redpacketsecurity.com
2 e.dlx.addthis.com 2 redirects
2 r4---sn-4g5e6nz7.c.2mdn.net
2 csi.gstatic.com imasdk.googleapis.com
2 imasdk.googleapis.com googleads.g.doubleclick.net
2 m.media-amazon.com
2 static.cloudflareinsights.com www.redpacketsecurity.com
1 cdnjs.cloudflare.com s0.2mdn.net
1 m.exactag.com googleads.g.doubleclick.net
1 d.agkn.com 1 redirects
1 gcdn.2mdn.net 1 redirects
1 odr.mookie1.com 1 redirects
1 bid.g.doubleclick.net imasdk.googleapis.com
1 oauth.tg.dev comments.app
1 partner.googleadservices.com pagead2.googlesyndication.com
233 38
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-18 -
2022-07-17
a year crt.sh
*.comments.app
Go Daddy Secure Certificate Authority - G2
2021-03-28 -
2022-04-29
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.google.de
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.tg.dev
Go Daddy Secure Certificate Authority - G2
2021-04-06 -
2022-05-08
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
www.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
Images-na.ssl-images-amazon.com
DigiCert Global CA G2
2021-03-23 -
2022-03-22
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.c.docs.google.com
GTS CA 1C3
2021-11-09 -
2022-01-18
2 months crt.sh
*.exactag.com
Sectigo RSA Organization Validation Secure Server CA
2020-01-22 -
2022-04-21
2 years crt.sh

This page contains 29 frames:

Primary Page: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Frame ID: 79DCFC72F1410891F915E6FCB16E48A3
Requests: 75 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: DFE738DE7CCA725F275C637A916696D6
Requests: 1 HTTP requests in this frame

Frame: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Frame ID: 54ACADCD4684254DB96B86CBCB6EEED1
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&adk=1812271804&adf=3025194257&lmt=1639641804&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653519990&bpp=3&bdt=338&idt=94&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8730578267269&frm=20&pv=2&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=111
Frame ID: 9BE32818FCE1348F7A34978934442D52
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A60A8863AC45DE057CA867F649899879
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8FBB91E1D696C38A7287DE4CCD5E3425
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Frame ID: D32A9E3BD38157E5C4EA0788D20D6ECD
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Frame ID: F89A71A5DFF4B03B7ECCA05147AF9E69
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Frame ID: 3604685D1F6BBD8006A2BB937DA3D46E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Frame ID: 8A77CFEEE56E1A72CC5C463356F62DB2
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=1315137869&pi=t.aa~a.442764149~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250%2C296x240&nras=6&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=3202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=sjX7wUQPNM&p=https%3A//www.redpacketsecurity.com&dtd=43
Frame ID: 91999E6D90FA9EC8974928C9166E74AE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0FE00FFFDCE8A2A62973E3869FDCB58A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F6B185192886DDE76464B0A875B3DFEB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 8036AAE72779B9F8339A18BECC7549FE
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 56533FD3003D0BD32B578BBC4A50F9FC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5B73C9ACCAC41E9911B54F1AAD2DDFBA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 841E5DDD84FD5CEE6D15193DA4B846B7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLuwcxCfx6UCGPjnhp0BMAE&v=APEucNVNOPHrlAuM1yq-4boeJtWqbJxypcnHHe5XMUAwFWHBEkeb4EF7K59IcftPOqjorIiIsz4JHmiYSR6BoNMuWM1mk2uPSsQus5idWiKpXsMJqKYZZxrvh8z745Nc2D_f3kG5a3Xco_ChuKF8WSX-vQHZd2fBKieFS5rAv8GRvcX-cOTV_W8
Frame ID: 57807D5B591B3D9E836329AE3B8A11C3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DlA_xbweKP9ZkCr9ZpFX1xLHsf5vKh5nrmoTpMBGP93LnzVGXfu-eykDWfSPviO8LwwS2f4_QznQPEuO_mXN2oHMaBugksnZp2lVDKC9KiMZpI-n94OCkOMQ5Tukj1fm1kEND1TgLbPdwgoZ19RrJJ2DDHgQ&dbm_d=AKAmf-BUI-v806ccMDK9fXcBql3LgXDQQ99pYaTMFpgUY3F3kCqabPk9ztq4laO5Rtphv8_kZQDLIE2Ss2HCJ7DsZIC2aU_O7paeamEYaN13T3ALjVtySQNPlQpyU7JYxs38obI9Tbpr1UWN5S4rTwysCF6hpAszIeNe1tIeKNuE1khMTXD_F_Mv_upWYwxiI6v13F-jOvkITYiWlaxEwTYR0wVR8kF8HK9upnOVRS1gyyB0W35i5N3K1lW2I3vYijGC-E_8vc30E9MDL-Tg7DAaJN6AJwoNpiGNOG1v2uXOIxqE7UI0kqY4mu_Lra4PwcnOgmRUnas2YUZpBhFs72hOaqADtzCnmiDw-5x1DYA53Kv84bkQYFNqX2MUxBf9092W7luAkHLmtB4TwIdtC6wXlKx-JRGFNmbdqz-QqUsYgMG40FgUdQk-s_BZUDji30h1coo6QnXcPcafWMPFrkiwe_66KN0qYmzh0RxNFEAZXQq1K6L681MNxw_IZ8catVdoxtUGx5F3X-mSVni2cxUas2lUmFEFlzGoR1plGILq5lxePDblET-9ZV8d-jN-wDp5XK6GyeA-5OPSaLhz5J6BL-QMtxMM-ZUEYSVXoiO7YaWKKCt5_Nwm62PUU8fiZZMitzS3qXJPr1AA5rae_E-dnKZTnT73xtW4EbIp1Miw1bGqXf4CZGUmHaObUVaCobIrSr7q4qi0s5OdqUkupKOPkVBcNntiRX5-2bdaxfKaXtPYSaZJ56zTUZZNkfjRpo_hmRkk-TQ1LfuGt9C45if7aYI6zb_uAIg7a8Xjqdcdlmuc648dUlsXn_wJw53L19DBwm88YeQCjz4FgM5q6AH1IFw703P0LEZOf9adlCCCGDjvIhoBJsb3DsjP-qXsLzKHRv8t31vNgnpN0c_-R9M4Lq3D4sBCusVl5oSeKZHotSK8hK56ZlRW-cInoSb9YO0DSoSLw55L0QbiMIu6Z_AISYQoVFC8gZ7f0-5h0VsXQvs2X3GcdEDSCDl4hnEcutPlNxlQBYiCfO3iLYF1PH3z-42tfIbmMEUypdc0Zs5ZlU1Tdrx3HgMgE7qZb3BzM1NfZ29ibMcm1fqOW277Oobzfi9t2DHtV5r9du6NahkAdkFqaLoy3dV6aQiKrN8MNpEO59j5eIWCQeJVsINV1Ya8bx-_caCymWNKJvYiMVSnPhdEAvgA_AbCQxZl-dubSQWtaXb7hs9ET1ZMVYDEnpdfdVoXUMVdI5QAttJ_An93jO5y6MN1ZXKBlvzjyPE9N2A4ht1BoG-py9PIeKNBVROE91lVR8r4IZ4-1mSxGtRxrIKlZoTWy-l4yfr56x_k6SzRsQ4_Z03SaSVZnawUkR7Tf9AiSWyb6qHTr9vBrJx0KdqzsLKgK_-N9PXwaAmMd_EE0rYosNRmR7Fk2hXepwY91fBQmmx6wtKc3hqskLk4HhgYUbUR04luQB3l0fdhLbymHFz2-EEyD5LHknqsPuKWzIabo-plWzdw-A2Vig7jewLOYxZpMSgSkYEgUwmyh4cFikWzRDwVSNKpTc92UBDXgwWz8kGrVMt8TK1LBJvR--iiqgid0HVKxGtOPCq7byRTyjnAfFBqeOj0wGC5ESVnVFL9JQquTB7W2RJOdyVfPFY9HcxmKFAZ5gYs-xHVBNQpmZYpjqpxWNc99ZDjsmZGP12bLNcP0mQP3bDJnynFfJyi9qJRV9VbGEfpnXzp9zmLfnRi9D8ApqpZQLAVmaLVUjaj2yjBvw-KKXcU48npFjDmKnZNXoqpbv_WDdd1lkmiiBP8Ys9ZGemuPv7pG9bSSL2suRjmSSCU-0Rl-r97u5u2TIS-mXuUuJQEeNehSsFc3FPeFGHXQB6Li0nyUCxLeD5oD-fYUWFz5tPAXJxF0ArAALMFGDw0iFzLDkQoWNFp6NBFv8kKd0opdBrIyd7ImmXdvy2xmDK8mIQ79VdMF20gbBCRPpjwr7E49-EfGdAwyi6QYZR1KlTu0HRwUZWahc-fUmhU4p7hsHJeM8kE4E82kTjVb32aYLWoxpeCghwejn21UVYbzUvP4pcuvS1B5UnCWnJt9wGkrBdXHLxmnMOKf0g0aE_Lsxm6eRZ9xB3UIEMl8h-P1K4SBFX_j240_dGI44MPn1DuFsCYvX1UPsHmwWOyQl3-r8fiLTaAmjOu68g5AJLE3mnEQQXENXMtFUK0Hn2BO65Ee_9vTORM_c4PuffR_OrxnBtCRAKC1iTFiX3gIsKcGxUzLzdLj5DbDtOAZJK_ozg5xKPgPvOy7UdN1jNONDQOIwet7Q2nnV4qpf92nRZE1NNg65BD6qL9umBGGadbprFLTKFf-PwJ3SEGdWzmi4TzfTWJ58hEWDLHtwq1oYOcF0_GAEJAj3ACeAXRXVcTwdg65j6NkkpktOdtIoY6zL--_lmmgOGvxaVDUf2sPgaFZny_7Iw_eCciYy6COebn0rDxFZBBSfOOcQT6ey_2yNbN31CJc0M3ft4VYmLt6dD6vs8SDHpIeeOwTUUY93laPkr8NPDBBCsEXpdZXSv8OacBgyLyqZ5e0Rwu9q1lyb0MF_Kc54EAvwQSWjMg2xNVuKu5--8WLM11iFIVjjrWd8697dWhJbT1wpBSLOd2cTdkhf-1F-QZ8wkrCuLnyiIB1BA75F7KAb4Z0YLZigLmZrpVLMyQET27KW9nyCyEwOadCgMmZY2mLVro4MQuOC5o_NlxIVAQ3dsC0BazglXhuOu82v5oiicU47jrrI2E4140gI1R1FD3eLmdTsjJoDt_jmnyQRISSsyACTtG438bAs_eAnDbFmQbgtThcZLWFpqsee2KhBqeAOaesV9I9MK3hYM-OK5fSaj21XiN9xT4_Zj_XimEvf0zl07dio6THY9w5fXsYbo9rv6Ts6MYQvsLXuHvhiti9-GRzYybiiKcunsCMn7v7RLyViCB03ZPWtsXiMMvFfq1LnG8Y4ixV9TiHmlkGSYG1nqXZhxT-V8HcXvmUASPUtem_X4uO1nvEkEA2DmpW7xmtOzUoOTo816-pg7ZJHazY8Iqs0el8lcGE3YERUrca8VUEw15XAmnWKMHjgbmP4upbFlsKRnVNpLJLwygJ_CVVR3NIhT6jAYnklaMdUhPNSbwHGUYhBTRBiTjWIpg-azBs2LMOPPDHYACMRTy4eKo3nOUu1UThFSIJ0w&cid=CAASEuRoe9VRDoKBaWVRVUnJjLIz7A&rfl=2%2Chttps%253A%252F%252Fwww.redpacketsecurity.com%252F%240
Frame ID: 361BF645118C8C04EDF7D1B1F9427594
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 14695901DD52C28BC6E2AC69CC56BA2B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4BB59BB0E3C1A8C8E0BA71019688C0FE
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9049098/1612513824636/index.html
Frame ID: 77B935FC79FF0986CACEE7D113F60425
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 3B9FE65260B43C86B105D46927836E28
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 24D87DA9B13D48633DC4973CE270B425
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/index.html
Frame ID: 43BF5C4454722BA05C7EC1313973B3C8
Requests: 7 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 664349D700D4E4BD9F21FF83A5AA3231
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4E0A23D41928B325F0F70C473C95FC16
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 155B303F13A33F8C1A8ACCD2DF745206
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 32D4DF685E3FD29FD4897442C518C420
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials - RedPacket Security5.0 out of 5 starsAvailable for Amazon Prime4.7 out of 5 starsAvailable for Amazon Prime5.0 out of 5 starsAvailable for Amazon Prime5.0 out of 5 starsAvailable for Amazon PrimeAvailable for Amazon Prime

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • TweenMax(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

233
Requests

91 %
HTTPS

56 %
IPv6

26
Domains

38
Subdomains

30
IPs

5
Countries

4622 kB
Transfer

7922 kB
Size

34
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKf_kyVxIMq1w-XrC22E1FH7XHMwE19VQ1mW3uZMu8wuXtq3_60-dJLOO7W5piSZCgXPxv_4eonpI10Rn5ihtnNYDtuaS9R&google_gid=CAESEHlCt5J2KmfCWLpJUzwvleo&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFCZDlHYUQ5dw&google_push=AYg5qPKf_kyVxIMq1w-XrC22E1FH7XHMwE19VQ1mW3uZMu8wuXtq3_60-dJLOO7W5piSZCgXPxv_4eonpI10Rn5ihtnNYDtuaS9R
Request Chain 116
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEHpbV1W-zITJD1wAOZrA2JI&google_push=AYg5qPIZVxnlE_6slT6LbpDf2zC_HGCHrnvUE8Q46BhjlMy7Vu2gcyIEBNZG-8cPiXy4rIPV4m0rotErQW-4VkX_uhg03JikMZA&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPIZVxnlE_6slT6LbpDf2zC_HGCHrnvUE8Q46BhjlMy7Vu2gcyIEBNZG-8cPiXy4rIPV4m0rotErQW-4VkX_uhg03JikMZA&google_hm=MTA4MTQ2OTA4MTg4NDg4MjY5ODA
Request Chain 118
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIT5MX5OWjHZdTy42Ibm5r0&google_cver=1&google_push=AYg5qPJRyeqYmQIDg2DmEI9Wq7hS47mOpWyT3IB4SQQOtZWohLgUTmMqbbixfhAuK3kdxAo725oF2wslfrYvVqkNostOyv0JIahH HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIT5MX5OWjHZdTy42Ibm5r0&google_cver=1&google_push=AYg5qPJRyeqYmQIDg2DmEI9Wq7hS47mOpWyT3IB4SQQOtZWohLgUTmMqbbixfhAuK3kdxAo725oF2wslfrYvVqkNostOyv0JIahH&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3KcqdOt4R_uHNib3xrzZuw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJRyeqYmQIDg2DmEI9Wq7hS47mOpWyT3IB4SQQOtZWohLgUTmMqbbixfhAuK3kdxAo725oF2wslfrYvVqkNostOyv0JIahH
Request Chain 119
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELgGtnutX7kIFMX2CFe8vrI&google_cver=1&google_push=AYg5qPLGxNIl4RttVjQCSAss7cq9a-Br65Z2weVC0rWuSGYwdQipNHdoZEfjl85q2qivtmJPe5XYWoNu09C_iTrbgP8dlHdYYfI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFRVQtMUktOTNUWA==&google_push=AYg5qPLGxNIl4RttVjQCSAss7cq9a-Br65Z2weVC0rWuSGYwdQipNHdoZEfjl85q2qivtmJPe5XYWoNu09C_iTrbgP8dlHdYYfI
Request Chain 120
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&s=184023&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c
Request Chain 135
  • https://gcdn.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/2AA4EC6A6C2AAAB5771E05DEFE3BD163E7E6272D.8E2655A0FBB1C44F19EF0AC90E2359639359F328/key/ck2/file/file.mp4 HTTP 302
  • https://r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/60CFC0F3E526DFBAFEC66F3196CE3A803AEC0B09.3493351EBDC17645E0A5AC44892F8407F264050D/key/cms1/cms_redirect/yes/mh/7g/mip/2a01:4f8:a1:1a1:87::1/mm/42/mn/sn-4g5e6nz7/ms/onc/mt/1639653190/mv/m/mvi/4/pl/42/file/file.mp4
Request Chain 136
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDBa0gH1mI_F4aE6GZgGQ68&google_cver=1&google_push=AYg5qPJcMkfdAGk3SHzNw0_EF6dhUpLHrIQGz3WPy2af_27Nh59f-BDR6PMbBBZxc2IvB1g_ybfcn0ef8qWk6Uta1UCoGW87dWA HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJcMkfdAGk3SHzNw0_EF6dhUpLHrIQGz3WPy2af_27Nh59f-BDR6PMbBBZxc2IvB1g_ybfcn0ef8qWk6Uta1UCoGW87dWA&google_hm=BL0AMlSdEvpbt-Le7ZupOw
Request Chain 137
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPIYNBhO2VDX7CXGYoD3qXfDI69vco9rcjvOsuy9x7vvk_vQj7RIeQmpQ71B2J44mDYT60Rdo1S-frboId4cqQnq3Gprmx8j&google_gid=CAESEGLlHSiTbyK13Lkauar8-1Y&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFBZnlRQUZFcg&google_push=AYg5qPIYNBhO2VDX7CXGYoD3qXfDI69vco9rcjvOsuy9x7vvk_vQj7RIeQmpQ71B2J44mDYT60Rdo1S-frboId4cqQnq3Gprmx8j
Request Chain 138
  • https://d.agkn.com/pixel/2175/?google_gid=CAESELVx0rAaNTYOa9EIvQfprIQ&google_cver=1&google_push=AYg5qPKhd72onjPtkEtRVtFHxMKLo20B14qDvPpLRVrmcC2YenA6o-eiPC17hn90H5leRGKBzVwp_VE8gGU7TNHfqFFQp166Tiw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKhd72onjPtkEtRVtFHxMKLo20B14qDvPpLRVrmcC2YenA6o-eiPC17hn90H5leRGKBzVwp_VE8gGU7TNHfqFFQp166Tiw&google_hm=Q0FFU0VMVngwckFhTlRZT2E5RUl2UWZwcklR
Request Chain 140
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIKWAb8dWG72Ts3aWYCCKRc&google_cver=1&google_push=AYg5qPJW4c97VcqPD7YmsIfigoGhpBSLRu2GcRSbV_Z6qtyCyig68v1zEZD3ZVWcunQfYRl_mHgobu02Kezf4mauqzKzWw-MIFJn HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJW4c97VcqPD7YmsIfigoGhpBSLRu2GcRSbV_Z6qtyCyig68v1zEZD3ZVWcunQfYRl_mHgobu02Kezf4mauqzKzWw-MIFJn
Request Chain 141
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK8EO5HgxPO2RxpSiin2g9E&google_cver=1&google_push=AYg5qPK-EFE72bvWyVgGiAX83g4I-Fi4b7geDIS-xi4POw5mut9nthc1-DK6FQ-QQt33AjAvuwjUujM59_Q907W7nKya9aLI1YJ5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFSEotMUUtOVNWSg==&google_push=AYg5qPK-EFE72bvWyVgGiAX83g4I-Fi4b7geDIS-xi4POw5mut9nthc1-DK6FQ-QQt33AjAvuwjUujM59_Q907W7nKya9aLI1YJ5
Request Chain 142
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_cver=1&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1
Request Chain 163
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 174
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
Request Chain 175
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbsgkaDs81IkGlthfnuXsQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
Request Chain 176
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECIwlQljSj9I-LgZ2mLYDJ4&google_cver=1 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECIwlQljSj9I-LgZ2mLYDJ4%26google_cver%3D1
Request Chain 177
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwOTM3ODQxNzczNTYxNzk0NQ%3D%3D
Request Chain 185
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJ1F12S5K9QZDlCnkn9PwSU&google_cver=1&google_push=AYg5qPKcIM6DBPSN4esPTMRVcwBqIb5Pq42apJKgmtZ-oLmGbhej8wUOulJb5PC34ND9KgzURGs7gptdrEDGvCoT8McEkYIywuI HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcIM6DBPSN4esPTMRVcwBqIb5Pq42apJKgmtZ-oLmGbhej8wUOulJb5PC34ND9KgzURGs7gptdrEDGvCoT8McEkYIywuI&google_hm=BL0AMlSdEvpbt-Le7ZupOw
Request Chain 186
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPIWgV3dL2VhDshZxQIr2cjp2aCSbQ5KyKkpBKiL0YXTtu1iwW29fFaWLDcMZuIlopTBg85VmDYVmpu3lm2wYQWUZL4ogpEY&google_gid=CAESEBu6YKrfbGB4v1mbVpN64LM&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tnQUFBZnlRVUZFcg&google_push=AYg5qPIWgV3dL2VhDshZxQIr2cjp2aCSbQ5KyKkpBKiL0YXTtu1iwW29fFaWLDcMZuIlopTBg85VmDYVmpu3lm2wYQWUZL4ogpEY
Request Chain 187
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJgzs9QqtC8PxRav_21KEpI7fdeM-Zkj7zzl9KITmbg8A1n1hmFPYCrIUqXgn1UD42VrcTtP7C3vLNffSMrLyQQkzxX1LyG&google_gid=CAESEAROXzPcgVV7c7trgu-_wkk&google_cver=1 HTTP 302
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJgzs9QqtC8PxRav_21KEpI7fdeM-Zkj7zzl9KITmbg8A1n1hmFPYCrIUqXgn1UD42VrcTtP7C3vLNffSMrLyQQkzxX1LyG&google_gid=CAESEAROXzPcgVV7c7trgu-_wkk&google_cver=1&rd=Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMTYxMTE4NDIwMDAxMTkzMzI0NDUzMw%3D%3D&google_push=AYg5qPJgzs9QqtC8PxRav_21KEpI7fdeM-Zkj7zzl9KITmbg8A1n1hmFPYCrIUqXgn1UD42VrcTtP7C3vLNffSMrLyQQkzxX1LyG
Request Chain 189
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPx-lAMngSj7o172y2NccPg&google_cver=1&google_push=AYg5qPKdMvMz1ukAAlN9iVPHHzvNQKNr5qBlDqCYZCeDD4BpR4A3YmtSQPAI3SrLkIWHBOMbNbu0jQG95qREfZaH-IkNB8TxA5oU HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKdMvMz1ukAAlN9iVPHHzvNQKNr5qBlDqCYZCeDD4BpR4A3YmtSQPAI3SrLkIWHBOMbNbu0jQG95qREfZaH-IkNB8TxA5oU
Request Chain 190
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBvEZJ7UjDC1kw017pJ5lJc&google_cver=1&google_push=AYg5qPJg_IFknwdbDIG6OwAROn1kirUDYEDXleHSHYsTIuOBytobzGE2TMNijXU-9X3WKdf0ziygyyLfUduMMndDw4oEEXxd927q HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRGNVEtMjctSjZHSA==&google_push=AYg5qPJg_IFknwdbDIG6OwAROn1kirUDYEDXleHSHYsTIuOBytobzGE2TMNijXU-9X3WKdf0ziygyyLfUduMMndDw4oEEXxd927q
Request Chain 191
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql
Request Chain 233
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 234
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

233 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
102 KB
22 KB
Document
General
Full URL
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.26 PleskLin
Resource Hash
d5c032a0c1b3b6db787cd21d01656e08166144284b158fde098f1c0e771f71c1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-type
text/html; charset=UTF-8
cf-ray
6be7831f8b4d691b-FRA
cache-control
max-age=432000
last-modified
Thu, 16 Dec 2021 08:03:24 GMT
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
cf-cache-status
REVALIDATED
cf-apo-via
origin,miss
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
wpo-cache-status
cached
x-html-edge-cache-status
Bypass for Reload, Cached
x-powered-by
PHP/7.4.26 PleskLin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPQi5Ag9HXF%2FHfcIYgsN5u%2FlvmhD6WSpmWm1Y04HJjwutrz2eod859J7pF%2BlSZvFdvD4QvReiBvxKq5nT8TazltGeC5xvhnZyfq5LjyBpxfEYslEQwlyUQvpaaYbgOERpjGjf0ROScFFcjcXPRoybSsC0C2oh%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.min.css
www.redpacketsecurity.com/wp-includes/css/dist/block-library/
79 KB
11 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-includes/css/dist/block-library/style.min.css?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-13abe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29NqmKwnj%2BEWf6QvKYpKP68yRJU79d3r01rPUeR20nUv0IKpm4CaZGw4CeMevq58H47U1ePLNL8bUtmVbkXSgslcfXaQEJVyITCzC%2FFR4NhwgsfPwiV4jOJ4whuddiN6jJWiSFHNRig0A09Hp46gXDQQTX4Kbeo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9ca691b-FRA
app.css
www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/css/
2 KB
995 B
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/css/app.css?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
af12f7592b4d8f6b8483bd9bab081ecf35abe485d5315fb0ecf30559ac2bd9cd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:51 GMT
server
cloudflare
etag
W/"61ba4adb-bd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pzzlhqb0GScU8lLDNHAWu4mXbqFeaGqPPNwCzh%2FTnXh4jypJDt%2F%2FZVVbotpn%2B7kIQxBYgCXWMpEaWbzQtmv1%2B29otm44xDBsG1XANP4hi92Cz31S7s%2FN0mwW7L4jybCMyiVxVXe%2Fsgo7z8vziyJDY7ItqN%2FM1q4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-polished
origSize=3028
cf-ray
6be78321f9cc691b-FRA
cf-bgj
minify
style.min.css
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/
1 KB
779 B
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/style.min.css?ver=5.0.5
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
8c02c6d0a718c0a546a98e15273ca7341d8614787ee21b71d18ff90f0e801d30
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:38 GMT
server
cloudflare
etag
W/"61ba4ace-4b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZtupQ0XuxO0KEO%2BPsQ6UVGVcQ9SxJdqu3Ao6gMZZqVP7rMx8qbzHLB1jtfB%2FNn7oEGOyy8eyTgy8iadiNWg4QoRUPifNC%2BITIsAMInrqwykyJ03FlLr22X1blay5XtDmfj016cPPA8aF34ru3OZpBZ8ELXnWfY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9cd691b-FRA
style.min.css
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/list/
9 KB
2 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/list/style.min.css?ver=1.2.9
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
58c53867c994b01ce9dc582a3e4d2a2d444331f4ee4684deb0763db2b3413d2e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:38 GMT
server
cloudflare
etag
W/"61ba4ace-2427"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHNFoTchBk8v%2BEWvBIx5wG4N1WJp7O6IRBoNgsuDZTqWcnJK7eHTqsDA1ZiAG1apcxswOMRpPEbUAcs65JO9yFt%2FnocefAzCVkZNvo7Oc7qIwhzq5AqPfDKHYy01zkPH41F5cHI6Sxkd16x1KHkgYZ3b15w3aC0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9cf691b-FRA
style.min.css
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/text/
16 B
356 B
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/text/style.min.css?ver=1.0.1
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
9ddc0f6530a2a949a60ecc192689aba25551e0f9f6270b44803134b27708d883
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
16
last-modified
Wed, 15 Dec 2021 20:06:38 GMT
server
cloudflare
etag
"10-5d334d7f50ab8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2qFk5dUZcsLZeljZPJF%2BjBk2sz05SzAuZGvRiAdup472ingSdU9Z9%2FsI0vq2TEO4i0i%2FO%2BNYoRalAnBPRWrHToS5FkFQC5QIUlsVT30ad%2FajwgsWEgLgWFJRDeIcy8jHlcXW6pRRUshZbldO2ik4SG08pCEsRwY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-accel-version
0.01
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6be78321f9d2691b-FRA
style.css
www.redpacketsecurity.com/wp-content/themes/colormag/
62 KB
11 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/style.css?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
842258538e379b1dabe5daddd81e90eeb7c69834580f33842bfdbde38d8f8400
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-1397e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BmF3EPylRA%2BSs4BKncdQkDxnku7%2FGxenbliYPPiAjc6s4mxapPFcPlJ7pMqVhSEzBu%2BhePsLqCaayRfrFN6kalYXKSKdgXKt2199D2Y%2FPSMF%2FmWQOuufYseOTKaeHF5xq0ff1Wo21CJXj0n6%2Fa9Fru%2BLgWOh%2FY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-polished
origSize=80254
cf-ray
6be78321f9d3691b-FRA
cf-bgj
minify
style.css
www.redpacketsecurity.com/wp-content/themes/colormag-child/
0
375 B
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag-child/style.css?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
cf-polished
origSize=178
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
0
last-modified
Tue, 05 Jan 2021 11:07:55 GMT
server
cloudflare
x-powered-by
PleskLin
etag
"b2-5b82537f39153-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TXb2kTsZcHZajCb8xSzmjN9dK7kHbP3%2Bmcb%2Bl0iDyIVjChq3F9Qg4N%2BpwFEaQlH%2BM%2FgKZxA79K0cdi55xOV5RCXs0QL7R%2BbyYdfeeBP4mH4pIHm%2Fpniu8zaVVjGKWiRwDiInhmJGegUBV9D0HpX8JByeBmaRFu8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-accel-version
0.01
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6be78321f9d7691b-FRA
cf-bgj
minify
font-awesome.min.css
www.redpacketsecurity.com/wp-content/themes/colormag/fontawesome/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/fontawesome/css/font-awesome.min.css?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-791c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kl2YTdhiHwrLp1ViiLF5R%2FUdR1A3SMXxfsjCzoOFTwahHC6e6c58A%2BvHoGVpqGfW8ycaUqS7H87zpFOGZz6GbClm8CxZWztwzhbSJELRT4mHPxzybXCQdjVZsGy61eL80htD2VYQ3HIlJphuT0wQBg%2FCfL%2BgWro%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9da691b-FRA
front.min.css
www.redpacketsecurity.com/wp-content/plugins/cookie-notice/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
840711eaa754b000831567752cc1f5e460bd0f0097be8cb273230834a1a3a7a2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5700
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Dec 2021 17:11:29 GMT
server
cloudflare
etag
W/"61b38a41-1495"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pN2v3u5Q6xm6uaQE8CKbCxJq3Y46WVrwrLHUo08Jz6V%2B%2B%2FaQXzr3p9oZiihNLptxZPVUhTlMrnuEwNIQSSVGexQzjOACDE7GKsLL2BQ06VRLJfp1CAdgR5SMjyvqcPv3PI6SMLuw7U2Qm83Ry3HyNcLPamg7qkY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9dd691b-FRA
dashicons.min.css
www.redpacketsecurity.com/wp-includes/css/
58 KB
35 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-includes/css/dashicons.min.css?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 15 Apr 2021 03:42:13 GMT
server
cloudflare
etag
W/"6077b615-e688"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txEhVR2xbnG2xRw7vkuWvHu4kHGeUUXvA%2BHahtpD%2Fz471Me7%2FkzS2B3fizXJUobp9v7ApIHnht0UjBQM%2B%2BrDvjxWnd1JjN%2B4iCRazkXjZ%2BrVWkN9qXatS7J9F7x4PfVHk3ZoF52j32YgQs3TT1VbMRUKAMdMSko%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9e0691b-FRA
wp-pointer.min.css
www.redpacketsecurity.com/wp-includes/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-includes/css/wp-pointer.min.css?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
a7e340aa92bb4abc075a1d50daa8a0a44fed34c75a52f376b306e9ddf5963ca1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 15 Apr 2021 03:42:13 GMT
server
cloudflare
etag
W/"6077b615-cb0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ssApZ5R6JpOgLTDJxdyIUs9OsXejIn4OZloMO1vXvROXXJp1rp6HwqYayiYC%2BVeHlDIlwG7AcYvfu5H8jl1YOEEtBWGH%2F0gKyrkqjIqQmRtkSNSUaeU2KpwlIpOBqLB9Ympc%2BBoYZ8KdwLD2A%2B9ETbUO8OFCSYk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9e2691b-FRA
api.js
www.redpacketsecurity.com/cdn-cgi/bm/cv/669835187/
35 KB
10 KB
Script
General
Full URL
https://www.redpacketsecurity.com/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UOV5OaTbLk3EMGaWfpzIyesEpVQeIVxzW1gt0H8h9euXjEM2R5HSjqeETVeQHJdJO4v3PIF68EJBFa5dgCULIPPYAyfHNr7GlBT%2F7PgLXuMLJyrg6dS5YO6DhOxlEDdtGuapYAC56RcqRJCjCrrzOjKxkkMg40%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=604800, public
cf-ray
6be7832259f72b71-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.modal.min.css
www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/
3 KB
2 KB
Stylesheet
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.css?ver=4.3.23
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 13 Oct 2021 15:59:36 GMT
server
cloudflare
etag
W/"61670268-c81"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dGTfIx0HN8H7l%2BGfvQtEz%2FqMgl%2BU7aYzoUcpURG3t9zSeZpwKnYRI64ggPi%2F457gWG71f%2F%2FEI6p4G8g3TJ5rlt9Ds%2Bc3H3lMjgKN9K9ue%2BXdFus4HiBdLJi1kZGLAnlASWwkQ3NOPC9rMnjVK%2FIdVYdq54UFZY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=432000
cf-ray
6be78321f9e4691b-FRA
rocket-loader.min.js
www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Dec 2021 14:30:56 GMT
server
cloudflare
etag
W/"61b75920-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxGIv0M6ZwJ5zFmMxQSgdRxw7aK0CjbRwaNI7xxK5ISDtnSV2xAh7y3%2FMiauYGpMYCMWMhxvyAovcz%2Fw%2F7318caUIJ43BQ%2FcFxZEM%2BdjzVCNp52Z7KM5VnUuD6xB9LauFdxM%2Bl7RZXs8wv3zx1OGUlPDUQqb5XY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be783227a252b71-FRA
vary
Accept-Encoding
expires
Sat, 18 Dec 2021 11:18:39 GMT
v652eace1692a40cfa3763df669d7439c1639079717194
static.cloudflareinsights.com/beacon.min.js/
14 KB
5 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer
https://www.redpacketsecurity.com/
Origin
https://www.redpacketsecurity.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 19:55:17 GMT
server
cloudflare
etag
W/2021.12.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6be783229e73c2c7-FRA
s.js
www.redpacketsecurity.com/cdn-cgi/zaraz/
4 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/cdn-cgi/zaraz/s.js?executed=&c=&t=Owowa%2C+a+malicious+IIS+Server+module+used+to+steal+Microsoft+Exchange+credentials+-+RedPacket+Security&w=1600&h=1200&j=1200&e=1600&l=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&r=&k=24&n=UTF-8&o=0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
136a0c873608029d9ccb0aa2bab98fa3950ff65f8633ffbd103b57f17ca2f9c9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
content-type
text/javascript
access-control-allow-origin
https://www.redpacketsecurity.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3vvnY7qnVHmjPHPC4ScuUbDWQFQ4slV27rsfmOD9x4YwqwWprypZ5DC6G05BIkvXgInv%2FD9d49QrjkXfb%2F7dVVWfi%2BfwEp4ad9%2BytAMbnVk7R06cstO0RDeyHv8KthsgqPIGCXLOYQHBZAuHv%2FeOeTIFNxTN4Y%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
600
access-control-allow-credentials
true
cf-ray
6be783227a322b71-FRA
access-control-allow-headers
Content-Type, Set-Cookie, Cache-Control
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
www.redpacketsecurity.com/fonts.gstatic.com/s/opensans/v27/
44 KB
44 KB
Font
General
Full URL
https://www.redpacketsecurity.com/fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Request headers

Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Origin
https://www.redpacketsecurity.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
57441
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
44656
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cpJTCLWtulEjdvAPAss4KHbkf%2Fq6TOXxLHP9sZrlCl6NUgPG3Qaf5Onl8%2FMZbVrmkeNbKO6C9C%2B7MoAjyC%2BifetiGtz2L29EC0kfzOWY55l3XZwo1ev8HfyPit1SVu3gtFGlLgx5Mthp8O5EN%2FASFlTXtHW4wro%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
public, max-age=31536000
cf-apo-via
proxy
accept-ranges
bytes
cf-ray
6be783228a612b71-FRA
expires
Thu, 15 Dec 2022 00:14:34 GMT
fontawesome-webfont.woff2
www.redpacketsecurity.com/wp-content/themes/colormag/fontawesome/fonts/
75 KB
76 KB
Font
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/themes/colormag/fontawesome/css/font-awesome.min.css?ver=2.1.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://www.redpacketsecurity.com/wp-content/themes/colormag/fontawesome/css/font-awesome.min.css?ver=2.1.0
Origin
https://www.redpacketsecurity.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
238
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
"613b5d4d-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQp0VOkbS52M2%2BYQZe%2FZcZFXDXMs8BFGCJbGt8DZ2RGgOxLHu5%2BwuCFofFn9ybP1MEPYeRH4y7AOEHOB0ySutJmfyJ9KYZu0PyOAID6NFqvsyh1n2L8Arnw1TkuP9%2FxtVjKUN%2FwgeYXJfA8pdWdpnOX1hYUsfTY%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6be783228a622b71-FRA
jquery.modal.min.js
www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/
5 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.js?ver=4.3.23
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 13 Oct 2021 15:59:36 GMT
server
cloudflare
etag
W/"61670268-136e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=clYLJ%2BguPGaTe7vKx7oWOJkfjEGMs%2B0rZq6sFgbXN7OgeofaKQKUG9UDUCPjrgyobO01dPBOjHWJu%2FaeSqwrDxe3EcfeLPiqRsW8Us%2Fd8H2yRhecYXEI%2FHwtIvLT9m4%2BGTgJRXOOnYIHA6DWvU7oozNgWeq41NE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322eb1f2b71-FRA
wp-embed.min.js
www.redpacketsecurity.com/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/wp-embed.min.js?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
content-security-policy-report-only
script-src 'none'; report-uri /cdn-cgi/script_monitor/report?m=Upd4UjFL2_mGgzPXSL1AEj38DRSjaK5FSM9BTjn5ZMo-1639653519-0-AUy3MMXDn8tb1eNqmR4RwBQpuHTKZkB6HjJ0vrbosI6dlHjzsGkvGlLRhpwm3YbHuw
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 03 Feb 2021 22:01:16 GMT
server
cloudflare
etag
W/"601b1d2c-592"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6mwBMPx4pCutX%2BBDTZiz%2FhSqMvEkrFrQjJ8go5QQFlvQ33cL%2BpyqFVJTx%2FQtm491KDKeP7cpIRtpwy3Nx1l%2FkYD69%2BXnU7YUo0Y4gVc60wehmdsB7s9RbGQ4wXfEO4zTp0p1hlYVi1V71ZYMJkXKX1LWnbov%2BSg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322eb232b71-FRA
smush-lazy-load.min.js
www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/
8 KB
4 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.2
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 03 Nov 2021 19:38:12 GMT
server
cloudflare
etag
W/"6182e524-1ef2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVvP%2B4gJuBuiloVcknJEt6a%2FrhlZc554NZa75TSOfQhbPtGVWxrL2sExr%2BNx7JBEwjvjVDt3su4CbbA6XSbsLn9rhA0Kniv0QWCwR07ZQjc5a0CGnyKmiWmwFCi2nsiSHb80Is9YjJVElcFYi5wrtsxtU53ZBT4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322eb262b71-FRA
product-image-preview.min.js
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/
3 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/product-image-preview.min.js?ver=1.0.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5a05c3e0d6c0babb7b070daa5af4f410d30a7c91fb4cc7350783a46911c2324c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:38 GMT
server
cloudflare
etag
W/"61ba4ace-a32"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnOOINIY%2Fhm9mQ5QHjYYQ3JDe6ie9i5ua4L6UVt9W%2BEUiFCnZpHyZlBTcikEtmgAHW8bx1TYf9CAlWTDX1cyqZh%2F3VwoHMOq8KQPmgHrd%2FnB32gxn4CJTjZ0TQO8W4GJPxtZ7QWypkVh8IE%2Ffp4YAZ7s16vqO8o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322eb292b71-FRA
product-tooltip.min.js
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/
1 KB
1 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/product-tooltip.min.js?ver=1.0.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1000abf34bf56e3a757816ca05551e1b79ebd035605f3b7b40bbf864ecb43959
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:38 GMT
server
cloudflare
etag
W/"61ba4ace-4d3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQPsh7pa77jwWke%2FHzeE%2F5uO8X%2F2yJ8g8oRy0o006ol5UehCJks0viFOlXNMZDkcVQ9veTiey07Vck6aNwtSiDjxG9bl0b1YMhTteQvNK9p8a3Zwo5xBz3GS7N%2BFtYmiTuQsNKjps1EOTo0SR0XetPJxhWmZoZM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322eb2a2b71-FRA
pointer-tooltip.min.js
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/main/asset/js/
603 B
980 B
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/main/asset/js/pointer-tooltip.min.js?ver=5.0.5
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
d46a9a6bb336e632b785d63e0f9af30af36a3d24747076007eee231e7a6ddc2a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:44 GMT
server
cloudflare
etag
W/"25b-5d334d853c51c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e19tBvGu1G9jZ8daKUtUNmKDjCG0ntyJBTUj%2FOacgIk1bZjlTxf%2F58mfF4rL6CBPKizIkHb1BTlO9W0NKwSUmmcApMN9%2BgR3%2B0fSIUyh11XfPhYViiAZojzj37JqK7mcNsog9i2qx8d7XGvSvl%2BF4JnylkFnmfg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=432000
cf-ray
6be78322eb2e2b71-FRA
wp-pointer.min.js
www.redpacketsecurity.com/wp-includes/js/
4 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/wp-pointer.min.js?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
036cb212b79b6b41aa94647b00f4f03ba6cc127ebceaa72400663441d1f2b211
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 10 Mar 2021 21:18:18 GMT
server
cloudflare
etag
W/"6049379a-e25"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NWsAgCWHKEgEXg59hxXb6mj2kfjg18YxIeSVwSOSaEN%2F9tWWvtdw0Yih%2BBo4hCV6XUUBUNukUXJ6Zzl0A7gdQ3vpVbaiWq2IHcTgH96LL3FUgd8lvhsjUUOksBE50oSpE68p9hQD5tli1ArcYCzhd3QlBq8EwSU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322eb302b71-FRA
i18n.min.js
www.redpacketsecurity.com/wp-includes/js/dist/
10 KB
4 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/dist/i18n.min.js?ver=5f1269854226b4dd90450db411a12b79
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
dceda745a0fb58233a95eff6d10796026df6792cb960cdf675eb7b8a6750a2d2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-268a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpeQdfVaaZ3oplcA2Gih0jjfE3ech7Pve8tLAV63v3iWLN2Urw7%2B6bxWfmebmhGuP9hWbjWhn6YH9vkul%2BJK8qicPMRp09FHZSxwGDztzO921d1J5H9Yy%2F3iOlCO%2BGQvjJ4I0eJCjnfWfvBNl6shWhcTnjtcoUM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322fb4a2b71-FRA
hooks.min.js
www.redpacketsecurity.com/wp-includes/js/dist/
5 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/dist/hooks.min.js?ver=a7edae857aab69d69fa10d5aef23a5de
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
04e6fb814fccce3a0aecb83be0bc24665cf3e6a5e993f296471a63708f63e138
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-1540"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AwLqjROZEktfv1U5Vp%2Fj0JqVa19eU%2FU01Yu8Qy1OFD9sjMG%2F%2FJm2yOYwGB15SKzDDXFu%2BjR55dqPv75WVsTJYmvGMKkWSBXb6uwLBzXmmy936hCiIUDUhUUupX1R85FxDTCfBYrn5Q5DXZExvU%2BF8EFYSipm4c4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be78322fb4c2b71-FRA
wp-polyfill.min.js
www.redpacketsecurity.com/wp-includes/js/dist/vendor/
16 KB
7 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-4056"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5HnxYtT4BpAvqYemijwJj5d9X%2FNuFqsyA4iJEAlV1JHIbJ8aO9d2GW2BFj84iUMNeUUgQnaWbbUPnGUeMF12gUaxaxB6GMm8E06DmueLrbYSoFLbOFrc0DXGK%2FbgfcLOZssiEZz%2BuaZuqzY8ACLlmiuTfbqJdc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b6c2b71-FRA
regenerator-runtime.min.js
www.redpacketsecurity.com/wp-includes/js/dist/vendor/
6 KB
3 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-1906"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtQ%2Fts%2FnxW7WDDWu8lzVJmeMWyQPpPeLtLL3ix7GOsrLWeIW8ocEv4GcptmPm5NVMjU%2FR4hUTxbRfTJjl1TqJaFAkt0tKWjBAiHpOlw%2Bfj7Py2x6tPcPqO7dqOPOq2DwF%2FM%2BUkst5oJD%2FkefgLFM%2FGXA3sir5QY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b6e2b71-FRA
core.min.js
www.redpacketsecurity.com/wp-includes/js/jquery/ui/
20 KB
7 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 15 Apr 2021 03:42:13 GMT
server
cloudflare
etag
W/"6077b615-5133"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaT4yEj7a7YxrGWNr%2F8XgvhSPt9gusIIyqp%2FRMctQaUHy49dvXEBicpBdgyWBi5lGc2vT%2BIpgVGmurSBagPujTo8aRi%2BTTxjToEewNCrBTGi92UNi3hcxGWOZCt79lTVnDMIaxNMlfLyBg8AiQ61bhSDwS%2BW7Io%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b6f2b71-FRA
colormag-custom.min.js
www.redpacketsecurity.com/wp-content/themes/colormag/js/
3 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/js/colormag-custom.min.js?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2b32be0979cb9f2119bd22563ed89560525c15a8edfd6e662a1968314783f689
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-b0a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6en%2FGRalyIp9zjlsnwoz2ckQFjdovCgRvBnS6hQxpN3JFL6b7j8LcYQ1Sf9IJpmPw08PwTXdHr4bRSo%2Fk359LCgCFHOV9TP3%2FG3K4BK2SA3IIKF0Qrpi5L%2FRK3PK5mhf8B6hjNs7B96bOME9blLWI4k7M%2FqyGA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b702b71-FRA
skip-link-focus-fix.min.js
www.redpacketsecurity.com/wp-content/themes/colormag/js/
325 B
862 B
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/js/skip-link-focus-fix.min.js?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"145-5cba4146f291f-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yiqXcv7MPgDKJuxSsfWQxmCxi%2BlVrnFy3pniEYjHCoH%2BIh%2B5ZDDA%2BQkez92HQJcGHxLs38kySUQqq%2FHBNAizuALFI7OfCufxtvdheTpXc8Xc8myG8w0G9CbIUwCew3nlPEQGg6GQ77ALKHrBQct5YqMxknbLwYc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=432000
cf-ray
6be783230b712b71-FRA
jquery.fitvids.min.js
www.redpacketsecurity.com/wp-content/themes/colormag/js/fitvids/
2 KB
1 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/js/fitvids/jquery.fitvids.min.js?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
8994924c0f3ab4474ee0a7c04417ad84933c4467cc9192fcb60b9774f15f5990
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-6da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyn2Dhh6n8JWvjjWbr1FIW5ijYmPo0eB1fqljFw3LQE09wwUh0IfJHGroIiDdFlGzWDESAh09mSjkLkBme8grSUwVn%2Bryeh2XpJNB%2BZRinzT9BAWd9T7Jo2Gu10l9S%2Bb4gHAaPBFLWgDwRwI1UjLbNGVnpxj9n8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b742b71-FRA
navigation.min.js
www.redpacketsecurity.com/wp-content/themes/colormag/js/
2 KB
1 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/js/navigation.min.js?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5b84335d42b38d3122349f53b20dd6a5cb0f45d1e45e5683fd572bcdda8c04a2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-61f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9qm3esjFbCllXwoXZji2vvJOflNmQ6E70U1uEqScebGQPgvutYMqAgj4rABkKof6ftK2qxBSI1kriTmPXKXGfMpZf%2BHWYltOSbttrh18sIxeCtjeiC5%2BM6%2B8h5IUBCHuHDSWISwBq06yFn%2FrGSSzBh%2BzRTLX6g%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b762b71-FRA
jquery.sticky.min.js
www.redpacketsecurity.com/wp-content/themes/colormag/js/sticky/
4 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/js/sticky/jquery.sticky.min.js?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
f9f94cc2cf984a2a8df89c1250c04396bc950e577b4143d5539ca88fb46de91b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-1087"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgRh%2B37Ivv0EbUkUXqrSLYYjHRx7Acac37AFIlOvZmIkGQlf7aSYmKvcCjRCRPmPBSDDM5%2B8Fum8DtdlfVvMvS2bDNx8T%2BIhRs%2BXoMq%2BhOD8TFH8MifbCi1ndT7JKFWBvt0l70lZsHpb%2FH3IYx9K2ZOYooKopm8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b772b71-FRA
jquery.bxslider.min.js
www.redpacketsecurity.com/wp-content/themes/colormag/js/
23 KB
7 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/themes/colormag/js/jquery.bxslider.min.js?ver=2.1.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
0157d11106d6b70289099fd1ce1f7bea3a9dfbb46cee3994edb07ce765bb92fc
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
content-security-policy-report-only
script-src 'none'; report-uri /cdn-cgi/script_monitor/report?m=oJSSpDwG9YqoZgPXf8PYNwnbN7vwRWAhikWkrzaDUg0-1639653519-0-AYTMZI9MTTD2H4bTy9BeT5f9pNmpyUltKGVqvh8SNgWV5vF7f9kIehmYc7ry99zPlg
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Sep 2021 13:27:41 GMT
server
cloudflare
etag
W/"613b5d4d-5d92"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSqcckKbmjbWJZXHQ8HrmhEcZhYx57miTLwAa16CWnT%2B5r4JFJWc7CQ0WWfaTxTUfHr%2FiXOL999AZu5BZqrOVkuONoRVjU08D0SrXV342pH2EnCQwY%2FRzcLKs5mRyAhfnwG4Guv5zXAltIPXQqGZVbPTgGEz7ZY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b792b71-FRA
now-retrieving-updater.min.js
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/component/unit/asset/js/
3 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/component/unit/asset/js/now-retrieving-updater.min.js?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
b5c642f4690b2fb0b6fe20a4b6f05d84a7c7d196bd608929456e43ebf1126bfb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:43 GMT
server
cloudflare
etag
W/"61ba4ad3-c04"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SX0IoXFvj%2BvPgQypWu0GE818rylyrlaFb8zhV8B%2FFxoJsNPyWpXt2UrpPm5O0jQxiSpRlepsZW75%2FGzBEVI9MScv4gsupzGpqgwJLrJ1Ienr4OT3a9lxPHt%2BYCgJxct4qVOSiZgxHH0%2FjxXEfV0EKuI9tXOgDuA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b7b2b71-FRA
iframe-height-adjuster.min.js
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/component/custom_oembed/asset/js/
3 KB
2 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/component/custom_oembed/asset/js/iframe-height-adjuster.min.js?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
7baeeb05ff0ee4e24a08c877dbf87509ff0285842079bd27678e8e0629a03029
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:41 GMT
server
cloudflare
etag
W/"61ba4ad1-a63"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pv93rjStA7ZYhlyodhsVaDki6lrfLGSy38fVPraOS5Y7dvjUGJxBGDQXMPTmU%2FjqgSfjRaiGX39h26QGvdRlRjmrKSOcoL%2FFUgePQS0Zq%2F8Uqv0xLa7l9jO9vTC4RG6fT%2Bh7v%2BNuDmdOgmAOH2aS3OZGrEqIvbE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b7d2b71-FRA
app.js
www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/js/
244 B
859 B
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/js/app.js?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
7d45256c95c1c245654bf298e27d9c538dc778a2ee050ba4678ac2a07f479869
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
603
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 15 Dec 2021 20:06:51 GMT
server
cloudflare
etag
W/"162-5d334d8b56d84-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSGP77HzA5bqRnSDgzWMl8qlMYU6HqTN%2BzUg7yEVP08ahMXXH8Cws7F%2F46PwCAqmwtFi6csHRT01H2%2BgDtQ68KSAEHx%2FO6vPqZ%2BZRlyW%2FifzmJpTavox3eB7ztsNUNE8Zn%2BspYcU74VRNofwnxW4jmLpE7P1Gr4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-accel-version
0.01
cache-control
max-age=432000
cf-polished
origSize=354
cf-ray
6be783230b7f2b71-FRA
cf-bgj
minify
widget.js
comments.app/js/
9 KB
3 KB
Script
General
Full URL
https://comments.app/js/widget.js?2
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.201 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
gzip
last-modified
Fri, 19 Jun 2020 23:54:45 GMT
server
nginx/1.20.1
etag
W/"5eed5045-2390"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
145 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e6612b17735189e8d3f7b7b315fd1053098b632252aadd9c702ff4c432dfaa8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.redpacketsecurity.com/
Origin
https://www.redpacketsecurity.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51854
x-xss-protection
0
server
cafe
etag
1424872271805878261
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Dec 2021 11:18:39 GMT
beacon.min.js
static.cloudflareinsights.com/
14 KB
5 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 19:55:17 GMT
server
cloudflare
etag
W/2021.12.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6be783231fef6910-FRA
716aa9a3.js
www.redpacketsecurity.com/wp-content/uploads/caos/
48 KB
21 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/caos/716aa9a3.js
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
50d72b7a44227a156b6714b4208be48c3acf8b773eb1b73f069442b07971a92e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
602
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Sat, 06 Nov 2021 13:06:09 GMT
server
cloudflare
etag
W/"61867dc1-c1d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qbKnazDM6cBsnYlFus959SPCIeDPTPwwGzTGtO585C0SqFcfu%2Bwjd6BPRvGeNxWd1ZsVRU3uupI9veLhO3ALMYPppaHbLaAxMZlnkGib%2BR8vNSuX69ugU%2FEYNTMRtWYIumepuDuJGIBvLGT5Qk8j4tn5%2Bs7ukHo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-polished
origSize=49621
cf-ray
6be783230b832b71-FRA
cf-bgj
minify
front.min.js
www.redpacketsecurity.com/wp-content/plugins/cookie-notice/js/
8 KB
3 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.2.1
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
53c088f65c77c6b7af2804face3e267d4c1bf148177798a30fa3a15aa693c36f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5693
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 10 Dec 2021 17:11:29 GMT
server
cloudflare
etag
W/"61b38a41-20b3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgzDH9%2B%2FZMwcWlb8N%2FstV1AQjZCebC4BzYzydDNpLNYFhAtrRFuscAgixXzTnUm%2BV3sw0vVJChbbCMn2M%2BI6PDd4mAv7P57M9JxO5eKT%2BNcXlGLIVEc%2F9KgJHc3viqaVIg5N7MBd5pX4c9p546nysNDlmavByfs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230b862b71-FRA
jquery-migrate.min.js
www.redpacketsecurity.com/wp-includes/js/jquery/
11 KB
5 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
602
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Tue, 22 Dec 2020 15:30:09 GMT
server
cloudflare
etag
W/"5fe21101-2bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kV1iNIagqcl6vXeMPOseV%2BLwmb%2FCxOsNaHvTB%2FJDL5niKQms3nFktqFMLMXwfP6SwavABd83Bq8EB%2B%2B0A7Z4kzL%2FD4EiQilItujaUDFiUQJ0oblO0V4%2FJE0%2F82CjxigEg4v2hqburVLihL1a%2FxsmqMcTLCp0Kbs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230ba22b71-FRA
jquery.min.js
www.redpacketsecurity.com/wp-includes/js/jquery/
87 KB
32 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
602
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-15db1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aa4RGj7uRuOcA6ERyErQ%2BBJO2ifi291ChBw9R8f1ff0ndQ%2F99xXBmB4tFjVEUSxEFCxiNxDHd7p15OKMTe45l8Bo5RA16hksvfNcDRnhtR3XooCjVGLnMURURdv%2BwZr%2F1jetTkIavxFsyZruQZZzbwrI8yA57w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783230ba52b71-FRA
wp-emoji-release.min.js
www.redpacketsecurity.com/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://www.redpacketsecurity.com/wp-includes/js/wp-emoji-release.min.js?ver=4c38af8069475abc5c17bbb0c68b5806
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
602
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 28 Jul 2021 06:20:01 GMT
server
cloudflare
etag
W/"6100f711-4705"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEZLp6JJYyi%2BdkTDFOgsKZQLdPtbM18%2FWvHgnGht9saVHOa3SfQnPSRd6xO81o5Pd8fFHlV2UrqfYhFrjn098c9zPW40pNHAU77tT9MhLgxo%2B6IGQSmXnDA97J0EcpshD8M94o4Cwl0avovXxwLqlC0g5Re6Kzk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=432000
cf-ray
6be783238c6e2b71-FRA
result
www.redpacketsecurity.com/cdn-cgi/bm/cv/
0
756 B
XHR
General
Full URL
https://www.redpacketsecurity.com/cdn-cgi/bm/cv/result?req_id=6be7831f8b4d691b
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/bm/cv/669835187/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 16 Dec 2021 11:18:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w9eHjmlaOELOTpvPxv%2Bvpu6vKEDV%2Btq1QtKNpsDBGpzzgMBjy3XkhCtnqvk5Xuf6HbYiNOqyRnNZRDr9Wh3aJd6cmLPwxxHDnASTpOE%2B87bRC2yQGJKs77Z9CFWCqKbfwFTuGdHlOba80hEkwncvum57KlHgUSc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
6be78323bcbf2b71-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
collect
www.redpacketsecurity.com/wp-json/caos/v1/proxy/j/
203 B
1 KB
XHR
General
Full URL
https://www.redpacketsecurity.com/wp-json/caos/v1/proxy/j/collect?v=1&_v=j93&a=167780454&t=pageview&_s=1&dl=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&ul=en-us&de=UTF-8&dt=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=7698523&gjid=696567624&cid=523056644.1639653520&tid=UA-64877284-1&_gid=668000135.1639653520&_r=1&_slc=1&z=1677581224
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/uploads/caos/716aa9a3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.26, PleskLin
Resource Hash
e276b1716ef7ae3a30ccd9ebfea3c176f85223b4ed5e55dd639dd49b4bcb1efa
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

cf-edge-cache
cache,platform=wordpress
date
Thu, 16 Dec 2021 11:18:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PHP/7.4.26, PleskLin
content-security-policy-report-only
script-src 'none'; report-uri /cdn-cgi/script_monitor/report?m=kNEQlzK3EUqwK_7rdUD7essQtMReO01VpnJUdtE0UwQ-1639653521-0-AUR7P8r7ynGOLhBiLPC3BanN5DrxwiziTDN9J5lhriGLbKQiAw6M6XeXdo-mJTRF0g
strict-transport-security
max-age=15768000; includeSubDomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
link
<https://www.redpacketsecurity.com/wp-json/>; rel="https://api.w.org/"
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dGBQ%2Bo51YSLpA%2Fx%2FjlpdFTNGm2qgsW54CBQzCefuI5jcsBByv1ELVAjfmLRTAsRfapiq%2BLxMj6SVSotKycQC4EKwZTKeBc2K7yHXbt59DotFgu%2BuvwA5pjSBonax6SoeoWhweZMsK%2FKs8m5Q9UTo3eUOvjgPdk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
x-robots-tag
noindex
cf-ray
6be78323dcf52b71-FRA
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-html-edge-cache
cache,bypass-cookies=wp-|wordpress|comment_|woocommerce_
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/
276 KB
99 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101734
x-xss-protection
0
server
cafe
etag
4507154694380913909
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 16 Dec 2021 11:18:40 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame DFE7
11 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 18:37:20 GMT
expires
Wed, 29 Dec 2021 18:37:20 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
60080
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
comments.app/embed/ Frame 54AC
7 KB
3 KB
Document
General
Full URL
https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Requested by
Host: comments.app
URL: https://comments.app/js/widget.js?2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.201 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
65100ed3e157598748f31ecef3e66f28d0ea11474dec2abbf5272e04a4bd1be5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

server
nginx/1.20.1
date
Thu, 16 Dec 2021 11:18:40 GMT
content-type
text/html; charset=utf-8
content-length
2551
pragma
no-cache
cache-control
no-store
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
logopng-e1609920151567.png
www.redpacketsecurity.com/wp-content/uploads/2015/07/
5 KB
5 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/2015/07/logopng-e1609920151567.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
ee1f6500559343d6d65d5d49a6ce7f55f2e8bd1942f7d0d6d6c69b746a5869b0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5696
x-powered-by
PleskLin
content-security-policy-report-only
script-src 'none'; report-uri /cdn-cgi/script_monitor/report?m=be.4RF0SJUisp0.0tM.xd67HWCxe1O669ww.PCFpvfg-1639653520-0-AfOduP55h9lc6A9ZN0hFBboyTAIP2cTBmYtv4mwA1tnQksbA2aEbzm_eMWwirax_rg
content-disposition
inline; filename="logopng-e1609920151567.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4628
last-modified
Wed, 06 Jan 2021 08:02:31 GMT
server
cloudflare
etag
"5ff56e97-1a16"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pEUByb7J6SGfkEmWlw8WBHChpbhRO4gilZk%2BR3hKza%2Bj275CdV8tl6Yq%2B5d8JQIJpKdoha9yJxNlkBlQs7keGAfrcK%2Bbp4p8s8VQnQfOOXY%2BGl9qQQTW21VVAKBiZkQmxljOAjyUSlHremU4V4NpxPrjkF4NKYo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=432000
cf-polished
origFmt=png, origSize=6678
accept-ranges
bytes
cf-ray
6be783243d7f2b71-FRA
cf-bgj
imgq:100,h2pri
iconfinder_twitter_circle_294709.png
www.redpacketsecurity.com/wp-content/uploads/2020/12/
1 KB
2 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/2020/12/iconfinder_twitter_circle_294709.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1ad7c65cd4e3b6746a18ea8b33060add96541b279acdfde43b8ebbfb02a942b3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5665
x-powered-by
PleskLin
content-disposition
inline; filename="iconfinder_twitter_circle_294709.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
1050
last-modified
Wed, 23 Dec 2020 22:17:23 GMT
server
cloudflare
etag
"5fe3c1f3-637"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qu6GHX5Eucn8xmK7ZOPYsRW%2BUxKbUXV1Jq7M5TfjZPzULAuj9tsiSaKqhkGONtyw5I0g81Kd4CZsvyWpco2hFdDQ2Yf7suYuq8USo2zoLpzIUGcYuZXa0sppWutr2bpvLB9x7Ktij%2BzW9Ln2QzzIJkmIDdOmOPQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=432000
cf-polished
origFmt=png, origSize=1591
accept-ranges
bytes
cf-ray
6be783243d822b71-FRA
cf-bgj
imgq:100,h2pri
telegram_PNG34-e1591362686455.png
www.redpacketsecurity.com/wp-content/uploads/2020/06/
2 KB
3 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/2020/06/telegram_PNG34-e1591362686455.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
d6706251078c3c24860a741b7ec3b00fe43cf2872d32557405d90a105e850f7e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5665
x-powered-by
PleskLin
content-security-policy-report-only
script-src 'none'; report-uri /cdn-cgi/script_monitor/report?m=YczElEp4kG0UMLXLBMWOqeuOffzQGzIkYFHdxn99wjQ-1639653520-0-AUnyFlqV7lqS5A4Ry4xuzuWf_Goc4hF-KG1aFuILKfkgQwiNaR5ODYoeiUin46ODbA
content-disposition
inline; filename="telegram_PNG34-e1591362686455.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
1788
last-modified
Fri, 05 Jun 2020 13:11:26 GMT
server
cloudflare
etag
"5eda447e-9aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZb0HbrtXLUHvDHsWnhkm8FEiSOtxBgFmLTSM5b65XiIqCnk8rWq5rzqBi3gSoAtdVxQ131mORwA1umZm6NHcMgKkZMDgL7luE7%2BHf1CX1CBNJ9kk73X0Zyf58OKCSSqVuA9LF3mKHqTf2cDeA%2F7PBseD277EDc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=432000
cf-polished
origFmt=png, origSize=2474
accept-ranges
bytes
cf-ray
6be783243d832b71-FRA
cf-bgj
imgq:100,h2pri
reddit-1.png
www.redpacketsecurity.com/wp-content/uploads/2020/12/
4 KB
4 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/2020/12/reddit-1.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
72cd910935cf6040c2fee3bfe0d40f564ad420e080dfa66fba45485ec5e64c0f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5665
x-powered-by
PleskLin
content-disposition
inline; filename="reddit-1.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3744
last-modified
Wed, 23 Dec 2020 17:19:28 GMT
server
cloudflare
etag
"5fe37c20-1143"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDAp6i6W9VH4gnVWt2qZg4cYmwFMFdCbzkabQaNOjfMLwrEZOhm5USy1mX2JFd%2F60z4c%2Fgjt2SxR5GZ6nD1S7W0NYY17ghZHw%2BCrJtl6Xbk4PzY1p5Mf7vGQlHrsOj915gewPpaClpu2JLKRQQPAwyK52oBg%2FqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=432000
cf-polished
origFmt=png, origSize=4419
accept-ranges
bytes
cf-ray
6be783243d842b71-FRA
cf-bgj
imgq:100,h2pri
discord-logo-png-7617-e1609320732895.png
www.redpacketsecurity.com/wp-content/uploads/2020/12/
2 KB
3 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/2020/12/discord-logo-png-7617-e1609320732895.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5c5e6a3e096e2a6e333a8f20a06d9f135e01c46e73885d5d685264543d1e372e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5665
x-powered-by
PleskLin
content-disposition
inline; filename="discord-logo-png-7617-e1609320732895.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2314
last-modified
Wed, 30 Dec 2020 09:32:12 GMT
server
cloudflare
etag
"5fec491c-cfa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ltq0ZM0t0QciFr5nq374OOgXzUvDVfWkuMMjCXHq%2FAc8rIDH1vcqaxXiHMnWxPH7rMzvJ9RStzn%2FKNpZeP%2Bp7RH9tLiEoOsO1Lp9us94e%2Bow3PthAMlV1XgRF9ZehoAD23SRZFSYJ5CN4tFe9ZJtZRMR%2Fm3nr2s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=432000
cf-polished
origFmt=png, origSize=3322
accept-ranges
bytes
cf-ray
6be783243d852b71-FRA
cf-bgj
imgq:100,h2pri
PATREON-SQUARE-300x300.jpg
www.redpacketsecurity.com/wp-content/uploads/2021/05/
18 KB
19 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-300x300.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2c6c5fa1a182530d794b033ee34f4a2d9e0b12db9ca65d696d79c6862f63a801
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5684
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
18596
last-modified
Wed, 12 May 2021 10:31:12 GMT
server
cloudflare
etag
"609bae70-4af9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=330AmkmOVtVauZN0VlsfZl%2FFtt%2FVkHeS%2FKLBs%2FDvkNY%2B0JZkpzsI6Dh3UuMEAEKbiNTA58lJePTF%2FmPTQFi12iIB%2FOO7Lk2l4o%2FUbbzGpFjvZU7XVWql2uOgMufruJILueez9TKSE7LsWjExK4NaFagScyJDL0s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=432000
cf-polished
origSize=19193, status=webp_bigger
accept-ranges
bytes
cf-ray
6be783243d8a2b71-FRA
cf-bgj
imgq:100,h2pri
smush-placeholder.png
www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/images/
136 B
900 B
Image
General
Full URL
https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/images/smush-placeholder.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
ae394bf43bc39f7c6b3f439de04f6b75288d849a0ecae5000a2452546063647c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5684
cf-polished
origFmt=png, origSize=995
content-disposition
inline; filename="smush-placeholder.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
136
last-modified
Wed, 03 Nov 2021 19:38:12 GMT
server
cloudflare
x-powered-by
PleskLin
etag
"3e3-5cfe78cf54c2e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXLfeFW%2BynZD6ADRePVSeA%2Bd1jai3iQchjcP0ztovng5sYq2fPgDQthOl20xkvL9uT2DLvFVQg1Q%2BAIp6T%2BB1GNORszf4K0DrKsAhP5EbQqy7O0M6zeVN9Sp0yQrP7%2FS45xzqf7BXk5C%2BoPErmEvLSpC2p3et5E%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
x-accel-version
0.01
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6be783243d9c2b71-FRA
cf-bgj
imgq:100,h2pri
loading.gif
www.redpacketsecurity.com/wp-admin/images/
1 KB
2 KB
Image
General
Full URL
https://www.redpacketsecurity.com/wp-admin/images/loading.gif
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
6d53299eeb9516dbba670ceeb55e8e5ce2186edb71518f6a1bd16553308f17c2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
1372
last-modified
Thu, 16 Jan 2020 19:35:16 GMT
server
cloudflare
etag
"5e20baf4-55c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2BcaPGqjecTDlkkFEG5h1DyKFtDyHRMgE%2F%2BTfB6FMUuQbTo3iAwDRrC1X5JPS92klPlJSGxYKgogTnd2ENtjEBpDJlHk8WPrrBlx%2BES%2FuXTX6OvCtusTGfejJjIPdSDY7xVh6Lt%2BkN1lmBGbniVO4%2B1q%2FJxGGvQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
accept-ranges
bytes
cf-ray
6be783244daa2b71-FRA
rum
www.redpacketsecurity.com/cdn-cgi/
0
173 B
XHR
General
Full URL
https://www.redpacketsecurity.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:25b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
application/json

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-frame-options
DENY
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.redpacketsecurity.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
6be783245dbf2b71-FRA
vary
Origin
cookie.js
partner.googleadservices.com/gampad/
225 B
656 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.redpacketsecurity.com&callback=_gfp_s_&client=ca-pub-1536334219562771
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
689d774d230b0f6c1c82ce8b27e0fdee26eb82c344d76804c40423d77487363f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
212
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&tn=DIV&id=cookie-notice&cls=cookie-revoke-hidden%20cn-position-bottom%20cn-effect-fade%20cn-animated%20cookie-notice-visible&ign=false&pw=1600&ph=1200&x=1575&y=1175
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 9BE3
310 KB
74 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&adk=1812271804&adf=3025194257&lmt=1639641804&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653519990&bpp=3&bdt=338&idt=94&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8730578267269&frm=20&pv=2&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=111
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0232d4c86108ebf2529fcbffa8478b2d278e5a5dbc968c0b6ca20b85246bfb81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 11:18:40 GMT
server
cafe
content-length
75994
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:40 GMT
cache-control
private
sodar
pagead2.googlesyndication.com/getconfig/
11 KB
8 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
efabf49bfa4ea4028debb47df9eed2157953db99931fa5f9e6316e6f20945b0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8446
x-xss-protection
0
css
fonts.googleapis.com/ Frame 54AC
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 10:16:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 11:18:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 11:18:40 GMT
bootstrap.min.css
tg.dev/css/ Frame 54AC
42 KB
10 KB
Stylesheet
General
Full URL
https://tg.dev/css/bootstrap.min.css?3
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
nginx/1.18.0
etag
W/"5a05e7c6-a61b"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
bootstrap-extra.css
tg.dev/css/ Frame 54AC
70 KB
13 KB
Stylesheet
General
Full URL
https://tg.dev/css/bootstrap-extra.css?2
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
nginx/1.18.0
etag
W/"5a05e7c6-11648"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
widget-frame.css
tg.dev/css/ Frame 54AC
69 KB
18 KB
Stylesheet
General
Full URL
https://tg.dev/css/widget-frame.css?50
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
f05a63f8ded5057e0e48a0229f6df23ffa521b370c818de2832815ec20956b3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:14 GMT
server
nginx/1.18.0
etag
W/"61ba0e02-11318"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
comments.css
comments.app/css/ Frame 54AC
83 KB
20 KB
Stylesheet
General
Full URL
https://comments.app/css/comments.css?31
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.201 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 24 Jul 2020 12:57:13 GMT
server
nginx/1.20.1
etag
W/"5f1adaa9-14b98"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
jquery.min.js
tg.dev/js/ Frame 54AC
94 KB
38 KB
Script
General
Full URL
https://tg.dev/js/jquery.min.js
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
nginx/1.18.0
etag
W/"5a05e7c6-1762a"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
jquery-ui.min.js
tg.dev/js/ Frame 54AC
96 KB
32 KB
Script
General
Full URL
https://tg.dev/js/jquery-ui.min.js
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
nginx/1.18.0
etag
W/"5a05e7c6-181a9"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
bootstrap.min.js
tg.dev/js/ Frame 54AC
31 KB
10 KB
Script
General
Full URL
https://tg.dev/js/bootstrap.min.js
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
nginx/1.18.0
etag
W/"5a05e7c6-7d0d"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
main-aj.js
tg.dev/js/ Frame 54AC
34 KB
10 KB
Script
General
Full URL
https://tg.dev/js/main-aj.js?56
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
df3c119d7a7b510f1349c87583bc9a5b9f2e3fc8f2ea309cc7975b9378d59a8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Sat, 04 Dec 2021 17:20:44 GMT
server
nginx/1.18.0
etag
W/"61aba36c-8813"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
tgsticker.js
tg.dev/js/ Frame 54AC
14 KB
4 KB
Script
General
Full URL
https://tg.dev/js/tgsticker.js?24
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
7af53d7077c16f6ad9efd63a975749c4835ce6e495c337fa4176f15ed385f80b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 18 Dec 2020 15:22:10 GMT
server
nginx/1.18.0
etag
W/"5fdcc922-3663"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
telegram-widget.js
oauth.tg.dev/js/ Frame 54AC
18 KB
6 KB
Script
General
Full URL
https://oauth.tg.dev/js/telegram-widget.js?15
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
90ca8055f760f720c49cf2567cec73385fbef57accc88de14d74a4cef3a75446
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 08:57:07 GMT
server
nginx/1.18.0
etag
W/"609e3b63-4820"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
widget-frame.js
tg.dev/js/ Frame 54AC
82 KB
23 KB
Script
General
Full URL
https://tg.dev/js/widget-frame.js?53
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
81ee516c50853fdb70af0d4b4b74bfd9433783e4f9ae9051b1fd5b7217a742d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:14 GMT
server
nginx/1.18.0
etag
W/"61ba0e02-149f0"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
cache-control
max-age=345600
expires
Mon, 20 Dec 2021 11:18:40 GMT
comments.js
comments.app/js/ Frame 54AC
81 KB
22 KB
Script
General
Full URL
https://comments.app/js/comments.js?35
Requested by
Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.222.176.201 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Owowa%2C%20a%20malicious%20IIS%20Server%20module%20used%20to%20steal%20Microsoft%20Exchange%20credentials%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
last-modified
Tue, 17 Nov 2020 20:59:36 GMT
server
nginx/1.20.1
etag
W/"5fb439b8-142f4"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
expires
Thu, 16 Dec 2021 11:18:40 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A60A
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
date
Thu, 16 Dec 2021 10:41:18 GMT
expires
Fri, 16 Dec 2022 10:41:18 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2242
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8FBB
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a0384dcb4f83e6e511c7db02299c47ffd5d6fd572e9120c71c07f3691da2c120
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-bT48yInCCS3ZU2UTNSNEYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Thu, 16 Dec 2021 11:18:40 GMT
date
Thu, 16 Dec 2021 11:18:40 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-bT48yInCCS3ZU2UTNSNEYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
51MUBRiAytL._SL125_.jpg
m.media-amazon.com/images/I/
4 KB
4 KB
Image
General
Full URL
https://m.media-amazon.com/images/I/51MUBRiAytL._SL125_.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:8200:1d:d7f6:39cf:a761 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
7a32e6dd7548d9ec4a6ee8f1ba227fdbc4b9991b0e1a50160bae95e8c10c8e14

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 01:34:10 GMT
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
age
3404670
edge-cache-tag
x-cache-452,/images/I/51MUBRiAytL
x-nginx-cache-status
HIT
x-cache
Hit from cloudfront
content-length
4015
surrogate-key
x-cache-452 /images/I/51MUBRiAytL
last-modified
Fri, 13 Aug 2021 02:39:46 GMT
server
Server
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
8fc41711-2917-4675-b6aa-0be86f4b0c23
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
https://www.amazon.in, https://www.amazon.com
x-amz-cf-id
2t0l_xXaNSySSyDtg4Imh92ZroXOzEc2m4s4ZberrV9ZKzYenyFjeQ==
expires
Sat, 02 Nov 2041 01:20:19 GMT
61VBaAS4IbL._SL125_.jpg
m.media-amazon.com/images/I/
5 KB
6 KB
Image
General
Full URL
https://m.media-amazon.com/images/I/61VBaAS4IbL._SL125_.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:8200:1d:d7f6:39cf:a761 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c2cc30d2c45bb0ff5adc4a5a73f520914fc62b05c8b9594c24b0a68a991f7026

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 01:34:48 GMT
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
age
3404632
edge-cache-tag
x-cache-142,/images/I/61VBaAS4IbL
x-nginx-cache-status
MISS
x-cache
Hit from cloudfront
content-length
5581
surrogate-key
x-cache-142 /images/I/61VBaAS4IbL
last-modified
Thu, 23 Nov 2017 23:55:26 GMT
server
Server
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
833bd9bc-c9a1-463c-ae1d-63bf5572219a
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
https://www.amazon.in, https://www.amazon.com
x-amz-cf-id
P0bGYqfWhHYO911vmGVH0UziDTgBZNL22B-OgdO3mtPNUAFDhdAGOQ==
expires
Sat, 02 Nov 2041 01:34:48 GMT
truncated
/ Frame 54AC
694 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76216b6c25b768e5bee4b758dacfef993b3e87cc2d7fd9bf192bd685d1ae9bfb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 54AC
706 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b28d8e93ecf9067ff746e514c79ad5adc53cc00965630bfe0b118cf80f7bf065

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 54AC
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://comments.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 14:02:00 GMT
x-content-type-options
nosniff
age
163000
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 14:02:00 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 54AC
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://comments.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:39:48 GMT
x-content-type-options
nosniff
age
509932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:39:48 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8FBB
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=4052464524088608&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame A60A
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
52151
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:49:29 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=4052464524088608&bg=!hoWlhcHNAAZKWFskSlg7ACkAdvg8WuvI5NTheKMQO7UNNeqCZzXvpKRoyjf2lT-Aqt6bmJwQCqGvDQIAAABFUgAAAAdoAQcKACk8_pS-OuP1xXCjyLmoZkYboXKL8y8g8sqI1fk15HfXr3M2dogcx8sneZkC04tdgtfVNgqzqrHrtChL9_lZ2I2oSzDSiUsx7Kj-eLMlrGhSFfITc84qsJP3CmFuX62T__LkviuugqvVdB2ViG3x2_iuNHF1VMwR3vMinGwH-AOZgbQWISmIi7wrssQ-rt7yYhxGjNtyd3lDgaqz-wYbatx7FCDXuIyp4YeopAg46hZyKryco7zKm6v1OUDnOM874SX9WjBupKR7wxTZ9yPBz5ILb0uMiJrSBvFCSqjsj12k4YruuI-xEjeBDiS1DMA4RkGLrJtWQCQlWBwnAwVLhMLpO0Prlnz6SnaB4o8xQBl398Ww1reL8lWfJfIdr8BD7jlve-4fFHs_Xo7Gz_YQFKHi1TcDjuYajAOyccgawbynpXAoN-kLPfLODzNKAueqOpKfhqrFES8WPkX2hQkhxT2aIsVLj1ZTPFaxbTa6fVvbIJov7Yw0QMnf6VUWQ36MQokVZ26rrU1yv6MD0ZLmrVKM_c63Osdx3WdUSiJnDdkLLf3J6rh9_tcRczx4ih_bBZe9-XqfI7wyIUtdqScZsOjiuz30I2ykUmDDtHWC9io-wlQmO4-4HCVYLXD6nXiQ1PyaeSdScekoapjOFWvlasncAWxmkc-D5f6unDKdBCBOTmpBozxsvexE8Yvx3dT6ZGTAbIojz5THqdmi_StRDZd6Wn31ie-qpxvvvmLa1PkShNTkJ_zi3jBi44D72Jwy6rQS85eCLt2OPRIB0fOeCNzVSkJkMZsSBObSilPBKCFv50gO4L1k1a17SeY4--_UlFBXh6GrZ2WU-xSySP5l5jtnPWXl8vw_UUb0cMr_PE954SnnTEAjqt0AmxVAXbG54IkcSvjKdpzrkRuTcv_KgUn8M5MRY3QY_aV3fJijttigA-Ai9vh87BLp22uLm4sHgL-B2tBtdZnCw_FYMtOEksdge6HfN39QLd-lV8EzUu9pcCbP2ohAlnsI9DOAVlclrg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/
149 KB
53 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54385
x-xss-protection
0
server
cafe
etag
4993246191385855005
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 16 Dec 2021 11:18:43 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D32A
99 KB
32 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7aa24a879f121376567419b3d360ee9b65f43162ed279cdf235fa3ecb4cf0c99
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzyoK2Z6PQCFeFAkQUdEY0DCg&gqi=kCC7YZjXKYnTtgfq4LD4Dg&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzyoK2Z6PQCFeFAkQUdEY0DCg&gqi=kCC7YZjXKYnTtgfq4LD4Dg&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 11:18:41 GMT
server
cafe
content-length
33151
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:41 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame F89A
71 KB
23 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6a565df41bd9cf37caa933990ec07d5a00936883878596440a40553fe9d2004a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 11:18:41 GMT
server
cafe
content-length
23565
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:41 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 3604
21 KB
10 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a5e0cbd45ee22bb7af19250f8e26d183bc7cceb22d1c092b0b753b534fd7b3c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 11:18:42 GMT
server
cafe
content-length
10253
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:42 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 8A77
90 KB
31 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ff927c15e0476f51f0f274a6496c1eef0a2cc181e0ab2f9e4488258c547f0d8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 11:18:41 GMT
server
cafe
content-length
31920
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:41 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 9199
436 B
235 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=1315137869&pi=t.aa~a.442764149~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250%2C296x240&nras=6&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=3202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=sjX7wUQPNM&p=https%3A//www.redpacketsecurity.com&dtd=43
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d4909dbff41f7faeb73f2af3a54c41cd8905cd964015819c4edb88e587c75f15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 16 Dec 2021 11:18:41 GMT
server
cafe
content-length
211
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:41 GMT
cache-control
private
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame F89A
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:17:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
72
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:17:29 GMT
css
fonts.googleapis.com/ Frame F89A
8 KB
714 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 10:16:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 11:18:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 11:18:41 GMT
outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame F89A
14 KB
3 KB
Stylesheet
General
Full URL
https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.css
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:05:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
148371
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2798
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 10:36:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Dec 2022 18:05:50 GMT
outstream.min.js
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/ Frame F89A
355 KB
123 KB
Script
General
Full URL
https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:15:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61410
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125995
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 10:36:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Dec 2022 18:15:11 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame F89A
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:16:30 GMT
csi
csi.gstatic.com/ Frame F89A
0
327 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kx8vde47&c=8610622549566&slotId=4305311274783&qqid=CMCaoq2Z6PQCFbxIkQUdQMEDdA&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4014:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame F89A
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:56:19 GMT
x-content-type-options
nosniff
age
62542
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 17:56:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame F89A
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:39:48 GMT
x-content-type-options
nosniff
age
509933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:39:48 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F89A
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Cnry2kCC7YcCSLbyRxdwPwIKPoAfLp7SIZ-3ot_nBDqrm0uCyARABILWvoCdglcKDgpgHoAGSrfDVAcgBBakCvoa3jf32sj6oAwHIA5sEqgSQAk_QEtDGvdzvQOtDN4XHvqQvZ7mi4guUpepS2NcXp0n6bTEtabGq1kw2OAIYSYUpizYGR8xTYfZTcoM06gLxXKpSE-Y7reEb0x6fiO54IF7ViMyW7_h3RCti9AHWedCLZktCZPd4TodWHT11qNDIbNhjxghHjbpwCYGtFQV1FxANfaWXVRV3fj_R1cLw69KGLwv59Bfqvk9x_aK60p-PPCkI5IaleDcqXNnnAU3nfHneOGl-KrFu6fH9DT-IgbX8NhyMIKZvYBXSAeVaZvPAxKFyvblgcxevLa26jMuW4JzfUrdIethe15escsTUYSHHXOu2TyUcJGbPQnp5kKjfxcXJEfS9EJzmuRjPzgU_b685wATUg5vr8QPgBAOQBgGgBk6AB9bSj6oCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBPax8gNyBP70sbeA9ATANgTCogUBNgUAdAVAYAXAQ&eventType=clickstring&clientTime=1639653521342&ai=Cnry2kCC7YcCSLbyRxdwPwIKPoAfLp7SIZ-3ot_nBDqrm0uCyARABILWvoCdglcKDgpgHoAGSrfDVAcgBBakCvoa3jf32sj6oAwHIA5sEqgSQAk_QEtDGvdzvQOtDN4XHvqQvZ7mi4guUpepS2NcXp0n6bTEtabGq1kw2OAIYSYUpizYGR8xTYfZTcoM06gLxXKpSE-Y7reEb0x6fiO54IF7ViMyW7_h3RCti9AHWedCLZktCZPd4TodWHT11qNDIbNhjxghHjbpwCYGtFQV1FxANfaWXVRV3fj_R1cLw69KGLwv59Bfqvk9x_aK60p-PPCkI5IaleDcqXNnnAU3nfHneOGl-KrFu6fH9DT-IgbX8NhyMIKZvYBXSAeVaZvPAxKFyvblgcxevLa26jMuW4JzfUrdIethe15escsTUYSHHXOu2TyUcJGbPQnp5kKjfxcXJEfS9EJzmuRjPzgU_b685wATUg5vr8QPgBAOQBgGgBk6AB9bSj6oCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgfgAoBmAsByAsBgAwBsBPax8gNyBP70sbeA9ATANgTCogUBNgUAdAVAYAXAQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vast
bid.g.doubleclick.net/dbm/ Frame F89A
29 KB
14 KB
XHR
General
Full URL
https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BYCdjvN8vFzi07q1I6sgE1IVVwvZ63GUkZvycFDuUvVfc65Xbv9iKWucYKBORlLxrgQyjBqWDPk3ujYY46SQlF5_ECKw&dbm_d=AKAmf-Dl2iGvzo51R4kTDzFIWa0Miu82Nuo3tlW3R4Ib0NKm0CCFJbjJuPIjYoZ62Z5xlHhYqMAgVDhWlbK6dSK5y01qnnM5eD7w-GLdU2iGHK4U2HA7zz98CCyXSbDcIckWzio-_riYcGhl5-eZ9xLAa3krK4DWsNgL_fNro8nCSXeNjwYX3wHP56BXv-BXPoj2mVUoMz4HQSt6h06G8txoyBLo_94zs51Ry2WzAT0hsmE27T1sPYOjajihi81asw40SFE4T4IBYdEy6uxBZpIXqZdrFM5cI386HokfUiLKhGtRqXjx_BSqBvtIWaeit0p5_qUFUrlc1SGXrWgl3TyvwDZ7Oz-Ok5rXSziOFBIkq-_JKrGAo29Wk80IW6AFsqbB2JoRZbRKl2xLifM4Oua1cu2QJQIs88ape0FUinFtkFi28247ib-JTEZTLGq2znREGlsDCn0CshrDyfapARibYlB0WTD878qbP6AJcBLGtzSiJMJJX81l9jDbqQ6M3wq7i_G8SOC1uA-3DgAdvX-ezwm_C9lOeyC6-hDc_6ct08NEj3xDKKovAISPctebOCn9VNdPmJc1QJbaryqc4oPCKfY6rlhoo7LMm8itvFGIHOmHN3Q-bpSx59JFOec0XPNSc9VGlMfl-CKcbi13S9gULctp5Yy-mUR44LoekOwGQu4tZlf08-ardEOK-9PDIvqvW6c4JJDZ20Iskf_WvJi31K4AKBUR3JCInYr0kMBtoa0pm-lvrIHIPb3-cBIwL_Ri7nPIfG74AVUkbcFRJNWcC-ogGmlSQg1RTZYDur7z06yszex2pPBhshNTBuKNfEfYsKKEV66E3Ubpd-U9-Sdi_Bi1-7NpILD8DfYUkoIZGXRGxGovMQrWAnB9JnIiWSovRy3aSTNgPlBvBxnLhVNGIAZ_XkYmEWFMmsvjiNfLpgY2GjUFRjFp9IYzcSuNjNnlRbzVrs0RdKu26gvidd2ioLS5ZBTNzXW2rabJ3FaNGP0ZSes0XnJ1P03e1Q1wdlAfnJOdw-vN-vl6lHBWpcjbSuYQjNtlo5P4Y9L3f_gwxot7VE77MJ5AXx29FqqyRQ12GZCtSIoAPiGfs4dyjCfEiO3xiaUnm6ZiSrRgTcVvVINm2OiFbMPoC0CGjXR_OwM7M2zFhcC9L5PUI6a7rdUBiAnM0p-4jHXjWgm2wnnUFZjnq3Yx7xsgdkmb-v4MAEz2iyQvrR6ZQJtBWkmRKsRO_lyPCaBhukip0qQ5X1Sbinvg56goI8A65aGT1KopEm2XgoFa8uxPPwuYpDfToKvjDGzMaoWTsNQPGDfPVclQqTlVBUG3a66RYVWjQFbXoMLw9Yn-GptYr1BYXdD8O4WKhqHBnIdGqcAEIFB6eE4nEYdce7VRid-Hqf1yxA06Ye9KffjEDiVtZnisuUkepyvo8HfLf6ONu-JC4vTtbRgcAC6bCTfK36OnF-J0TZo50ZYSwKnntVwGBruzIQ704M0HOW8pBD8TG36ws3l_dnZ7eggjzbyTjTeZv4T9ysTFuanKrwpehfYbGKxZaywK8M8bGU191dmnOA0vV6cDmxj7y0ndTdOPAI6mXKIOFWDQ7G4hRJergsjHmX4tqzAmm7IltXCeY010wJmVfYNog3R4OsKjR_bsbUD3SmWwhAV1Ni7T8yJ8KbQVOh3Mpzt330hKK2F1-zR-jo0tbxNVTDcLukATeOPCZrykxD5woYrLpVH7ZpgagYN9cv39xy8U1UK4egPiP755LLWGT7bovmpSMpM1uKED8aXB93gZkDCjOS2ehQ4lEZxfLi8b29IuAgeXEAdxPUL7PPe9ZMG7G9EgFMjeRFk3kd74DoqC9e3rN18zXs1DbBrp8IgsZmg3pwOoLeI6ff_tnhQryg1pcq3Bq-46xlyQzIXDrYuQC8YqnvKiN4tJi-UNy0pVmmtnRrwUabxiky4D-8_-FE7sh_trNJFD39Wd5CV2UUaHP0hkNcQlfIFiUx2vTU-y4N7ADAZ7cfcZpyX7uDLmIoTqihSOMmrPcY9tv91ghYUWxifXKeRzX7sz2VW9LR5TrwDiR0yBxthw97N-TuZ1lhKfW2rN8vokZCCvyLaiAAcdLSZCebLzn8JRU-rtISKIMxlForMS2cLqE31b5GVof9kqwwqvx1wPG1XYx2JOps63jDOosGNzMjOxYBlW6Zz_cAsJjMvJkr6uxEBjf1WMbbZJel5g_apHM9fOgkvF6mkIyJ3h06XNrkFrxEBTcuoCnD_oK2jM4qso1Wz3PQd2Jm1CcGmTUC1DQ3LQlUHIcCcbEXUmaUa8sZgFbYhf5VRAIm3NN5jf2f1uBp-QomjDbcQ2DTUoIZ2A8XbkKfTWBV5hwt040A3Qgb_rjdoVKc-fN5Jq_bfhcLA2zHlcmje8Hyd61_TbG7wpk1YBPN2dSFQWgFKTD_4UI6bltuDb8c60zJIjfW8nBJ25wLpKkfT9iwpShJW2MBn8yNkw-vSte76aOjmlCyGf_GrgH2Mhm7plslxlmH2csTrUEQ4BZWmgzDUpaE6H96UIN_kF_eX272a4RHXFyRcLuDcUOK1zwcyWl6dxbARbx7xM4gdskSxvJsUqXVUOEFvhKIay9gxH8T6vpWelxBYJEIsLETtNWvEogn3ukpA9SOFihfhbmuJ1hQRUlgYdH-Xe_shGMjVeyJkbkZyN7McRzNgZ4V4sPkk09Mel6TljS7U1XtvZpN8WyIkz_-ZdWn_9zEc_6M0v3x5TcLfEZtN4ZG4NmFyt82lS1_r1MCmcBWR5tMSzP_Z_v4vnfcK0Vws9X137dDr9sZ4eQmyfdgl3PqGBoE_viuyJHfih17XzbKSTPyKzyIkVrW9DA0RDdHEeXOTp5vSeZ6n0K9TfRuVqf-KkEJ6IBCXAPL7hILTC-1nqbS5SGlcdZeEIeMf4nE5idyDpYnPwrzClhkCfzFuxrMg52cMeJvZdVxmtssiff1uyciVa4-2ya8GDjpCePBEzofyFsM9jtXFjPbULM_IQ0QrF2majMHLnLyjmsizD5b--wx9uUUmdQrNRfl03rZ2Fds3QZ07QbrEG7fljeODAlI44K2KRG2Lo5YJ20BopSx8h71QFpJWnmQRBnqt0JA5a3kn4UGjd_pQdqFZMdFUhvV_F6sX6uNzQ5jH053X17xK0WqIbrtAvww8O7ckqxE-AGCi0_B4BT46UHMuEASBU2t05zYlmZpULKlL8gD1fWgMcwPMgzR8zA4kpYtWxQOsRX9gwxIAE3O3eZVJlN3-JZuHS0_bsquDOUVCcJnaFNsOpaHfmgzVmOo0rO1RYLVFkIuETESjJq15LwgXlZwzelPdNUlAo&cid=CAASEuRoRoBOYZJ6NpZNbpGK4kiFNQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.177.15.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wr-in-f157.1e100.net
Software
cafe /
Resource Hash
47cb90f7f02ecd29c700b1a61d0714af6bdd8e8d251b0bbeb85ac985a6fbef94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:41 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14227
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame F89A
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CiYEOkCC7YcCSLbyRxdwPwIKPoAfLp7SIZ-3ot_nBDqrm0uCyARABILWvoCdglcKDgpgHoAGSrfDVAcgBBakCvoa3jf32sj6oAwGqBI0CT9AS0Ma93O9A60M3hce-pC9nuaLiC5Sl6lLY1xenSfptMS1psarWTDY4AhhJhSmLNgZHzFNh9lNygzTqAvFcqlIT5jut4RvTHp-I7nggXtWIzJbv-HdEK2L0AdZ50ItmS0Jk93hOh1YdPXWo0Mhs2GPGCEeNunAJga0VBXUXEA19pZdVFXd-P9HVwvDr0oYvC_n0F-q-T3H9orrSn488KQjkhqV4Nypc2ecBTed8ed44aX4qsW7p8f0NP4iBtfw2HIwgpm9gFdIB5Vpm88DEoXK9uThylVK-J_QeRyMDl0Cx7Jzp_Y9Eg2f42h_Dc9lWSLxmPfPw9NGJ0oiEhscbDEI0JQzriMqhlk81DqDABNSDm-vxA-AEA4gFpteE0DeSBQYIGxACGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBk6AB9bSj6oCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwoQjukLGKKtq7cB0ggJCIDhgBAQARgfgAoByAsBsBPax8gNyBP70sbeA9ATANgTCogUBNgUAdAVAYAXAbIXHAoaCAASFHB1Yi0xNTM2MzM0MjE5NTYyNzcxGAA&sigh=yXI1GBZaqzY&uach_m=[UACH]&cid=CAQSPACNIrLM9jRrWatDpgd8_Wln7qQg8McikFLvywAnTElwWwCSqa2YBCjYx5HClEiYCsaBx-WpLRkqvECBPQ&vt=10
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 11:18:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 0FE0
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 16 Dec 2021 05:53:44 GMT
expires
Fri, 17 Dec 2021 05:53:44 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
19497
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame F89A
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2d7ecfb8fdab8b602e281c210e1e8514ae1a66440747bf9ff218a20ce2abfb81

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
dpixel
cms.quantserve.com/ Frame 0FE0
35 B
463 B
Image
General
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECoHwrnMD9cQz5xxS8D52xU&google_cver=1&google_push=AYg5qPINJVBFKGdDguDwpuVDPKh4Pj9ZXTNquN3P2eOf_hF88hoAS4BuPc-V0xCPJHm99u5t_Eto2pHg97qCASZT3fH9pqbqV3JL
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0FE0
Redirect Chain
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKf_kyVxIMq1w-XrC22E1FH7XHMwE19VQ1mW3u...
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFCZDlHYUQ5dw&google_push=AYg5qPKf_kyVxIMq1w-XrC22E1FH7XHMwE19VQ1mW3uZMu8wuXtq3_60-dJLOO7W5piSZCgXPxv_4eonpI10Rn5ihtnNYDtuaS9R
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFCZDlHYUQ5dw&google_push=AYg5qPKf_kyVxIMq1w-XrC22E1FH7XHMwE19VQ1mW3uZMu8wuXtq3_60-dJLOO7W5piSZCgXPxv_4eonpI10Rn5ihtnNYDtuaS9R
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFCZDlHYUQ5dw&google_push=AYg5qPKf_kyVxIMq1w-XrC22E1FH7XHMwE19VQ1mW3uZMu8wuXtq3_60-dJLOO7W5piSZCgXPxv_4eonpI10Rn5ihtnNYDtuaS9R
Date
Thu, 16 Dec 2021 11:18:41 GMT
Server
Apache
Connection
keep-alive
Content-Length
391
Content-Type
text/html; charset=iso-8859-1
pixel
cm.g.doubleclick.net/ Frame 0FE0
Redirect Chain
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEHpbV1W-zITJD1wAOZrA2JI&google_push=AYg5qPIZVxnlE_6slT6LbpDf2zC_HGCHrnvUE8Q46BhjlMy7Vu2gcyIEBNZG-8cPiXy4rIPV4m0rotErQW-4VkX_uhg03Ji...
  • https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPIZVxnlE_6slT6LbpDf2zC_HGCHrnvUE8Q46BhjlMy7Vu2gcyIEBNZG-8cPiXy4rIPV4m0rotErQW-4VkX_uhg03JikMZA&google_hm=MTA4MTQ2OTA4MTg4NDg...
170 B
329 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPIZVxnlE_6slT6LbpDf2zC_HGCHrnvUE8Q46BhjlMy7Vu2gcyIEBNZG-8cPiXy4rIPV4m0rotErQW-4VkX_uhg03JikMZA&google_hm=MTA4MTQ2OTA4MTg4NDg4MjY5ODA
Protocol
H2
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPIZVxnlE_6slT6LbpDf2zC_HGCHrnvUE8Q46BhjlMy7Vu2gcyIEBNZG-8cPiXy4rIPV4m0rotErQW-4VkX_uhg03JikMZA&google_hm=MTA4MTQ2OTA4MTg4NDg4MjY5ODA
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
dds
rtb.openx.net/sync/ Frame 0FE0
43 B
350 B
Image
General
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEN653OdjzFj9O9bu-u950dQ&google_cver=1&google_push=AYg5qPLkEWnS4gD6N7U0GneRq-qv343xXrbAYw4vuggw99ijHjXFtrRKLQ29BKTRLcNhbTBaBRgCfv0IcPIBkcbEwxoLs4Z53kfg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
97asc30pi0ongodlpd0phoo5hu2a0u6n
pixel
cm.g.doubleclick.net/ Frame 0FE0
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3KcqdOt4R_uHNib3xrzZuw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3KcqdOt4R_uHNib3xrzZuw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJRyeqYmQIDg2DmEI9Wq7hS47mOpWyT3IB4SQQOtZWohLgUTmMqbbixfhAuK3kdxAo725oF2wslfrYvVqkNostOyv0JIahH
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3KcqdOt4R_uHNib3xrzZuw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJRyeqYmQIDg2DmEI9Wq7hS47mOpWyT3IB4SQQOtZWohLgUTmMqbbixfhAuK3kdxAo725oF2wslfrYvVqkNostOyv0JIahH
date
Thu, 16 Dec 2021 11:18:40 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 0FE0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELgGtnutX7kIFMX2CFe8vrI&google_cver=1&google_push=AYg5qPLGxNIl4RttVjQCSAss7cq9a-Br65Z2weVC0rWuSGYwdQipNHdoZEfjl85q2qivtmJPe5X...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFRVQtMUktOTNUWA==&google_push=AYg5qPLGxNIl4RttVjQCSAss7cq9a-Br65Z2weVC0rWuSGYwdQipNHdoZEfjl85q2qivtmJPe5XYWoNu09C_iTrbgP8dlHdYYfI
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFRVQtMUktOTNUWA==&google_push=AYg5qPLGxNIl4RttVjQCSAss7cq9a-Br65Z2weVC0rWuSGYwdQipNHdoZEfjl85q2qivtmJPe5XYWoNu09C_iTrbgP8dlHdYYfI
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFRVQtMUktOTNUWA==&google_push=AYg5qPLGxNIl4RttVjQCSAss7cq9a-Br65Z2weVC0rWuSGYwdQipNHdoZEfjl85q2qivtmJPe5XYWoNu09C_iTrbgP8dlHdYYfI
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
83041abbe8494cb29eff3083edd6dff6
Expires
0
pixel
cm.g.doubleclick.net/ Frame 0FE0
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c&google_cver=1&googl...
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c&google_push=AY...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDw...
0
0

attr
cm.g.doubleclick.net/pixel/ Frame 0FE0
0
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IgMQZ8kYTlnnq7XLcjaqZRVJL1I-IX-cG6r7LDW-0epucInPRA57_vfdBgEsSOV2ZRWfUD
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=851869287&pi=t.aa~a.2354693291~i.25~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280&nras=3&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=xPiGuNDV85&p=https%3A//www.redpacketsecurity.com&dtd=30
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
css
fonts.googleapis.com/ Frame 8A77
4 KB
618 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 10:21:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 11:18:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 11:18:41 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8A77
1 KB
880 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 10:57:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1286
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 10:57:15 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 8A77
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:17:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
72
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:17:29 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8A77
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:12:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
372
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:12:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8A77
119 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 11:18:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8A77
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:16:30 GMT
l
www.google.com/ads/measurement/ Frame 8A77
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTGMIJAQ2dQwHGwp0qJX_gXomsZsupDd1mwQ_cv5u1UFaqAM2rTKfHU2RTV50Ztept02sywTUtzwtLVn4NuPu8uX_ytsg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 8A77
27 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
144720
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/15505762311930452332/ Frame 8A77
22 KB
22 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/15505762311930452332/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b050ecb4fbf2f33c0e1db06e6f1af716251d61c49e9712ee0844c34895b4c384
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 07:56:52 GMT
x-content-type-options
nosniff
age
184909
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22524
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 11:36:44 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 07:56:52 GMT
truncated
/ Frame 8A77
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
adview
googleads.g.doubleclick.net/pagead/ Frame 8A77
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CJOBpkCC7Yeq5LcLiywX_qbagAu3Hn5Jn7sfwyf0OsJAfEAEgta-gJ2CVwoOCmAegAeyxw4YDyAEJqQK_RP-XygqoPqgDAcgDywSqBLgCT9B7b9hgWvMP2Zugj1yjrWIxFCJpxa4O5ul1FzsIZkE_wREhbLrPX5_h7BhvtBQwD9tcUA9coriKOxHH8iyKz2qxvEfc_1CtbN-Ng_sYocU-js34CZ9UuAt6y4GrJq0Q0OsTSZLCxWowIhK8-_W_W1SJZLMufQIYIAwzINrrLoM5voBjfVbqsz67FEUmHZh1FsD350fZaNWBh93VUBVqn__du1BoWkqUTHBp8-O0Cbf3-dTvQKI_nMqcZTjtLKflmbAVNPCAn_HwU7-HHd_pF_eF1RLBZozvdQlXIzSlFwJZqpcZ0vlQH9LrsMlWhUOD6tSFd4unHtyD0R8ul0N3Gay1f1ojvBe7oeoeMEuBipXG82Fr0ytf24WkEviXNUiEeoCF8WJRCUuVBIcaEg4VE5IIEfYQmd5PwATKvJyf7gOSBQQIBBgBkgUECAUYBKAGLoAHwpqTtwGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDItgTSCAkIgOGAEBABGB-ACgHICwG4E4gn2BMN0BUBgBcBshccChoIABIUcHViLTE1MzYzMzQyMTk1NjI3NzEYAA&sigh=EpFuNDL5Lrw&uach_m=[UACH]&template_id=5000&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 11:18:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame F6B1
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 16 Dec 2021 05:53:44 GMT
expires
Fri, 17 Dec 2021 05:53:44 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
19497
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
HdsydzJK.js
tpc.googlesyndication.com/sodar/ Frame F89A
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/HdsydzJK.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:21:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
122229
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15407
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Dec 2022 01:21:32 GMT
file.mp4
r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame F89A
Redirect Chain
  • https://gcdn.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
  • https://r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,i...
0
0
Fetch
General
Full URL
https://r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/60CFC0F3E526DFBAFEC66F3196CE3A803AEC0B09.3493351EBDC17645E0A5AC44892F8407F264050D/key/cms1/cms_redirect/yes/mh/7g/mip/2a01:4f8:a1:1a1:87::1/mm/42/mn/sn-4g5e6nz7/ms/onc/mt/1639653190/mv/m/mvi/4/pl/42/file/file.mp4
Protocol
HTTP/1.1
Server
2a00:1450:4001:65::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 16 Dec 2021 11:18:41 GMT
X-Content-Type-Options
nosniff
Connection
close
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2120630
Last-Modified
Mon, 11 Oct 2021 14:27:00 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Access-Control-Allow-Origin
null
Access-Control-Expose-Headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control
private, max-age=86400
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Timing-Allow-Origin
null
Expires
Thu, 16 Dec 2021 11:18:41 GMT

Redirect headers

date
Thu, 16 Dec 2021 11:18:41 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
653
x-xss-protection
0
pragma
no-cache
server
ClientMapServer
location
https://r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/60CFC0F3E526DFBAFEC66F3196CE3A803AEC0B09.3493351EBDC17645E0A5AC44892F8407F264050D/key/cms1/cms_redirect/yes/mh/7g/mip/2a01:4f8:a1:1a1:87::1/mm/42/mn/sn-4g5e6nz7/ms/onc/mt/1639653190/mv/m/mvi/4/pl/42/file/file.mp4
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
https://googleads.g.doubleclick.net
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F6B1
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDBa0gH1mI_F4aE6GZgGQ68&google_cver=1&google_push=AYg5qPJcMkfdAGk3SHzNw0_EF6dhUpLHrIQGz3WPy2af_27Nh59f-BDR6P...
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJcMkfdAGk3SHzNw0_EF6dhUpLHrIQGz3WPy2af_27Nh59f-BDR6PMbBBZxc2IvB1g_ybfcn0ef8qWk6Uta1UCoGW87dWA&google_hm=BL0AMlS...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJcMkfdAGk3SHzNw0_EF6dhUpLHrIQGz3WPy2af_27Nh59f-BDR6PMbBBZxc2IvB1g_ybfcn0ef8qWk6Uta1UCoGW87dWA&google_hm=BL0AMlSdEvpbt-Le7ZupOw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJcMkfdAGk3SHzNw0_EF6dhUpLHrIQGz3WPy2af_27Nh59f-BDR6PMbBBZxc2IvB1g_ybfcn0ef8qWk6Uta1UCoGW87dWA&google_hm=BL0AMlSdEvpbt-Le7ZupOw
pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F6B1
Redirect Chain
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPIYNBhO2VDX7CXGYoD3qXfDI69vco9rcjvOsuy...
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFBZnlRQUZFcg&google_push=AYg5qPIYNBhO2VDX7CXGYoD3qXfDI69vco9rcjvOsuy9x7vvk_vQj7RIeQmpQ71B2J44mDYT60Rdo1S-frboId4cqQnq3Gprmx8j
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFBZnlRQUZFcg&google_push=AYg5qPIYNBhO2VDX7CXGYoD3qXfDI69vco9rcjvOsuy9x7vvk_vQj7RIeQmpQ71B2J44mDYT60Rdo1S-frboId4cqQnq3Gprmx8j
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tRQUFBZnlRQUZFcg&google_push=AYg5qPIYNBhO2VDX7CXGYoD3qXfDI69vco9rcjvOsuy9x7vvk_vQj7RIeQmpQ71B2J44mDYT60Rdo1S-frboId4cqQnq3Gprmx8j
Date
Thu, 16 Dec 2021 11:18:41 GMT
Server
Apache
Connection
keep-alive
Content-Length
391
Content-Type
text/html; charset=iso-8859-1
pixel
cm.g.doubleclick.net/ Frame F6B1
Redirect Chain
  • https://d.agkn.com/pixel/2175/?google_gid=CAESELVx0rAaNTYOa9EIvQfprIQ&google_cver=1&google_push=AYg5qPKhd72onjPtkEtRVtFHxMKLo20B14qDvPpLRVrmcC2YenA6o-eiPC17hn90H5leRGKBzVwp_VE8gGU7TNHfqFFQp166Tiw
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKhd72onjPtkEtRVtFHxMKLo20B14qDvPpLRVrmcC2YenA6o-eiPC17hn90H5leRGKBzVwp_VE8gGU7TNHfqFFQp166Tiw&google_hm=Q0FFU0VMVngwckFhTlRZT2...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKhd72onjPtkEtRVtFHxMKLo20B14qDvPpLRVrmcC2YenA6o-eiPC17hn90H5leRGKBzVwp_VE8gGU7TNHfqFFQp166Tiw&google_hm=Q0FFU0VMVngwckFhTlRZT2E5RUl2UWZwcklR
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 11:18:41 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKhd72onjPtkEtRVtFHxMKLo20B14qDvPpLRVrmcC2YenA6o-eiPC17hn90H5leRGKBzVwp_VE8gGU7TNHfqFFQp166Tiw&google_hm=Q0FFU0VMVngwckFhTlRZT2E5RUl2UWZwcklR
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
dds
rtb.openx.net/sync/ Frame F6B1
43 B
64 B
Image
General
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESECS-tk0S7QDouQpzR1aCC0M&google_cver=1&google_push=AYg5qPL2gPDISzlsqC0OHYr6BC5qFrtz5Wy0vya-OnGGlibZKB4U9c-XQ_qFtxZiJg5Ni0jHjzk3muwbZvpbgAd-Xr9rtag9YHWE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
rpbajneajog6h86drg9b4so0nvagafp4
pixel
cm.g.doubleclick.net/ Frame F6B1
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJW4c97VcqPD7YmsIfigoGhpBSLRu2GcRSbV_Z6qtyCyig68v1zEZD3ZVWcunQfYRl_mHgobu02Kezf4mauqzKzWw-MIFJn
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJW4c97VcqPD7YmsIfigoGhpBSLRu2GcRSbV_Z6qtyCyig68v1zEZD3ZVWcunQfYRl_mHgobu02Kezf4mauqzKzWw-MIFJn
date
Thu, 16 Dec 2021 11:18:41 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame F6B1
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEK8EO5HgxPO2RxpSiin2g9E&google_cver=1&google_push=AYg5qPK-EFE72bvWyVgGiAX83g4I-Fi4b7geDIS-xi4POw5mut9nthc1-DK6FQ-QQt33AjAvuwj...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFSEotMUUtOVNWSg==&google_push=AYg5qPK-EFE72bvWyVgGiAX83g4I-Fi4b7geDIS-xi4POw5mut9nthc1-DK6FQ-QQt33AjAvuwjUujM59_Q907W7nKya9aLI1YJ5
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFSEotMUUtOVNWSg==&google_push=AYg5qPK-EFE72bvWyVgGiAX83g4I-Fi4b7geDIS-xi4POw5mut9nthc1-DK6FQ-QQt33AjAvuwjUujM59_Q907W7nKya9aLI1YJ5
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRFSEotMUUtOVNWSg==&google_push=AYg5qPK-EFE72bvWyVgGiAX83g4I-Fi4b7geDIS-xi4POw5mut9nthc1-DK6FQ-QQt33AjAvuwjUujM59_Q907W7nKya9aLI1YJ5
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
382e2818ca015d35b02cd449aa60881d
Expires
0
pixel
cm.g.doubleclick.net/ Frame F6B1
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1...
0
0

attr
cm.g.doubleclick.net/pixel/ Frame F6B1
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KdyOB5H3jCXLrwcu0KnZwSlE7NETTbzhpFVY2Ni3jwKhbbyo9OaSBm4fRtRhmr9qm5NIdj
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:41 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
H0ZEmIz7.html
tpc.googlesyndication.com/sodar/ Frame 8036
23 KB
9 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8727
date
Wed, 15 Dec 2021 18:15:13 GMT
expires
Thu, 15 Dec 2022 18:15:13 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
age
61408
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 8A77
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1fd8ea040ca2516d5dfcf5947765b9e8ce41d015f453495172e0fd20fdd35a26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 8A77
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 14:02:00 GMT
x-content-type-options
nosniff
age
163001
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 14:02:00 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 8A77
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:39:48 GMT
x-content-type-options
nosniff
age
509933
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:39:48 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 5653
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=240&adk=3189066552&adf=3311423583&pi=t.aa~a.442082749~rp.4&w=296&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=296x240&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280%2C310x250&nras=5&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=2141&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=RFufbJ8ZiS&p=https%3A//www.redpacketsecurity.com&dtd=37
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
52152
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:49:29 GMT
ssrh.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame D32A
84 KB
29 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:01:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62250
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30063
x-xss-protection
0
server
cafe
etag
16132151104434394549
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 18:01:11 GMT
A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
pagead2.googlesyndication.com/bg/ Frame 8036
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 09:14:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
7473
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13610
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 16 Dec 2022 09:14:08 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame D32A
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:17:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
72
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:17:29 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D32A
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:12:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
372
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:12:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D32A
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 11:18:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D32A
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:16:30 GMT
12868147014195272120_3298726605376578586.jpeg
static.doubleclick.net/dynamic/5/332567485/ Frame D32A
91 KB
91 KB
Image
General
Full URL
https://static.doubleclick.net/dynamic/5/332567485/12868147014195272120_3298726605376578586.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a698eb66dbefa0025177040c415a58cc7e5205cf93105d540e43e4ea42ae837b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 05:00:09 GMT
x-content-type-options
nosniff
age
281912
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
92913
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 11:23:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Dec 2022 05:00:09 GMT
18125097514243533427_9730422361086237891.jpeg
static.doubleclick.net/dynamic/5/332567485/ Frame D32A
182 KB
182 KB
Image
General
Full URL
https://static.doubleclick.net/dynamic/5/332567485/18125097514243533427_9730422361086237891.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
49f9bdfcac490957e4d06b3fd31ab291deaa4471d14739a07f60f79f2e8cd373
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 05:00:10 GMT
x-content-type-options
nosniff
age
281911
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
186597
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 18:49:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Dec 2022 05:00:10 GMT
3308857198100694351_3150490294584765704.jpeg
static.doubleclick.net/dynamic/5/332567485/ Frame D32A
121 KB
121 KB
Image
General
Full URL
https://static.doubleclick.net/dynamic/5/332567485/3308857198100694351_3150490294584765704.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
51a6b4bf654e7ddae141e7319bdd8725d2a87b77deebda0ed008d5165a5b1760
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 05:00:05 GMT
x-content-type-options
nosniff
age
281916
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
123692
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 11:20:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 13 Dec 2022 05:00:05 GMT
2459977647097642775
tpc.googlesyndication.com/simgad/ Frame D32A
24 KB
24 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/2459977647097642775
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2881366730ae36d154ab48b8c1b8bf1d0b2cb4cc47a354ce90a04a044e034291
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 05:10:11 GMT
x-content-type-options
nosniff
age
194910
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24408
x-xss-protection
0
last-modified
Thu, 08 Oct 2020 14:43:57 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 05:10:11 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame D32A
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cq4oOkCC7YbzqK-GBxdwPkZqOUMX72O1mt9-WxooN2J7_paMREAEgta-gJ2CVwoOCmAegAYr2454DyAEJqQKFc3u6C--yPqgDAcgDywSqBLECT9B3-Ya75p5TJTTRL8UcEpu6Q4FlHK2lq1etBqYeAWidZNsiUXOUPW9OdfdrzAwFMtXaMHZFrPWpaVfkNf27WJPFJQRdkjelJkEZZXOWiaFn9-O7VqLSAKpL6lQjomTNkf0qUYJxGmnDSmWWcJgtsTACAyRcjlVR80HGIJE2sCk1uzAic8BjHC8Ope1-N3M834onmANah10QaaquT-Lk4umfpcwOB5GXZTS64UCt-STg5ohpt0hIxPIRJ6ZwN3pW-UddNWQZ-MQyZ93t-rEhuZENrHmyTPGx9-7sb4WvL2iS0HSL58dXoEcuEwqMmRlB5kGZpC3PQQEJql0vEpl5XtiyKvWEPsrUOj0z8QiZ8FKNrogelMnvOdlUXxgUhsTE370FSdg97fFbbQwsi2kZ0ZjABP70iLDxAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfeiZxhqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpr4b2AcA8gcEEPPyDNIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0xNTM2MzM0MjE5NTYyNzcxGAA&sigh=KUKeaGjOzEI&uach_m=[UACH]&template_id=494
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 16 Dec 2021 11:18:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
file.mp4
r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame F89A
2 MB
2 MB
Media
General
Full URL
https://r4---sn-4g5e6nz7.c.2mdn.net/videoplayback/id/c5a79a7474acac8d/itag/346/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778410421/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/60CFC0F3E526DFBAFEC66F3196CE3A803AEC0B09.3493351EBDC17645E0A5AC44892F8407F264050D/key/cms1/cms_redirect/yes/mh/7g/mip/2a01:4f8:a1:1a1:87::1/mm/42/mn/sn-4g5e6nz7/ms/onc/mt/1639653190/mv/m/mvi/4/pl/42/file/file.mp4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:65::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
e56f529193e5d07ddf0c8ef64c8a28feb6cb84177b4efdf70ca4ca6eb44ba2e3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range
bytes=0-

Response headers

date
Thu, 16 Dec 2021 11:18:41 GMT
x-content-type-options
nosniff
Content-Range
bytes 0-2120629/2120630
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2120630
expires
Thu, 16 Dec 2021 11:18:41 GMT
last-modified
Mon, 11 Oct 2021 14:27:00 GMT
server
gvs 1.0
vary
Origin
content-type
video/mp4
access-control-allow-origin
https://googleads.g.doubleclick.net
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
private, max-age=86400
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
https://googleads.g.doubleclick.net
client-protocol
quic
s
googleads.g.doubleclick.net/pagead/drt/ Frame 5B73
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 11:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
981
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_csp
pagead2.googlesyndication.com/pagead/ Frame D32A
0
20 B
Other
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzyoK2Z6PQCFeFAkQUdEY0DCg&gqi=kCC7YZjXKYnTtgfq4LD4Dg&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 5B73
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 11:18:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:41 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 11:18:41 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame D32A
208 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
13380e94a6e7f0dc1dd772e5ea0bd4ffbaa37ee20d693089b39a3ce248ae210d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8036
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BGOu5kSC7Ya3gGbHKsgLtgZ6gBgAAAAA4AeAEAg&bg=!JySlJGDNAAZKWFskSlg7ACkAdvg8WqDw01DaW2UmqZqjjXP8Xy_XmZ6rX3ZoS3l0lASi4eDOTMyTwgIAAABzUgAAAAhoAQcKACJpUaqOLWpOhBtZWETrHn0_8ywYqQv0fIbCun4VhlYHYq8-mQLv9JeF4RGeNRbfRr8GJmqJEHohe5PWLSZScAMQQ4W3rH-ZGkKi19TwlBdk4ThFAncTIvpJPedbhlWNnrVnY_Smqn-VmTk4tc0pd85rgYMGEvzJf8_VFcB057Y6cFzayl3UMXOa_jEeD3cHy03WJzmpd8BQBysCUhqFEA5SbHPoWuEnQHF3Z43Zs9UFjfqQGGE43WjVkqQ_RmdDyBT-PH7wF7cN3rqXz71MCN0fQhJXmRWZslb1_8uNE-wRgQS6EniZZfrhpmf3I3lzqtPMSJA43D0twa2pYK7qjXGD3QPjkuS48yiPmhdzEr1eSOtcO9Rd7u5V91ODvDqXrpL9GrhiYYhKand48Vr1NJH3lRgXweqcBOobNhOBycBH3OFkly4JbIv1G-aHnvGPk3TmdLNTFZUkvqZlIBHlEFqXB7o0rzRSFDt3Kx07lTjyVMDP0I0dyNBgNEISn_VdK7fgXz2EhTKztB9eBhUop_3oS-AEYGhkjZ3eti_hkqdk8NYFWuqcHx6dZRmlU_895ewM48UU79gQ1UNDyP-t7Wl4EidFAOwHJdBf8xd2Vj0CeAb77WCfIwkrmvc7AW3rf-h82pQCyCH2HaSVF6NnJSwvFH1fkzHHrIbFrgN-DHePOhbr_HaWvkK8gKocT7pOfQhXHoahd4i7w8UXaLTL5erjo5DMSBNvPQJnnjXZ4EnjAAH8tPZBlLYgIav4RR9TO-RnafHHEBeLBih1nXQb6xJ9OTnVb8JDyWLG8Ob6J_ks9WV5dTxlY88sNCEwAtUaY5vD1Bpx2pMad73FXguKBsIyQIXLAYbpkkzx8hB-9UIlN3MqjX7uTPyUdV2ykho2P1O5eiK0Xow8F7eXIscxxLcK4LeLKGUEGqG17VVka2yP7xHPul3rHsE1aI5v2CJxjmgpaF_6SV_l1Rt4c8TNtWr3U77XtKTEX3v1L2B3wtTxnLmbgsjK3lNlWosSK41QBe3FGUy-prBSR_clYWx5dAI4mnK7-g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 841E
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
52152
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:49:29 GMT
csi
csi.gstatic.com/ Frame F89A
0
17 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kx8vde4f&c=8610622549566&slotId=4305311274783&qqid=CMCaoq2Z6PQCFbxIkQUdQMEDdA&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=862&mt=video%2Fmp4&vs=720x720&ulv=1&cll=0&vmfc=16&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=346&vsrc=doubleclick_dmm&ape=1&ple=1&umsem=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4014:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 5780
624 B
297 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLuwcxCfx6UCGPjnhp0BMAE&v=APEucNVNOPHrlAuM1yq-4boeJtWqbJxypcnHHe5XMUAwFWHBEkeb4EF7K59IcftPOqjorIiIsz4JHmiYSR6BoNMuWM1mk2uPSsQus5idWiKpXsMJqKYZZxrvh8z745Nc2D_f3kG5a3Xco_ChuKF8WSX-vQHZd2fBKieFS5rAv8GRvcX-cOTV_W8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 11:18:42 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 361B
72 KB
30 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DlA_xbweKP9ZkCr9ZpFX1xLHsf5vKh5nrmoTpMBGP93LnzVGXfu-eykDWfSPviO8LwwS2f4_QznQPEuO_mXN2oHMaBugksnZp2lVDKC9KiMZpI-n94OCkOMQ5Tukj1fm1kEND1TgLbPdwgoZ19RrJJ2DDHgQ&dbm_d=AKAmf-BUI-v806ccMDK9fXcBql3LgXDQQ99pYaTMFpgUY3F3kCqabPk9ztq4laO5Rtphv8_kZQDLIE2Ss2HCJ7DsZIC2aU_O7paeamEYaN13T3ALjVtySQNPlQpyU7JYxs38obI9Tbpr1UWN5S4rTwysCF6hpAszIeNe1tIeKNuE1khMTXD_F_Mv_upWYwxiI6v13F-jOvkITYiWlaxEwTYR0wVR8kF8HK9upnOVRS1gyyB0W35i5N3K1lW2I3vYijGC-E_8vc30E9MDL-Tg7DAaJN6AJwoNpiGNOG1v2uXOIxqE7UI0kqY4mu_Lra4PwcnOgmRUnas2YUZpBhFs72hOaqADtzCnmiDw-5x1DYA53Kv84bkQYFNqX2MUxBf9092W7luAkHLmtB4TwIdtC6wXlKx-JRGFNmbdqz-QqUsYgMG40FgUdQk-s_BZUDji30h1coo6QnXcPcafWMPFrkiwe_66KN0qYmzh0RxNFEAZXQq1K6L681MNxw_IZ8catVdoxtUGx5F3X-mSVni2cxUas2lUmFEFlzGoR1plGILq5lxePDblET-9ZV8d-jN-wDp5XK6GyeA-5OPSaLhz5J6BL-QMtxMM-ZUEYSVXoiO7YaWKKCt5_Nwm62PUU8fiZZMitzS3qXJPr1AA5rae_E-dnKZTnT73xtW4EbIp1Miw1bGqXf4CZGUmHaObUVaCobIrSr7q4qi0s5OdqUkupKOPkVBcNntiRX5-2bdaxfKaXtPYSaZJ56zTUZZNkfjRpo_hmRkk-TQ1LfuGt9C45if7aYI6zb_uAIg7a8Xjqdcdlmuc648dUlsXn_wJw53L19DBwm88YeQCjz4FgM5q6AH1IFw703P0LEZOf9adlCCCGDjvIhoBJsb3DsjP-qXsLzKHRv8t31vNgnpN0c_-R9M4Lq3D4sBCusVl5oSeKZHotSK8hK56ZlRW-cInoSb9YO0DSoSLw55L0QbiMIu6Z_AISYQoVFC8gZ7f0-5h0VsXQvs2X3GcdEDSCDl4hnEcutPlNxlQBYiCfO3iLYF1PH3z-42tfIbmMEUypdc0Zs5ZlU1Tdrx3HgMgE7qZb3BzM1NfZ29ibMcm1fqOW277Oobzfi9t2DHtV5r9du6NahkAdkFqaLoy3dV6aQiKrN8MNpEO59j5eIWCQeJVsINV1Ya8bx-_caCymWNKJvYiMVSnPhdEAvgA_AbCQxZl-dubSQWtaXb7hs9ET1ZMVYDEnpdfdVoXUMVdI5QAttJ_An93jO5y6MN1ZXKBlvzjyPE9N2A4ht1BoG-py9PIeKNBVROE91lVR8r4IZ4-1mSxGtRxrIKlZoTWy-l4yfr56x_k6SzRsQ4_Z03SaSVZnawUkR7Tf9AiSWyb6qHTr9vBrJx0KdqzsLKgK_-N9PXwaAmMd_EE0rYosNRmR7Fk2hXepwY91fBQmmx6wtKc3hqskLk4HhgYUbUR04luQB3l0fdhLbymHFz2-EEyD5LHknqsPuKWzIabo-plWzdw-A2Vig7jewLOYxZpMSgSkYEgUwmyh4cFikWzRDwVSNKpTc92UBDXgwWz8kGrVMt8TK1LBJvR--iiqgid0HVKxGtOPCq7byRTyjnAfFBqeOj0wGC5ESVnVFL9JQquTB7W2RJOdyVfPFY9HcxmKFAZ5gYs-xHVBNQpmZYpjqpxWNc99ZDjsmZGP12bLNcP0mQP3bDJnynFfJyi9qJRV9VbGEfpnXzp9zmLfnRi9D8ApqpZQLAVmaLVUjaj2yjBvw-KKXcU48npFjDmKnZNXoqpbv_WDdd1lkmiiBP8Ys9ZGemuPv7pG9bSSL2suRjmSSCU-0Rl-r97u5u2TIS-mXuUuJQEeNehSsFc3FPeFGHXQB6Li0nyUCxLeD5oD-fYUWFz5tPAXJxF0ArAALMFGDw0iFzLDkQoWNFp6NBFv8kKd0opdBrIyd7ImmXdvy2xmDK8mIQ79VdMF20gbBCRPpjwr7E49-EfGdAwyi6QYZR1KlTu0HRwUZWahc-fUmhU4p7hsHJeM8kE4E82kTjVb32aYLWoxpeCghwejn21UVYbzUvP4pcuvS1B5UnCWnJt9wGkrBdXHLxmnMOKf0g0aE_Lsxm6eRZ9xB3UIEMl8h-P1K4SBFX_j240_dGI44MPn1DuFsCYvX1UPsHmwWOyQl3-r8fiLTaAmjOu68g5AJLE3mnEQQXENXMtFUK0Hn2BO65Ee_9vTORM_c4PuffR_OrxnBtCRAKC1iTFiX3gIsKcGxUzLzdLj5DbDtOAZJK_ozg5xKPgPvOy7UdN1jNONDQOIwet7Q2nnV4qpf92nRZE1NNg65BD6qL9umBGGadbprFLTKFf-PwJ3SEGdWzmi4TzfTWJ58hEWDLHtwq1oYOcF0_GAEJAj3ACeAXRXVcTwdg65j6NkkpktOdtIoY6zL--_lmmgOGvxaVDUf2sPgaFZny_7Iw_eCciYy6COebn0rDxFZBBSfOOcQT6ey_2yNbN31CJc0M3ft4VYmLt6dD6vs8SDHpIeeOwTUUY93laPkr8NPDBBCsEXpdZXSv8OacBgyLyqZ5e0Rwu9q1lyb0MF_Kc54EAvwQSWjMg2xNVuKu5--8WLM11iFIVjjrWd8697dWhJbT1wpBSLOd2cTdkhf-1F-QZ8wkrCuLnyiIB1BA75F7KAb4Z0YLZigLmZrpVLMyQET27KW9nyCyEwOadCgMmZY2mLVro4MQuOC5o_NlxIVAQ3dsC0BazglXhuOu82v5oiicU47jrrI2E4140gI1R1FD3eLmdTsjJoDt_jmnyQRISSsyACTtG438bAs_eAnDbFmQbgtThcZLWFpqsee2KhBqeAOaesV9I9MK3hYM-OK5fSaj21XiN9xT4_Zj_XimEvf0zl07dio6THY9w5fXsYbo9rv6Ts6MYQvsLXuHvhiti9-GRzYybiiKcunsCMn7v7RLyViCB03ZPWtsXiMMvFfq1LnG8Y4ixV9TiHmlkGSYG1nqXZhxT-V8HcXvmUASPUtem_X4uO1nvEkEA2DmpW7xmtOzUoOTo816-pg7ZJHazY8Iqs0el8lcGE3YERUrca8VUEw15XAmnWKMHjgbmP4upbFlsKRnVNpLJLwygJ_CVVR3NIhT6jAYnklaMdUhPNSbwHGUYhBTRBiTjWIpg-azBs2LMOPPDHYACMRTy4eKo3nOUu1UThFSIJ0w&cid=CAASEuRoe9VRDoKBaWVRVUnJjLIz7A&rfl=2%2Chttps%253A%252F%252Fwww.redpacketsecurity.com%252F%240
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
24619f9c9f42afc7657eee11e2aa6941891d91b979402bac2df69d38e0c35d86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30502
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 361B
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:12:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
373
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:12:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 361B
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 11:18:42 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 361B
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
132
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:16:30 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 361B
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bq_nT3xuBgbjjt7Zmw2zcJRBR2Fnd_qDQQzD_pj0X68spPzWstVOk1EO4jUgYc5gqa99U-mXpch9C3bKgAfwxYdOrutaycwq3N98vCu4tf24VaaEU
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 5780
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
43 B
1014 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLuwcxCfx6UCGPjnhp0BMAE&v=APEucNVNOPHrlAuM1yq-4boeJtWqbJxypcnHHe5XMUAwFWHBEkeb4EF7K59IcftPOqjorIiIsz4JHmiYSR6BoNMuWM1mk2uPSsQus5idWiKpXsMJqKYZZxrvh8z745Nc2D_f3kG5a3Xco_ChuKF8WSX-vQHZd2fBKieFS5rAv8GRvcX-cOTV_W8
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 11:18:42 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 16 Dec 2021 11:18:42 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 5780
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbsgkaDs81IkGlthfnuXsQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
43 B
894 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLuwcxCfx6UCGPjnhp0BMAE&v=APEucNVNOPHrlAuM1yq-4boeJtWqbJxypcnHHe5XMUAwFWHBEkeb4EF7K59IcftPOqjorIiIsz4JHmiYSR6BoNMuWM1mk2uPSsQus5idWiKpXsMJqKYZZxrvh8z745Nc2D_f3kG5a3Xco_ChuKF8WSX-vQHZd2fBKieFS5rAv8GRvcX-cOTV_W8
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 11:18:42 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 16 Dec 2021 11:18:42 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa3kT0GbzjhoPi8UcTgTpk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bounce
ib.adnxs.com/ Frame 5780
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECIwlQljSj9I-LgZ2mLYDJ4&google_cver=1
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECIwlQljSj9I-LgZ2mLYDJ4%26google_cver%3D1
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECIwlQljSj9I-LgZ2mLYDJ4%26google_cver%3D1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLuwcxCfx6UCGPjnhp0BMAE&v=APEucNVNOPHrlAuM1yq-4boeJtWqbJxypcnHHe5XMUAwFWHBEkeb4EF7K59IcftPOqjorIiIsz4JHmiYSR6BoNMuWM1mk2uPSsQus5idWiKpXsMJqKYZZxrvh8z745Nc2D_f3kG5a3Xco_ChuKF8WSX-vQHZd2fBKieFS5rAv8GRvcX-cOTV_W8
Protocol
HTTP/1.1
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 11:18:42 GMT
X-Proxy-Origin
168.119.25.196; 168.119.25.196; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
a4903a46-79d2-4981-8eb0-057bb6edb103
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 11:18:42 GMT
X-Proxy-Origin
168.119.25.196; 168.119.25.196; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f74c2c06-c8d9-4f27-b458-e6a98a568faf
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECIwlQljSj9I-LgZ2mLYDJ4%26google_cver%3D1
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5780
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwOTM3ODQxNzczNTYxNzk0NQ%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwOTM3ODQxNzczNTYxNzk0NQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLuwcxCfx6UCGPjnhp0BMAE&v=APEucNVNOPHrlAuM1yq-4boeJtWqbJxypcnHHe5XMUAwFWHBEkeb4EF7K59IcftPOqjorIiIsz4JHmiYSR6BoNMuWM1mk2uPSsQus5idWiKpXsMJqKYZZxrvh8z745Nc2D_f3kG5a3Xco_ChuKF8WSX-vQHZd2fBKieFS5rAv8GRvcX-cOTV_W8
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Dec 2021 11:18:42 GMT
X-Proxy-Origin
168.119.25.196; 168.119.25.196; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
a6d56c71-9712-4c81-82ff-25e6507e146a
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDYwOTM3ODQxNzczNTYxNzk0NQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 361B
106 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 23:38:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
42030
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Dec 2021 23:38:12 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 361B
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DlA_xbweKP9ZkCr9ZpFX1xLHsf5vKh5nrmoTpMBGP93LnzVGXfu-eykDWfSPviO8LwwS2f4_QznQPEuO_mXN2oHMaBugksnZp2lVDKC9KiMZpI-n94OCkOMQ5Tukj1fm1kEND1TgLbPdwgoZ19RrJJ2DDHgQ&dbm_d=AKAmf-BUI-v806ccMDK9fXcBql3LgXDQQ99pYaTMFpgUY3F3kCqabPk9ztq4laO5Rtphv8_kZQDLIE2Ss2HCJ7DsZIC2aU_O7paeamEYaN13T3ALjVtySQNPlQpyU7JYxs38obI9Tbpr1UWN5S4rTwysCF6hpAszIeNe1tIeKNuE1khMTXD_F_Mv_upWYwxiI6v13F-jOvkITYiWlaxEwTYR0wVR8kF8HK9upnOVRS1gyyB0W35i5N3K1lW2I3vYijGC-E_8vc30E9MDL-Tg7DAaJN6AJwoNpiGNOG1v2uXOIxqE7UI0kqY4mu_Lra4PwcnOgmRUnas2YUZpBhFs72hOaqADtzCnmiDw-5x1DYA53Kv84bkQYFNqX2MUxBf9092W7luAkHLmtB4TwIdtC6wXlKx-JRGFNmbdqz-QqUsYgMG40FgUdQk-s_BZUDji30h1coo6QnXcPcafWMPFrkiwe_66KN0qYmzh0RxNFEAZXQq1K6L681MNxw_IZ8catVdoxtUGx5F3X-mSVni2cxUas2lUmFEFlzGoR1plGILq5lxePDblET-9ZV8d-jN-wDp5XK6GyeA-5OPSaLhz5J6BL-QMtxMM-ZUEYSVXoiO7YaWKKCt5_Nwm62PUU8fiZZMitzS3qXJPr1AA5rae_E-dnKZTnT73xtW4EbIp1Miw1bGqXf4CZGUmHaObUVaCobIrSr7q4qi0s5OdqUkupKOPkVBcNntiRX5-2bdaxfKaXtPYSaZJ56zTUZZNkfjRpo_hmRkk-TQ1LfuGt9C45if7aYI6zb_uAIg7a8Xjqdcdlmuc648dUlsXn_wJw53L19DBwm88YeQCjz4FgM5q6AH1IFw703P0LEZOf9adlCCCGDjvIhoBJsb3DsjP-qXsLzKHRv8t31vNgnpN0c_-R9M4Lq3D4sBCusVl5oSeKZHotSK8hK56ZlRW-cInoSb9YO0DSoSLw55L0QbiMIu6Z_AISYQoVFC8gZ7f0-5h0VsXQvs2X3GcdEDSCDl4hnEcutPlNxlQBYiCfO3iLYF1PH3z-42tfIbmMEUypdc0Zs5ZlU1Tdrx3HgMgE7qZb3BzM1NfZ29ibMcm1fqOW277Oobzfi9t2DHtV5r9du6NahkAdkFqaLoy3dV6aQiKrN8MNpEO59j5eIWCQeJVsINV1Ya8bx-_caCymWNKJvYiMVSnPhdEAvgA_AbCQxZl-dubSQWtaXb7hs9ET1ZMVYDEnpdfdVoXUMVdI5QAttJ_An93jO5y6MN1ZXKBlvzjyPE9N2A4ht1BoG-py9PIeKNBVROE91lVR8r4IZ4-1mSxGtRxrIKlZoTWy-l4yfr56x_k6SzRsQ4_Z03SaSVZnawUkR7Tf9AiSWyb6qHTr9vBrJx0KdqzsLKgK_-N9PXwaAmMd_EE0rYosNRmR7Fk2hXepwY91fBQmmx6wtKc3hqskLk4HhgYUbUR04luQB3l0fdhLbymHFz2-EEyD5LHknqsPuKWzIabo-plWzdw-A2Vig7jewLOYxZpMSgSkYEgUwmyh4cFikWzRDwVSNKpTc92UBDXgwWz8kGrVMt8TK1LBJvR--iiqgid0HVKxGtOPCq7byRTyjnAfFBqeOj0wGC5ESVnVFL9JQquTB7W2RJOdyVfPFY9HcxmKFAZ5gYs-xHVBNQpmZYpjqpxWNc99ZDjsmZGP12bLNcP0mQP3bDJnynFfJyi9qJRV9VbGEfpnXzp9zmLfnRi9D8ApqpZQLAVmaLVUjaj2yjBvw-KKXcU48npFjDmKnZNXoqpbv_WDdd1lkmiiBP8Ys9ZGemuPv7pG9bSSL2suRjmSSCU-0Rl-r97u5u2TIS-mXuUuJQEeNehSsFc3FPeFGHXQB6Li0nyUCxLeD5oD-fYUWFz5tPAXJxF0ArAALMFGDw0iFzLDkQoWNFp6NBFv8kKd0opdBrIyd7ImmXdvy2xmDK8mIQ79VdMF20gbBCRPpjwr7E49-EfGdAwyi6QYZR1KlTu0HRwUZWahc-fUmhU4p7hsHJeM8kE4E82kTjVb32aYLWoxpeCghwejn21UVYbzUvP4pcuvS1B5UnCWnJt9wGkrBdXHLxmnMOKf0g0aE_Lsxm6eRZ9xB3UIEMl8h-P1K4SBFX_j240_dGI44MPn1DuFsCYvX1UPsHmwWOyQl3-r8fiLTaAmjOu68g5AJLE3mnEQQXENXMtFUK0Hn2BO65Ee_9vTORM_c4PuffR_OrxnBtCRAKC1iTFiX3gIsKcGxUzLzdLj5DbDtOAZJK_ozg5xKPgPvOy7UdN1jNONDQOIwet7Q2nnV4qpf92nRZE1NNg65BD6qL9umBGGadbprFLTKFf-PwJ3SEGdWzmi4TzfTWJ58hEWDLHtwq1oYOcF0_GAEJAj3ACeAXRXVcTwdg65j6NkkpktOdtIoY6zL--_lmmgOGvxaVDUf2sPgaFZny_7Iw_eCciYy6COebn0rDxFZBBSfOOcQT6ey_2yNbN31CJc0M3ft4VYmLt6dD6vs8SDHpIeeOwTUUY93laPkr8NPDBBCsEXpdZXSv8OacBgyLyqZ5e0Rwu9q1lyb0MF_Kc54EAvwQSWjMg2xNVuKu5--8WLM11iFIVjjrWd8697dWhJbT1wpBSLOd2cTdkhf-1F-QZ8wkrCuLnyiIB1BA75F7KAb4Z0YLZigLmZrpVLMyQET27KW9nyCyEwOadCgMmZY2mLVro4MQuOC5o_NlxIVAQ3dsC0BazglXhuOu82v5oiicU47jrrI2E4140gI1R1FD3eLmdTsjJoDt_jmnyQRISSsyACTtG438bAs_eAnDbFmQbgtThcZLWFpqsee2KhBqeAOaesV9I9MK3hYM-OK5fSaj21XiN9xT4_Zj_XimEvf0zl07dio6THY9w5fXsYbo9rv6Ts6MYQvsLXuHvhiti9-GRzYybiiKcunsCMn7v7RLyViCB03ZPWtsXiMMvFfq1LnG8Y4ixV9TiHmlkGSYG1nqXZhxT-V8HcXvmUASPUtem_X4uO1nvEkEA2DmpW7xmtOzUoOTo816-pg7ZJHazY8Iqs0el8lcGE3YERUrca8VUEw15XAmnWKMHjgbmP4upbFlsKRnVNpLJLwygJ_CVVR3NIhT6jAYnklaMdUhPNSbwHGUYhBTRBiTjWIpg-azBs2LMOPPDHYACMRTy4eKo3nOUu1UThFSIJ0w&cid=CAASEuRoe9VRDoKBaWVRVUnJjLIz7A&rfl=2%2Chttps%253A%252F%252Fwww.redpacketsecurity.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:17:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
49
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3140
x-xss-protection
0
server
cafe
etag
17163059639670574047
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:17:53 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 361B
24 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DlA_xbweKP9ZkCr9ZpFX1xLHsf5vKh5nrmoTpMBGP93LnzVGXfu-eykDWfSPviO8LwwS2f4_QznQPEuO_mXN2oHMaBugksnZp2lVDKC9KiMZpI-n94OCkOMQ5Tukj1fm1kEND1TgLbPdwgoZ19RrJJ2DDHgQ&dbm_d=AKAmf-BUI-v806ccMDK9fXcBql3LgXDQQ99pYaTMFpgUY3F3kCqabPk9ztq4laO5Rtphv8_kZQDLIE2Ss2HCJ7DsZIC2aU_O7paeamEYaN13T3ALjVtySQNPlQpyU7JYxs38obI9Tbpr1UWN5S4rTwysCF6hpAszIeNe1tIeKNuE1khMTXD_F_Mv_upWYwxiI6v13F-jOvkITYiWlaxEwTYR0wVR8kF8HK9upnOVRS1gyyB0W35i5N3K1lW2I3vYijGC-E_8vc30E9MDL-Tg7DAaJN6AJwoNpiGNOG1v2uXOIxqE7UI0kqY4mu_Lra4PwcnOgmRUnas2YUZpBhFs72hOaqADtzCnmiDw-5x1DYA53Kv84bkQYFNqX2MUxBf9092W7luAkHLmtB4TwIdtC6wXlKx-JRGFNmbdqz-QqUsYgMG40FgUdQk-s_BZUDji30h1coo6QnXcPcafWMPFrkiwe_66KN0qYmzh0RxNFEAZXQq1K6L681MNxw_IZ8catVdoxtUGx5F3X-mSVni2cxUas2lUmFEFlzGoR1plGILq5lxePDblET-9ZV8d-jN-wDp5XK6GyeA-5OPSaLhz5J6BL-QMtxMM-ZUEYSVXoiO7YaWKKCt5_Nwm62PUU8fiZZMitzS3qXJPr1AA5rae_E-dnKZTnT73xtW4EbIp1Miw1bGqXf4CZGUmHaObUVaCobIrSr7q4qi0s5OdqUkupKOPkVBcNntiRX5-2bdaxfKaXtPYSaZJ56zTUZZNkfjRpo_hmRkk-TQ1LfuGt9C45if7aYI6zb_uAIg7a8Xjqdcdlmuc648dUlsXn_wJw53L19DBwm88YeQCjz4FgM5q6AH1IFw703P0LEZOf9adlCCCGDjvIhoBJsb3DsjP-qXsLzKHRv8t31vNgnpN0c_-R9M4Lq3D4sBCusVl5oSeKZHotSK8hK56ZlRW-cInoSb9YO0DSoSLw55L0QbiMIu6Z_AISYQoVFC8gZ7f0-5h0VsXQvs2X3GcdEDSCDl4hnEcutPlNxlQBYiCfO3iLYF1PH3z-42tfIbmMEUypdc0Zs5ZlU1Tdrx3HgMgE7qZb3BzM1NfZ29ibMcm1fqOW277Oobzfi9t2DHtV5r9du6NahkAdkFqaLoy3dV6aQiKrN8MNpEO59j5eIWCQeJVsINV1Ya8bx-_caCymWNKJvYiMVSnPhdEAvgA_AbCQxZl-dubSQWtaXb7hs9ET1ZMVYDEnpdfdVoXUMVdI5QAttJ_An93jO5y6MN1ZXKBlvzjyPE9N2A4ht1BoG-py9PIeKNBVROE91lVR8r4IZ4-1mSxGtRxrIKlZoTWy-l4yfr56x_k6SzRsQ4_Z03SaSVZnawUkR7Tf9AiSWyb6qHTr9vBrJx0KdqzsLKgK_-N9PXwaAmMd_EE0rYosNRmR7Fk2hXepwY91fBQmmx6wtKc3hqskLk4HhgYUbUR04luQB3l0fdhLbymHFz2-EEyD5LHknqsPuKWzIabo-plWzdw-A2Vig7jewLOYxZpMSgSkYEgUwmyh4cFikWzRDwVSNKpTc92UBDXgwWz8kGrVMt8TK1LBJvR--iiqgid0HVKxGtOPCq7byRTyjnAfFBqeOj0wGC5ESVnVFL9JQquTB7W2RJOdyVfPFY9HcxmKFAZ5gYs-xHVBNQpmZYpjqpxWNc99ZDjsmZGP12bLNcP0mQP3bDJnynFfJyi9qJRV9VbGEfpnXzp9zmLfnRi9D8ApqpZQLAVmaLVUjaj2yjBvw-KKXcU48npFjDmKnZNXoqpbv_WDdd1lkmiiBP8Ys9ZGemuPv7pG9bSSL2suRjmSSCU-0Rl-r97u5u2TIS-mXuUuJQEeNehSsFc3FPeFGHXQB6Li0nyUCxLeD5oD-fYUWFz5tPAXJxF0ArAALMFGDw0iFzLDkQoWNFp6NBFv8kKd0opdBrIyd7ImmXdvy2xmDK8mIQ79VdMF20gbBCRPpjwr7E49-EfGdAwyi6QYZR1KlTu0HRwUZWahc-fUmhU4p7hsHJeM8kE4E82kTjVb32aYLWoxpeCghwejn21UVYbzUvP4pcuvS1B5UnCWnJt9wGkrBdXHLxmnMOKf0g0aE_Lsxm6eRZ9xB3UIEMl8h-P1K4SBFX_j240_dGI44MPn1DuFsCYvX1UPsHmwWOyQl3-r8fiLTaAmjOu68g5AJLE3mnEQQXENXMtFUK0Hn2BO65Ee_9vTORM_c4PuffR_OrxnBtCRAKC1iTFiX3gIsKcGxUzLzdLj5DbDtOAZJK_ozg5xKPgPvOy7UdN1jNONDQOIwet7Q2nnV4qpf92nRZE1NNg65BD6qL9umBGGadbprFLTKFf-PwJ3SEGdWzmi4TzfTWJ58hEWDLHtwq1oYOcF0_GAEJAj3ACeAXRXVcTwdg65j6NkkpktOdtIoY6zL--_lmmgOGvxaVDUf2sPgaFZny_7Iw_eCciYy6COebn0rDxFZBBSfOOcQT6ey_2yNbN31CJc0M3ft4VYmLt6dD6vs8SDHpIeeOwTUUY93laPkr8NPDBBCsEXpdZXSv8OacBgyLyqZ5e0Rwu9q1lyb0MF_Kc54EAvwQSWjMg2xNVuKu5--8WLM11iFIVjjrWd8697dWhJbT1wpBSLOd2cTdkhf-1F-QZ8wkrCuLnyiIB1BA75F7KAb4Z0YLZigLmZrpVLMyQET27KW9nyCyEwOadCgMmZY2mLVro4MQuOC5o_NlxIVAQ3dsC0BazglXhuOu82v5oiicU47jrrI2E4140gI1R1FD3eLmdTsjJoDt_jmnyQRISSsyACTtG438bAs_eAnDbFmQbgtThcZLWFpqsee2KhBqeAOaesV9I9MK3hYM-OK5fSaj21XiN9xT4_Zj_XimEvf0zl07dio6THY9w5fXsYbo9rv6Ts6MYQvsLXuHvhiti9-GRzYybiiKcunsCMn7v7RLyViCB03ZPWtsXiMMvFfq1LnG8Y4ixV9TiHmlkGSYG1nqXZhxT-V8HcXvmUASPUtem_X4uO1nvEkEA2DmpW7xmtOzUoOTo816-pg7ZJHazY8Iqs0el8lcGE3YERUrca8VUEw15XAmnWKMHjgbmP4upbFlsKRnVNpLJLwygJ_CVVR3NIhT6jAYnklaMdUhPNSbwHGUYhBTRBiTjWIpg-azBs2LMOPPDHYACMRTy4eKo3nOUu1UThFSIJ0w&cid=CAASEuRoe9VRDoKBaWVRVUnJjLIz7A&rfl=2%2Chttps%253A%252F%252Fwww.redpacketsecurity.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:13:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
288
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9516
x-xss-protection
0
server
cafe
etag
14328493792227503680
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:13:54 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 361B
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 15:13:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
158689
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Dec 2022 15:13:53 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 1469
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 16 Dec 2021 05:53:44 GMT
expires
Fri, 17 Dec 2021 05:53:44 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
19498
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 361B
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6302b4d81b4d472760360ccf81cdb1fc8f7d1be7a68737d5d462e321b11282a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 4BB5
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Tue, 14 Dec 2021 15:13:54 GMT
expires
Wed, 14 Dec 2022 15:13:54 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
158688
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pixel
cm.g.doubleclick.net/ Frame 1469
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJ1F12S5K9QZDlCnkn9PwSU&google_cver=1&google_push=AYg5qPKcIM6DBPSN4esPTMRVcwBqIb5Pq42apJKgmtZ-oLmGbhej8wUOul...
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcIM6DBPSN4esPTMRVcwBqIb5Pq42apJKgmtZ-oLmGbhej8wUOulJb5PC34ND9KgzURGs7gptdrEDGvCoT8McEkYIywuI&google_hm=BL0AMlS...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcIM6DBPSN4esPTMRVcwBqIb5Pq42apJKgmtZ-oLmGbhej8wUOulJb5PC34ND9KgzURGs7gptdrEDGvCoT8McEkYIywuI&google_hm=BL0AMlSdEvpbt-Le7ZupOw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcIM6DBPSN4esPTMRVcwBqIb5Pq42apJKgmtZ-oLmGbhej8wUOulJb5PC34ND9KgzURGs7gptdrEDGvCoT8McEkYIywuI&google_hm=BL0AMlSdEvpbt-Le7ZupOw
pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1469
Redirect Chain
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPIWgV3dL2VhDshZxQIr2cjp2aCSbQ5KyKkpBKi...
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tnQUFBZnlRVUZFcg&google_push=AYg5qPIWgV3dL2VhDshZxQIr2cjp2aCSbQ5KyKkpBKiL0YXTtu1iwW29fFaWLDcMZuIlopTBg85VmDYVmpu3lm2wYQWUZL4ogpEY
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tnQUFBZnlRVUZFcg&google_push=AYg5qPIWgV3dL2VhDshZxQIr2cjp2aCSbQ5KyKkpBKiL0YXTtu1iwW29fFaWLDcMZuIlopTBg85VmDYVmpu3lm2wYQWUZL4ogpEY
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWJzZ2tnQUFBZnlRVUZFcg&google_push=AYg5qPIWgV3dL2VhDshZxQIr2cjp2aCSbQ5KyKkpBKiL0YXTtu1iwW29fFaWLDcMZuIlopTBg85VmDYVmpu3lm2wYQWUZL4ogpEY
Date
Thu, 16 Dec 2021 11:18:42 GMT
Server
Apache
Connection
keep-alive
Content-Length
391
Content-Type
text/html; charset=iso-8859-1
pixel
cm.g.doubleclick.net/ Frame 1469
Redirect Chain
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJgzs9Q...
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJgzs9Q...
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMTYxMTE4NDIwMDAxMTkzMzI0NDUzMw%3D%3D&google_push=AYg5qPJgzs9QqtC8PxRav_21KEpI7fdeM-Zkj7zzl9KITmbg8A1n1hmFPYCrIUqXgn1UD4...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMTYxMTE4NDIwMDAxMTkzMzI0NDUzMw%3D%3D&google_push=AYg5qPJgzs9QqtC8PxRav_21KEpI7fdeM-Zkj7zzl9KITmbg8A1n1hmFPYCrIUqXgn1UD42VrcTtP7C3vLNffSMrLyQQkzxX1LyG
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMTYxMTE4NDIwMDAxMTkzMzI0NDUzMw%3D%3D&google_push=AYg5qPJgzs9QqtC8PxRav_21KEpI7fdeM-Zkj7zzl9KITmbg8A1n1hmFPYCrIUqXgn1UD42VrcTtP7C3vLNffSMrLyQQkzxX1LyG
pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
strict-transport-security
max-age=2628000
expires
Thu, 16 Dec 2021 11:18:42 GMT
dds
rtb.openx.net/sync/ Frame 1469
43 B
64 B
Image
General
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEE06jWLgKai87ZVO1NCLlZg&google_cver=1&google_push=AYg5qPIlPx_0ulRGAqgPFx3aC4owej-TqT1fQXUwxwwNknhk-hNPD7OSz1tF_JR_yb8-QzK1jKAz7TLiCWCjKDb_k6IvXAvB17MT
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
d5pgv7igck68bdvrg825ahpferhded1r
pixel
cm.g.doubleclick.net/ Frame 1469
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKdMvMz1ukAAlN9iVPHHzvNQKNr5qBlDqCYZCeDD4BpR4A3YmtSQPAI3SrLkIWHBOMbNbu0jQG95qREfZaH-IkNB8TxA5oU
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I5_o9H2eSuGM44NVHf1cBw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKdMvMz1ukAAlN9iVPHHzvNQKNr5qBlDqCYZCeDD4BpR4A3YmtSQPAI3SrLkIWHBOMbNbu0jQG95qREfZaH-IkNB8TxA5oU
date
Thu, 16 Dec 2021 11:18:41 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 1469
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBvEZJ7UjDC1kw017pJ5lJc&google_cver=1&google_push=AYg5qPJg_IFknwdbDIG6OwAROn1kirUDYEDXleHSHYsTIuOBytobzGE2TMNijXU-9X3WKdf0ziy...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRGNVEtMjctSjZHSA==&google_push=AYg5qPJg_IFknwdbDIG6OwAROn1kirUDYEDXleHSHYsTIuOBytobzGE2TMNijXU-9X3WKdf0ziygyyLfUduMMndDw4oEEXxd927q
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRGNVEtMjctSjZHSA==&google_push=AYg5qPJg_IFknwdbDIG6OwAROn1kirUDYEDXleHSHYsTIuOBytobzGE2TMNijXU-9X3WKdf0ziygyyLfUduMMndDw4oEEXxd927q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1g4VkRGNVEtMjctSjZHSA==&google_push=AYg5qPJg_IFknwdbDIG6OwAROn1kirUDYEDXleHSHYsTIuOBytobzGE2TMNijXU-9X3WKdf0ziygyyLfUduMMndDw4oEEXxd927q
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
0228ab361cece0438ff9eb16e4e5890e
Expires
0
pixel
cm.g.doubleclick.net/ Frame 1469
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsroz...
0
0

attr
cm.g.doubleclick.net/pixel/ Frame 1469
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LkkxmoBYFAqXy0XUSAMyY4YrKtlsVEiNYE4-2L77nylHl6pq9oHsuVT_OnnBJNuz0WM-o2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:42 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 4BB5
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
52153
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:49:29 GMT
index.html
s0.2mdn.net/9049098/1612513824636/ Frame 77B9
4 KB
1 KB
Document
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce8e4c0dd70a2717839b0c87c5b1cd387d010b68d8a3c46465612054558293ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length
1278
date
Thu, 16 Dec 2021 05:07:21 GMT
expires
Fri, 17 Dec 2021 05:07:21 GMT
last-modified
Fri, 05 Feb 2021 08:30:24 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
age
22281
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 361B
0
571 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv500B4WCJ7ZQmkaJ0B891u9ROx79TVZT5IZGN1Q5H_xE4_unymgR_32Tx9RXjXU3lwV6lnfL4_SCshTJX4oIIN8JG6dGHk-84EwgVeP6ADhcYzJpCx67cAuchlvA_hN2CaeFunZZO6np5jOiUwh6nayogoQma6sVqZl4wjRiM7UX0yVOwqSj_QqBJOIkmjrWa_sn86otuemkyWCUNK-3Z84iKbD6S9-fSjTGfQ6-R8KAQVGKJGl0QOKWqR970laB8J3JU-3GGwf7jhsmCE-wqCrw-gkUHqp2G4laqty0a4yhpWlGFBfvi6mTsV1J2PmrK3_IMZHF_jo7qBIpnFlvjLpIAS98wZirRoCG4Fd8Kcn6z713CTx3FDwH6DUZmVlUtGC_1IX7fKr1uN_sA61qVi227reb1h0sU3DPfuaKHVp0OQ_eUV5H_YYAh6nomq11ODhuPh5pzq3qnOyN3Rws0uCP7XEHnVyQ8N0gvJQzHqVF57RKLorNgbMuVGsXZy35NhofrWSEfqTnGglFKUgpruc9QSNMov9PXb4-HKzKZkc3xiCqB8CA4hMwNgwGTUB8roxn3YQYorMXchOSMC7oDv3nc2dubrQ2TMT7bbgOqHvHpehUj6CVrUQnjCI_7pvvOfeN_NSiuMaZEPUul-kVelyDmbw7hNx-aOfQIDoDe2rlSKzwS3nwXhqqOZurQ7MG6raTz4Z5bGEpwsYW77qCygH2A9uBAr8ZX9-hWFlR79AjIqTVuoPc0net0OuOI82ZP2D6zjkvlJHzky8Wf312TdHywsbNN7yXUXRSNTOh-Ro6oG3OVJ9bL48yMa4wDVyIszilY82u103Be77FLXqZYewQzcCddOh7KYuKfjlNv7SKGP7EZPpE4-K8KGg2jwuW6Fz_yM_ZAJYBjwvL_xAnLBS1wGcaZeomn6pCaYhDx2ftQBaFIjsvxE0_Kj1Ar-hjGsjmtWyIE8yy9QPkzu5T8jOknGNhwrbyqIrM5upxWymTybhTD0ytUxSgIHZjB-04vzf6ts-W2M444TRrjbDmvvFyxmL5M7ZP-vJMHwdSdqFYvgVLwTMiisOY8MhEgW5JmRnMqHpIAL-iisn6u_XyvIayGbtYrQG8mO81LE4EKElqEXKbTG1FIt6R3Zx2IDcRTMSsOb4Sbn9-GreYwms1-8NfS3hC-dO7ftTObD7cX06V3xm6jG5Zl7om3R8YMAs_e6MrH94zPvQciVuc6Qc2rkH1OUMbxmnvnsSQ4&sai=AMfl-YSAT6Y6o1QzRQ6Zw57S4sTiTPP9TrF6bUqRtMaS2ukaRhoE_a-iUP93dzWv2t2C46nUQwCYEX2jr0I2o4hfqjvhTytwgOikaBGh33wMW86rWcWDf8SKH1m5pxWA2Zqdj_oxP6A01Txarcyy2yIkP415yji6yA&sig=Cg0ArKJSzLSB0-mdV6uCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=79&cbvp=1&cstd=76&cisv=r20211207.71963&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Thu, 16 Dec 2021 11:18:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ai.aspx
m.exactag.com/ Frame 361B
43 B
1 KB
Image
General
Full URL
https://m.exactag.com/ai.aspx?extProvId=8&extPu=72950-dcm&extLi=25378149&extCr=145768341&extPm=295327412
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=250&adk=299020469&adf=1105561471&pi=t.aa~a.539797476~rp.4&w=310&fwrn=4&fwrnh=100&lmt=1639641804&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=310x250&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=1&bdt=1002&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0%2C770x280%2C770x280&nras=4&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1060&ady=1457&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jHypRhzlkM&p=https%3A//www.redpacketsecurity.com&dtd=33
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.202.235.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
X-ET-Monitoring
1
Content-Length
43
Pragma
no-cache
X-ET-Code
0
Last-Modified
Do, 16 Dez 2021 11:18:42 GMT
Server
Microsoft-IIS/8.5
Date
Thu, 16 Dec 2021 11:18:42 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1605
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
style.css
s0.2mdn.net/9049098/1612513824636/stylesheets/ Frame 77B9
1 KB
470 B
Stylesheet
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b56ee3ef6795f316ada3d170a8e404b97e6429a7d6337f54be5eb63f5728aabd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22278
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
444
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:24 GMT
TweenMax.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.20.4/ Frame 77B9
113 KB
34 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.4/TweenMax.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ba1b9960f6bcc2d49080931ddd405a8fda579f905c7094d567d2b5823ae7970
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2978600
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
33534
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-1c274"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PMb9qSuwtBFZasVIycQtpfP0GZlTKAf1Ioxvc5GHYgbxd79HsOE%2BG4%2FPdBdaWw74zNgcpXbLbefc0PSOgPT8HllN0VmJXm3FL24MK5nVAuffMomHAk5PwUxDcsE2z0USD3aPu1C8L3y5wFKOQyFxg7Dt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6be783351f635c44-FRA
expires
Tue, 06 Dec 2022 11:18:42 GMT
main.js
s0.2mdn.net/9049098/1612513824636/javascripts/ Frame 77B9
1 KB
612 B
Script
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/javascripts/main.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
112fce15f546bac1b9903ed990b636cf44885267bacdfbc1355f4917c88aff60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22278
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
586
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:24 GMT
bg.jpg
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
41 KB
41 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
919b9d81c538a358edc2c894fdb62c674c16bd38a0690d8d18e81500a926425f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42201
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
bg_overlay.png
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
19 KB
19 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/bg_overlay.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
28d717e251f958df9347336bdab8ab4ef1e9fc324009d872b9b6dc7f35bf4da5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19266
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
push1a.png
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
10 KB
10 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/push1a.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
31a77ce6e1fa9d4cc4e585d290a3b832affe0a2eade8b67b92720a6726feb1a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9802
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
push2a.png
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
19 KB
19 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/push2a.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d37d850861bfe1a195c5390b18a114dfc823e691449f0c2ae36b0f39ae0356c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19642
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
push2b.png
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
12 KB
12 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/push2b.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
376854d49d48223d50ed0bb60a24b27164df79ff13795d406ff9ff367df6eb5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11776
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
cta.png
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
2 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/cta.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6931a2e7f918070dbd85bcc6e6557d6c1af59127a9c3cd2ece1ef34dc7aa2ca7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1596
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:25 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
logo.png
s0.2mdn.net/9049098/1612513824636/images/ Frame 77B9
3 KB
3 KB
Image
General
Full URL
https://s0.2mdn.net/9049098/1612513824636/images/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
00d6facaae83949957b101b9506c1100b0ac017b52bb7f6f22957a311c5e9a9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/9049098/1612513824636/stylesheets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 05:07:25 GMT
x-content-type-options
nosniff
age
22277
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3216
x-xss-protection
0
last-modified
Fri, 05 Feb 2021 08:30:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Dec 2021 05:07:25 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 361B
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv500B4WCJ7ZQmkaJ0B891u9ROx79TVZT5IZGN1Q5H_xE4_unymgR_32Tx9RXjXU3lwV6lnfL4_SCshTJX4oIIN8JG6dGHk-84EwgVeP6ADhcYzJpCx67cAuchlvA_hN2CaeFunZZO6np5jOiUwh6nayogoQma6sVqZl4wjRiM7UX0yVOwqSj_QqBJOIkmjrWa_sn86otuemkyWCUNK-3Z84iKbD6S9-fSjTGfQ6-R8KAQVGKJGl0QOKWqR970laB8J3JU-3GGwf7jhsmCE-wqCrw-gkUHqp2G4laqty0a4yhpWlGFBfvi6mTsV1J2PmrK3_IMZHF_jo7qBIpnFlvjLpIAS98wZirRoCG4Fd8Kcn6z713CTx3FDwH6DUZmVlUtGC_1IX7fKr1uN_sA61qVi227reb1h0sU3DPfuaKHVp0OQ_eUV5H_YYAh6nomq11ODhuPh5pzq3qnOyN3Rws0uCP7XEHnVyQ8N0gvJQzHqVF57RKLorNgbMuVGsXZy35NhofrWSEfqTnGglFKUgpruc9QSNMov9PXb4-HKzKZkc3xiCqB8CA4hMwNgwGTUB8roxn3YQYorMXchOSMC7oDv3nc2dubrQ2TMT7bbgOqHvHpehUj6CVrUQnjCI_7pvvOfeN_NSiuMaZEPUul-kVelyDmbw7hNx-aOfQIDoDe2rlSKzwS3nwXhqqOZurQ7MG6raTz4Z5bGEpwsYW77qCygH2A9uBAr8ZX9-hWFlR79AjIqTVuoPc0net0OuOI82ZP2D6zjkvlJHzky8Wf312TdHywsbNN7yXUXRSNTOh-Ro6oG3OVJ9bL48yMa4wDVyIszilY82u103Be77FLXqZYewQzcCddOh7KYuKfjlNv7SKGP7EZPpE4-K8KGg2jwuW6Fz_yM_ZAJYBjwvL_xAnLBS1wGcaZeomn6pCaYhDx2ftQBaFIjsvxE0_Kj1Ar-hjGsjmtWyIE8yy9QPkzu5T8jOknGNhwrbyqIrM5upxWymTybhTD0ytUxSgIHZjB-04vzf6ts-W2M444TRrjbDmvvFyxmL5M7ZP-vJMHwdSdqFYvgVLwTMiisOY8MhEgW5JmRnMqHpIAL-iisn6u_XyvIayGbtYrQG8mO81LE4EKElqEXKbTG1FIt6R3Zx2IDcRTMSsOb4Sbn9-GreYwms1-8NfS3hC-dO7ftTObD7cX06V3xm6jG5Zl7om3R8YMAs_e6MrH94zPvQciVuc6Qc2rkH1OUMbxmnvnsSQ4&sai=AMfl-YSAT6Y6o1QzRQ6Zw57S4sTiTPP9TrF6bUqRtMaS2ukaRhoE_a-iUP93dzWv2t2C46nUQwCYEX2jr0I2o4hfqjvhTytwgOikaBGh33wMW86rWcWDf8SKH1m5pxWA2Zqdj_oxP6A01Txarcyy2yIkP415yji6yA&sig=Cg0ArKJSzLSB0-mdV6uCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=212&vt=11&dtpt=133&dett=3&cstd=76&cisv=r20211207.71963&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:42 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4BB5
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQY0VkiC7YYLNIYCN9u8P-4C3qAoAAAAAOAHgBAI&bg=!fn2lfTnNAAZKWFskSlg7ACkAdvg8WgSIV5qHtJjvEKBAZno92Pd8wlscD3Yk8ooUkTYAPYKON1jCVwIAAABxUgAAAAloAQeZAzSMveIvCtKn9lPqLpaV45hXPr0_bUZLv5Qqio48vxab221PplgsO9IEudJFqad_qig4L1LPmTTvmrh0RwboqElBJnMkcTd4P3kNX0_bB6X19xVcPIzAMlNSL7Jw7BqltlNGjio03qIqA8YNOJRZBRE6PN0Jsano-JvvXsc6b3HLtoWB6r_jZevm8YleaKuuZrt6Nmld4i0DAQtchN7dV2rTI0xE5SPWDfz3A-ilk466ZYCYqZtq8mltSh7Ld1bDdmA1vb1J2p9z2q8L7WAUeTrd4cqG0esmkLZt2TJ315fT9pME0dpN8nZ37OHS_ZhckPPPr45MehzTrsdUaw_FMe81DjuSurXAv1h1_2cZwMoRaE5hPPzYKd7kpgNRlUrKAeHZ9dH-OW0nZwOWoTuSZC5qf39mt5xzh0t23fwSSXxYaAN2uUEjiJ7xkKWhX0VFes2cwH2cC_AZPC864sMTf0RgoMltBubqZza_1UJeDjdWhfowj2y4oblgV4zwz_zeU_4HtJx16TVKX0iedyEW8xKMxRZkfAYv9T-x9p__WbJZPDD7RoohiCyBPFRFozAwcIcaygAzOkmMCBm_2ayylVsqwnHEZV8W0vh5qOX9fBjlnNB6h12lqlRCpB6KWAj8JraxWdu-WBOXCDL6SEa_CgjmZ39QEkqxfEoGGkotvflt7MYuGRueOa54TUfmdbgsmEMw4PKJHQ2Nm9DT0hXcqHoy-uXLsGQJTCHwGTLv2zcMZg9pkqMrJznAX2GBTQ3dTVLRobQU9nH1jopaQgiFD8JjoQJVCemYhgGjv2fnVywopaebv5M8UcbaxoAI6DJBZaDUxmENRzcNw5qfDH1e7VhKUhLlWL2UBy9_y1R5PODNwIArltF3rVAfsP6fCDBMe2O9_BAfSRj2XvWvm32sPeVaV18ZUps5gpQNgy9Pq5rJ0OonjVDdnVV89CAZJ3OC3myraSTnFqQ90xvDqbih1cX59XpsFDeEqzEcV4kmdvsPKpYK74_vb_SJVPRN2UZKjG4rq3FH8i7TwnGXSsAineZmJOnfwGD6yxiF6Q308wPUDExwOXqoe7OGMe-gmhd4RkZzmTdr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Dec 2021 11:18:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 16 Dec 2021 11:18:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 3B9F
11 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 19:07:16 GMT
expires
Wed, 29 Dec 2021 19:07:16 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
58287
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 24D8
11 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.redpacketsecurity.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 19:07:16 GMT
expires
Wed, 29 Dec 2021 19:07:16 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
58287
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css2
fonts.googleapis.com/ Frame 3B9F
4 KB
634 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 10:28:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 11:18:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 11:18:43 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3B9F
205 B
229 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 15:27:48 GMT
x-content-type-options
nosniff
age
157855
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 15:27:48 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3B9F
604 B
628 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:49:32 GMT
x-content-type-options
nosniff
age
66551
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 16:49:32 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 3B9F
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 10:59:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1183
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8346
x-xss-protection
0
server
cafe
etag
3177319193432224586
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 10:59:00 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/ Frame 43BF
209 KB
84 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/index.html
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5f30533d2705dad41e3b794b5b9da4f0c08be3c1b877730e6c191c5af7d736e5
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Thu, 09 Dec 2021 15:37:44 GMT
expires
Fri, 09 Dec 2022 15:37:44 GMT
last-modified
Thu, 02 Dec 2021 13:24:27 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
85640
age
589259
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 24D8
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:17:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:17:29 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 24D8
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:12:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
374
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:12:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 24D8
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 11:18:43 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 24D8
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
133
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:16:30 GMT
css
fonts.googleapis.com/ Frame 6643
3 KB
579 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Dec 2021 10:24:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 16 Dec 2021 11:18:43 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Dec 2021 11:18:43 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6643
1 KB
892 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 10:57:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1288
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 10:57:15 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 6643
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:17:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:17:29 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6643
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:12:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
374
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:12:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6643
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:18:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Dec 2021 11:18:43 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6643
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 11:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
133
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Dec 2021 11:16:30 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 6643
27 KB
11 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
144722
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 4E0A
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 11:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
983
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s
googleads.g.doubleclick.net/pagead/drt/ Frame 155B
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 16 Dec 2021 11:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
983
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 43BF
16 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 04:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24950
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Fri, 17 Dec 2021 04:22:53 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 43BF
26 KB
10 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 14:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75397
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 14:22:06 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 4E0A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 11:18:43 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:43 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 11:18:43 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 155B
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 11:18:43 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 16 Dec 2021 11:18:43 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 16 Dec 2021 11:18:43 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 32D4
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/owowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
52154
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:49:29 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 43BF
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 20:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
52154
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 20:49:29 GMT
logo_left.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/ Frame 43BF
8 KB
8 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/logo_left.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4d55998ccab91a3ed4dfab41874036cccdc8463e44e5817ff0021d3f9bba272
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
589938
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8235
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 13:24:27 GMT
server
sffe
date
Thu, 09 Dec 2021 15:26:25 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 09 Dec 2022 15:26:25 GMT
layer.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/ Frame 43BF
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/layer.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3895dc0654ec58b8f3a3ff72452d38822dc797e64f087ba1e534866ea043c84
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
589938
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6608
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 13:24:27 GMT
server
sffe
date
Thu, 09 Dec 2021 15:26:25 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 09 Dec 2022 15:26:25 GMT
background.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/ Frame 43BF
15 KB
15 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/background.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a3ce5d885b32180924eede1cdea4893293b372ab96dc39977a06df91c3ad19ae
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
589938
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15758
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 13:24:27 GMT
server
sffe
date
Thu, 09 Dec 2021 15:26:25 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 09 Dec 2022 15:26:25 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| zarazData object| zaraz object| dataLayer object| a0_0x433e function| a0_0x3d7e object| __CF$cv$params object| __cfQR object| __cfBeacon function| defer function| deferscript object| _wpemojiSettings undefined| $ function| jQuery object| cnArgs function| nxsPostToFav function| ga object| twemoji object| wp object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| aalEmbed object| aalNowRetrieving number| _CommentsAppWidgetUuid string| websiteId object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate function| sprintf function| vsprintf object| lazySizes boolean| __cfRLUnblockHandlers function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_llp number| google_lpabyc object| googletag

34 Cookies

Domain/Path Name / Value
.redpacketsecurity.com/ Name: _ga
Value: f33902c1-4bf2-45c2-a0f2-1ec9d6aece74
.redpacketsecurity.com/ Name: __cf_bm
Value: d8rdBH.30oexsjBbMf.5pr3nEauEuvzfX9cNVEaQMus-1639653519-0-AVofBDeZO5d9jJjGoyU61YFtQIyN3jSX7kkxbsxEsjrjXsxU/STqHncovHAFTRwLmng541EVnj0PgIgv2OT/wU/ZQFXDpTKTR4prtTrPb76Acts33LpNkHKMAj54CQe44A==
.www.redpacketsecurity.com/ Name: caosLocalGa
Value: GA1.3.523056644.1639653520
.www.redpacketsecurity.com/ Name: caosLocalGa_gid
Value: GA1.3.668000135.1639653520
.www.redpacketsecurity.com/ Name: _gat
Value: 1
comments.app/ Name: bcom_on
Value: 1
.redpacketsecurity.com/ Name: __gads
Value: ID=a6fde18980312bb2-2250251208cd0014:T=1639653520:RT=1639653520:S=ALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw
.quantserve.com/ Name: d
Value: EEABCQH8JIEA
.quantserve.com/ Name: mc
Value: 61bb2091-63ba0-c1191-150e5
.mookie1.com/ Name: id
Value: 10814690818848826980
.mookie1.com/ Name: mdata
Value: 1|10814690818848826980|1639653521407
.mookie1.com/ Name: ov
Value: e0b8f1bb6ce1b0565225d763fc6c64d5
.casalemedia.com/ Name: CMID
Value: YbsgkaDs81IkGlthfnuXsQAA
.casalemedia.com/ Name: CMPS
Value: 5208
.casalemedia.com/ Name: CMPRO
Value: 1167
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 239FE8F4-7D9E-4AE1-8CE3-83551DFD5C07
.agkn.com/ Name: ab
Value: 0001%3ApbB0jEKvi8EhlW54XLSAzVIP9hYZKRXP
.agkn.com/ Name: u
Value: C|0CEApTd0RKU3dEQAAAAAAAQ13AQCAAQpAAAAAAA
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: IDE
Value: AHWqTUlvuYvYmWOjFZp_4yTf93haLWVlYOMRYmAaBHqTqatY9po4l9-cwhLz-IHPoHM
.casalemedia.com/ Name: CMST
Value: YbsgkWG7IJIA
.casalemedia.com/ Name: CMRUM3
Value: 2d61bb20922760CAESEIa3kT0GbzjhoPi8UcTgTpk
.adnxs.com/ Name: uuid2
Value: 6172801333980620133
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2GUaq2qj)!@wnfH8K6pQK`!5=E<*L5?%M7_XOXm0W'4#iWsfJ7o$5+0itz[9y#L_5sf$C%nugO%v4VB%nlqr)k/ln
.e.dlx.addthis.com/ Name: na_tc
Value: Y
.addthis.com/ Name: na_id
Value: 2021121611184200011933244533
.addthis.com/ Name: na_tc
Value: Y
.addthis.com/ Name: uid
Value: 61bb209212e24419
.addthis.com/ Name: ouid
Value: 61bb20920001101febf7526a32b9e3256ecbd3b63cd1f244f08c
.dlx.addthis.com/ Name: na_rn
Value: 0
.dlx.addthis.com/ Name: na_sr
Value: 20211216
.dlx.addthis.com/ Name: na_srp
Value: 3614
.dlx.addthis.com/ Name: na_sc_e
Value: 0

8 Console Messages

Source Level URL
Text
other warning URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20211103_RC00/outstream.min.js(Line 346)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html".
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=1031702092&adf=1864695308&pi=t.aa~a.2354693291~i.17~rp.4&w=770&fwrn=4&fwrnh=100&lmt=1639641804&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=770x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fowowa-a-malicious-iis-server-module-used-to-steal-microsoft-exchange-credentials%2F&flash=0&fwr=0&pra=3&rh=193&rw=770&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639653520654&bpp=2&bdt=1003&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da6fde18980312bb2-2250251208cd0014%3AT%3D1639653520%3ART%3D1639653520%3AS%3DALNI_MYmmssxAmPFErIjRHPV0UrGU-KBAw&prev_fmts=0x0&nras=2&correlator=8730578267269&frm=20&pv=1&ga_vid=523056644.1639653520&ga_sid=1639653520&ga_hid=167780454&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1420&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750773%2C31063221&oid=2&pvsid=4052464524088608&pem=334&tmod=738&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=dy77WUaJHe&p=https%3A//www.redpacketsecurity.com&dtd=12
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html".
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_cver=1&google_push=AYg5qPJcoiGwxjcjDt1kzjA3ILYvj5-Fehu-CTKc0PATkH8712djvHbapUP4wlv32Vw5He_0VCDwoi6QNG0nBB0ATsDLgHNYlvM&google_gid=CAESEEVlVHjq7MFVYyThSKyGP3c
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEKMAZs7Kxs4-ogXJUAveOwg&google_push=AYg5qPJ_7--Hqqes410xodXLRVXweRExG65gv_FuOeQfX-uNkg1bF0d-amx7rEHw1C8ArsvB83ylaxuTUAGPJZdfTrARFHvj4IuV&google_cver=1
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbsgkaDs81IkGlthfnuXsQAABI8AAAAB&google_gid=CAESEE3uR24LDaMOQIX1ULk8Yds&google_cver=1&google_push=AYg5qPJ_gZmP3gHkCRRzsmg_0H2ygvNNUsrozICdS5QHHqQ-DjMHJqOCEGyVHyiRInOXH7Y1DZIUnb4uNqScuNOeYXqXsjxhIhql
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
security error URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1(Line 22)
Message:
The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4228893314141063590/index.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
bid.g.doubleclick.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
comments.app
csi.gstatic.com
d.agkn.com
dsum-sec.casalemedia.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
m.exactag.com
m.media-amazon.com
oauth.tg.dev
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
r4---sn-4g5e6nz7.c.2mdn.net
rtb.openx.net
s0.2mdn.net
static.cloudflareinsights.com
static.doubleclick.net
tg.dev
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.redpacketsecurity.com
cm.g.doubleclick.net
104.111.215.191
104.222.176.10
104.222.176.201
108.177.15.157
142.250.181.226
142.250.185.194
142.250.185.226
185.33.221.13
185.64.190.78
2.18.234.21
213.202.235.10
2600:9000:2156:8200:1d:d7f6:39cf:a761
2606:4700:20::681a:25b
2606:4700::6810:135e
2606:4700::6810:5f41
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:65::9
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:827::2003
2a00:1450:4001:827::2004
2a00:1450:4001:82b::2006
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2001
2a00:1450:4001:830::200a
2a00:1450:4001:831::2006
2a00:1450:4014:80d::2003
34.98.67.61
35.227.252.103
52.29.77.212
54.73.238.193
69.173.151.100
00d6facaae83949957b101b9506c1100b0ac017b52bb7f6f22957a311c5e9a9d
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
0157d11106d6b70289099fd1ce1f7bea3a9dfbb46cee3994edb07ce765bb92fc
0232d4c86108ebf2529fcbffa8478b2d278e5a5dbc968c0b6ca20b85246bfb81
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
036cb212b79b6b41aa94647b00f4f03ba6cc127ebceaa72400663441d1f2b211
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
04e6fb814fccce3a0aecb83be0bc24665cf3e6a5e993f296471a63708f63e138
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1000abf34bf56e3a757816ca05551e1b79ebd035605f3b7b40bbf864ecb43959
112fce15f546bac1b9903ed990b636cf44885267bacdfbc1355f4917c88aff60
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13380e94a6e7f0dc1dd772e5ea0bd4ffbaa37ee20d693089b39a3ce248ae210d
136a0c873608029d9ccb0aa2bab98fa3950ff65f8633ffbd103b57f17ca2f9c9
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1ad7c65cd4e3b6746a18ea8b33060add96541b279acdfde43b8ebbfb02a942b3
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1fd8ea040ca2516d5dfcf5947765b9e8ce41d015f453495172e0fd20fdd35a26
24619f9c9f42afc7657eee11e2aa6941891d91b979402bac2df69d38e0c35d86
2881366730ae36d154ab48b8c1b8bf1d0b2cb4cc47a354ce90a04a044e034291
28d717e251f958df9347336bdab8ab4ef1e9fc324009d872b9b6dc7f35bf4da5
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b32be0979cb9f2119bd22563ed89560525c15a8edfd6e662a1968314783f689
2c6c5fa1a182530d794b033ee34f4a2d9e0b12db9ca65d696d79c6862f63a801
2d7ecfb8fdab8b602e281c210e1e8514ae1a66440747bf9ff218a20ce2abfb81
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
31a77ce6e1fa9d4cc4e585d290a3b832affe0a2eade8b67b92720a6726feb1a6
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
376854d49d48223d50ed0bb60a24b27164df79ff13795d406ff9ff367df6eb5a
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
425d7478422a02b8592686dd947b18cae0ca66ab39dc437067219356fb7a0a61
47cb90f7f02ecd29c700b1a61d0714af6bdd8e8d251b0bbeb85ac985a6fbef94
482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
49f9bdfcac490957e4d06b3fd31ab291deaa4471d14739a07f60f79f2e8cd373
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba1b9960f6bcc2d49080931ddd405a8fda579f905c7094d567d2b5823ae7970
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50d72b7a44227a156b6714b4208be48c3acf8b773eb1b73f069442b07971a92e
51a6b4bf654e7ddae141e7319bdd8725d2a87b77deebda0ed008d5165a5b1760
53c088f65c77c6b7af2804face3e267d4c1bf148177798a30fa3a15aa693c36f
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58c53867c994b01ce9dc582a3e4d2a2d444331f4ee4684deb0763db2b3413d2e
5a05c3e0d6c0babb7b070daa5af4f410d30a7c91fb4cc7350783a46911c2324c
5b84335d42b38d3122349f53b20dd6a5cb0f45d1e45e5683fd572bcdda8c04a2
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c5e6a3e096e2a6e333a8f20a06d9f135e01c46e73885d5d685264543d1e372e
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f30533d2705dad41e3b794b5b9da4f0c08be3c1b877730e6c191c5af7d736e5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194
65100ed3e157598748f31ecef3e66f28d0ea11474dec2abbf5272e04a4bd1be5
689d774d230b0f6c1c82ce8b27e0fdee26eb82c344d76804c40423d77487363f
6931a2e7f918070dbd85bcc6e6557d6c1af59127a9c3cd2ece1ef34dc7aa2ca7
6a565df41bd9cf37caa933990ec07d5a00936883878596440a40553fe9d2004a
6d53299eeb9516dbba670ceeb55e8e5ce2186edb71518f6a1bd16553308f17c2
72cd910935cf6040c2fee3bfe0d40f564ad420e080dfa66fba45485ec5e64c0f
76216b6c25b768e5bee4b758dacfef993b3e87cc2d7fd9bf192bd685d1ae9bfb
7a32e6dd7548d9ec4a6ee8f1ba227fdbc4b9991b0e1a50160bae95e8c10c8e14
7aa24a879f121376567419b3d360ee9b65f43162ed279cdf235fa3ecb4cf0c99
7af53d7077c16f6ad9efd63a975749c4835ce6e495c337fa4176f15ed385f80b
7baeeb05ff0ee4e24a08c877dbf87509ff0285842079bd27678e8e0629a03029
7d45256c95c1c245654bf298e27d9c538dc778a2ee050ba4678ac2a07f479869
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
81ee516c50853fdb70af0d4b4b74bfd9433783e4f9ae9051b1fd5b7217a742d2
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
840711eaa754b000831567752cc1f5e460bd0f0097be8cb273230834a1a3a7a2
842258538e379b1dabe5daddd81e90eeb7c69834580f33842bfdbde38d8f8400
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8994924c0f3ab4474ee0a7c04417ad84933c4467cc9192fcb60b9774f15f5990
8c02c6d0a718c0a546a98e15273ca7341d8614787ee21b71d18ff90f0e801d30
90ca8055f760f720c49cf2567cec73385fbef57accc88de14d74a4cef3a75446
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
919b9d81c538a358edc2c894fdb62c674c16bd38a0690d8d18e81500a926425f
970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ddc0f6530a2a949a60ecc192689aba25551e0f9f6270b44803134b27708d883
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0384dcb4f83e6e511c7db02299c47ffd5d6fd572e9120c71c07f3691da2c120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a3ce5d885b32180924eede1cdea4893293b372ab96dc39977a06df91c3ad19ae
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5e0cbd45ee22bb7af19250f8e26d183bc7cceb22d1c092b0b753b534fd7b3c2
a698eb66dbefa0025177040c415a58cc7e5205cf93105d540e43e4ea42ae837b
a7e340aa92bb4abc075a1d50daa8a0a44fed34c75a52f376b306e9ddf5963ca1
aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ae394bf43bc39f7c6b3f439de04f6b75288d849a0ecae5000a2452546063647c
af12f7592b4d8f6b8483bd9bab081ecf35abe485d5315fb0ecf30559ac2bd9cd
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b050ecb4fbf2f33c0e1db06e6f1af716251d61c49e9712ee0844c34895b4c384
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28d8e93ecf9067ff746e514c79ad5adc53cc00965630bfe0b118cf80f7bf065
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b4d55998ccab91a3ed4dfab41874036cccdc8463e44e5817ff0021d3f9bba272
b56ee3ef6795f316ada3d170a8e404b97e6429a7d6337f54be5eb63f5728aabd
b5c642f4690b2fb0b6fe20a4b6f05d84a7c7d196bd608929456e43ebf1126bfb
b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2cc30d2c45bb0ff5adc4a5a73f520914fc62b05c8b9594c24b0a68a991f7026
c6302b4d81b4d472760360ccf81cdb1fc8f7d1be7a68737d5d462e321b11282a
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce8e4c0dd70a2717839b0c87c5b1cd387d010b68d8a3c46465612054558293ea
d37d850861bfe1a195c5390b18a114dfc823e691449f0c2ae36b0f39ae0356c5
d46a9a6bb336e632b785d63e0f9af30af36a3d24747076007eee231e7a6ddc2a
d4909dbff41f7faeb73f2af3a54c41cd8905cd964015819c4edb88e587c75f15
d5c032a0c1b3b6db787cd21d01656e08166144284b158fde098f1c0e771f71c1
d6706251078c3c24860a741b7ec3b00fe43cf2872d32557405d90a105e850f7e
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
dceda745a0fb58233a95eff6d10796026df6792cb960cdf675eb7b8a6750a2d2
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df3c119d7a7b510f1349c87583bc9a5b9f2e3fc8f2ea309cc7975b9378d59a8d
e276b1716ef7ae3a30ccd9ebfea3c176f85223b4ed5e55dd639dd49b4bcb1efa
e3895dc0654ec58b8f3a3ff72452d38822dc797e64f087ba1e534866ea043c84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a
e56f529193e5d07ddf0c8ef64c8a28feb6cb84177b4efdf70ca4ca6eb44ba2e3
e6612b17735189e8d3f7b7b315fd1053098b632252aadd9c702ff4c432dfaa8a
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
ee1f6500559343d6d65d5d49a6ce7f55f2e8bd1942f7d0d6d6c69b746a5869b0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabf49bfa4ea4028debb47df9eed2157953db99931fa5f9e6316e6f20945b0b
f05a63f8ded5057e0e48a0229f6df23ffa521b370c818de2832815ec20956b3c
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
f9f94cc2cf984a2a8df89c1250c04396bc950e577b4143d5539ca88fb46de91b
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
ff927c15e0476f51f0f274a6496c1eef0a2cc181e0ab2f9e4488258c547f0d8b
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914