urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html'
Effective URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Submission: On August 23 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 86 IPs in 10 countries across 75 domains to perform 295 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 329195.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2022. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 45 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:20e... 16509 (AMAZON-02)
1 13.32.99.78 16509 (AMAZON-02)
3 2.18.235.93 16625 (AKAMAI-AS)
7 68.183.31.14 14061 (DIGITALOC...)
16 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 3.132.155.94 16509 (AMAZON-02)
1 2600:9000:20e... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 23.35.228.23 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2 3.64.108.197 16509 (AMAZON-02)
2 4 185.89.211.84 29990 (ASN-APPNEX)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.2.146 44788 (ASN-CRITE...)
1 141.95.98.65 16276 (OVH)
6 15.197.193.217 16509 (AMAZON-02)
4 137.184.242.150 14061 (DIGITALOC...)
2 2602:803:c003... 26667 (RUBICONPR...)
2 8 185.89.211.12 29990 (ASN-APPNEX)
6 35.244.159.8 15169 (GOOGLE)
2 185.86.139.95 201081 (SMARTADSE...)
2 185.64.189.112 62713 (AS-PUBMATIC)
1 52.4.33.45 14618 (AMAZON-AES)
2 69.166.1.15 27630 (AS-XFERNET)
2 34.107.148.139 15169 (GOOGLE)
2 4 216.52.2.39 32475 (SINGLEHOP...)
2 34.205.124.206 14618 (AMAZON-AES)
1 35.158.20.56 16509 (AMAZON-02)
1 5 172.98.26.125 399668 (E-PLANNING-)
2 6 52.72.177.11 14618 (AMAZON-AES)
1 52.206.68.186 14618 (AMAZON-AES)
1 1 23.75.240.210 16625 (AKAMAI-AS)
4 23.205.235.133 16625 (AKAMAI-AS)
1 3 104.18.18.126 13335 (CLOUDFLAR...)
2 7 104.18.19.126 13335 (CLOUDFLAR...)
1 205.234.175.175 23352 (SERVERCEN...)
1 2 51.89.9.254 16276 (OVH)
13 2606:4700:10:... 13335 (CLOUDFLAR...)
10 23 142.250.181.226 15169 (GOOGLE)
3 4 107.178.246.49 15169 (GOOGLE)
2 3 37.157.2.239 198622 (ADFORM)
1 2a04:4e42:400... 54113 (FASTLY)
1 2600:1f16:e61... 16509 (AMAZON-02)
2 198.47.127.19 62713 (AS-PUBMATIC)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 2 34.255.225.203 16509 (AMAZON-02)
1 54.78.254.47 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
1 1 85.114.159.118 24961 (MYLOC-AS ...)
2 2 34.111.131.239 15169 (GOOGLE)
1 185.15.245.83 24961 (MYLOC-AS ...)
2 3 34.196.96.235 14618 (AMAZON-AES)
1 1 212.82.100.182 34010 (YAHOO-IRD)
2 34.252.199.249 16509 (AMAZON-02)
1 168.119.149.178 24940 (HETZNER-AS)
2 151.101.194.49 54113 (FASTLY)
1 1 2.18.233.201 16625 (AKAMAI-AS)
1 1 54.164.129.77 14618 (AMAZON-AES)
1 2 52.95.125.22 16509 (AMAZON-02)
4 7 209.54.182.161 16509 (AMAZON-02)
1 69.192.160.219 16625 (AKAMAI-AS)
1 1 174.129.105.163 14618 (AMAZON-AES)
1 69.173.151.100 26667 (RUBICONPR...)
1 1 34.111.151.213 15169 (GOOGLE)
2 2 18.158.190.248 16509 (AMAZON-02)
1 54.243.198.75 14618 (AMAZON-AES)
1 1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 35.190.60.146 15169 (GOOGLE)
4 5 69.173.144.138 26667 (RUBICONPR...)
2 4 69.173.144.139 26667 (RUBICONPR...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
2 2 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:21::14 8068 (MICROSOFT...)
2 172.98.26.121 399668 (E-PLANNING-)
1 2a02:6ea0:c70... 60068 (CDN77 ^_^)
2 13.225.78.37 16509 (AMAZON-02)
1 51.158.28.82 12876 (Online SAS)
1 3.232.64.79 14618 (AMAZON-AES)
21 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.66 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... ()
2 2a00:1450:400... ()
2 151.101.65.108 ()
2 104.17.120.107 ()
2 23.35.236.201 ()
1 67.202.105.22 ()
2 2a00:1450:400... ()
4 142.250.184.226 ()
2 152.195.15.58 ()
1 1 35.186.193.173 ()
1 1 54.152.219.204 ()
1 174.137.133.49 ()
2 104.111.242.245 ()
2 2 135.125.160.77 ()
295 86
45    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2600:9000:20eb:c400:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ws.sharethis.com
1    13.32.99.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-78.fra60.r.cloudfront.net
platform-api.sharethis.com
3    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
7    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
16    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    3.132.155.94 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-132-155-94.us-east-2.compute.amazonaws.com
l.sharethis.com
1    2600:9000:20eb:c800:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
5    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
google-analytics.com
www.google.com
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
lg3.media.net
1    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2606:4700:20::681a:644 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
2    3.64.108.197 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-108-197.eu-central-1.compute.amazonaws.com
aa.agkn.com
4    185.89.211.84 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu
id5-sync.com
6    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
4    137.184.242.150 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
2    2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
8    185.89.211.12 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
6    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
pixfuture2-d.openx.net
u.openx.net
us-u.openx.net
2    185.86.139.95 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
2    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    52.4.33.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-33-45.compute-1.amazonaws.com
c2shb.ssp.yahoo.com
2    69.166.1.15 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
2    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
4    216.52.2.39 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
2    34.205.124.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-124-206.compute-1.amazonaws.com
hb.emxdgt.com
1    35.158.20.56 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-20-56.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
5    172.98.26.125 (Ashburn, United States)

ASN399668 (E-PLANNING-, US)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
u-iad04.e-planning.net
6    52.72.177.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-177-11.compute-1.amazonaws.com
a.audrte.com
1    52.206.68.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-68-186.compute-1.amazonaws.com
ssp.disqus.com
1    23.75.240.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
3    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum.casalemedia.com
dsum.casalemedia.com
7    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
r.casalemedia.com
dsum-sec.casalemedia.com
1    205.234.175.175 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net
i.e-planning.net
2    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
13    2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
23    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
cm.g.doubleclick.net
4    107.178.246.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com
pixel.tapad.com
3    37.157.2.239 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
1    2a04:4e42:400::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2600:1f16:e61:3f00:93d2:52b:cea6:7db8 (Columbus, United States)

ASN16509 (AMAZON-02, US)
dmp.v.fwmrm.net
2    198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    2a05:d018:24:b002:4b1d:b4d8:d7a1:7bd5 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.tidaltv.com
2    34.255.225.203 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-225-203.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Rogeno, Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
1    85.114.159.118 (Waldshut-Tiengen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    34.111.131.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.131.111.34.bc.googleusercontent.com
idsync.frontend.weborama.fr
1    185.15.245.83 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dmp.theadex.com
3    34.196.96.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-96-235.compute-1.amazonaws.com
bcp.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
2    34.252.199.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-199-249.eu-west-1.compute.amazonaws.com
beacon.krxd.net
1    168.119.149.178 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.149.119.168.clients.your-server.de
sync.richaudience.com
2    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    54.164.129.77 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-164-129-77.compute-1.amazonaws.com
usermatch.krxd.net
2    52.95.125.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
7    209.54.182.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    174.129.105.163 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-105-163.compute-1.amazonaws.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
1    34.111.151.213 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com
dmp.brand-display.com
2    18.158.190.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-190-248.eu-central-1.compute.amazonaws.com
pm.w55c.net
1    54.243.198.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-198-75.compute-1.amazonaws.com
rtb.adentifi.com
1    2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
casale-match.dotomi.com
1    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
id.rlcdn.com
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
4    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
2    2a05:d018:d29:3601:6b06:26e1:4300:34b (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    172.98.26.121 (Ashburn, United States)

ASN399668 (E-PLANNING-, US)
PTR: s.e-planning.net
s.e-planning.net
1    2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
vid.vidoomy.com
2    13.225.78.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-37.fra2.r.cloudfront.net
tags.crwdcntrl.net
1    51.158.28.82 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-28-82.rev.poneytelecom.eu
js.cookieless-data.com
1    3.232.64.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-64-79.compute-1.amazonaws.com
ps.eyeota.net
21    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
partner.googleadservices.com
2    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
6    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
12    2a00:1450:4001:813::2001 (None, )

ASN- ()
tpc.googlesyndication.com
2    2a00:1450:4001:813::2002 (None, )

ASN- ()
www.googletagservices.com
2    151.101.65.108 (None, )

ASN- ()
acdn.adnxs.com
2    104.17.120.107 (None, )

ASN- ()
biddr.brealtime.com
2    23.35.236.201 (None, )

ASN- ()
ads.pubmatic.com
1    67.202.105.22 (None, )

ASN- ()
ssc-cms.33across.com
2    2a00:1450:4001:82b::2006 (None, )

ASN- ()
s0.2mdn.net
4    142.250.184.226 (None, )

ASN- ()
googleads4.g.doubleclick.net
2    152.195.15.58 (None, )

ASN- ()
cdn.bizibly.com
1    35.186.193.173 (None, )

ASN- ()
gcm.ctnsnet.com
1    54.152.219.204 (None, )

ASN- ()
fksnk.com
1    174.137.133.49 (None, )

ASN- ()
dsp.adkernel.com
2    104.111.242.245 (None, )

ASN- ()
sync.teads.tv
2    135.125.160.77 (None, )

ASN- ()
c.eu1.dyntrk.com
Apex Domain
Subdomains		 Transfer
45 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 329195
1 MB
33 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123
tpc.googlesyndication.com
500 KB
33 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 214
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
googleads4.g.doubleclick.net
82 KB
18 wp.com
i0.wp.com — Cisco Umbrella Rank: 2991
stats.wp.com — Cisco Umbrella Rank: 2570
pixel.wp.com — Cisco Umbrella Rank: 2431
342 KB
17 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 519
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1015
eus.rubiconproject.com — Cisco Umbrella Rank: 582
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 959
token.rubiconproject.com — Cisco Umbrella Rank: 711
pixel.rubiconproject.com — Cisco Umbrella Rank: 327
26 KB
14 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 463
ib.adnxs.com — Cisco Umbrella Rank: 230
acdn.adnxs.com
44 KB
13 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1891
mwzeom.zeotap.com — Cisco Umbrella Rank: 1478
4 KB
13 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 52506
cdn.pixfuture.com — Cisco Umbrella Rank: 63562
prebidserver.pixfuture.com — Cisco Umbrella Rank: 113191
461 KB
10 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1324
r.casalemedia.com — Cisco Umbrella Rank: 778
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 525
dsum.casalemedia.com — Cisco Umbrella Rank: 1387
9 KB
9 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1260
s.amazon-adsystem.com — Cisco Umbrella Rank: 282
7 KB
8 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 5255
u-iad04.e-planning.net — Cisco Umbrella Rank: 11308
i.e-planning.net — Cisco Umbrella Rank: 7512
s.e-planning.net — Cisco Umbrella Rank: 7146
4 KB
7 media.net
contextual.media.net — Cisco Umbrella Rank: 537
lg3.media.net — Cisco Umbrella Rank: 3677
prebid.media.net — Cisco Umbrella Rank: 1269
19 KB
6 google.com
adservice.google.com — Cisco Umbrella Rank: 88
www.google.com
2 KB
6 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2195
10 KB
6 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 493
image6.pubmatic.com — Cisco Umbrella Rank: 634
ads.pubmatic.com
12 KB
6 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 71579
u.openx.net — Cisco Umbrella Rank: 705
us-u.openx.net
940 B
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 371
2 KB
5 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 820
tags.crwdcntrl.net — Cisco Umbrella Rank: 1220
17 KB
5 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1019
cms.analytics.yahoo.com — Cisco Umbrella Rank: 796
ads.yahoo.com — Cisco Umbrella Rank: 2295
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 488
3 KB
5 sharethis.com
ws.sharethis.com — Cisco Umbrella Rank: 8483
platform-api.sharethis.com — Cisco Umbrella Rank: 4580
l.sharethis.com — Cisco Umbrella Rank: 4476
buttons-config.sharethis.com — Cisco Umbrella Rank: 5510
57 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 464
1 KB
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 654
3 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 407
mug.criteo.com — Cisco Umbrella Rank: 2790
1 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 515
usermatch.krxd.net — Cisco Umbrella Rank: 1240
942 B
3 adform.net
dmp.adform.net — Cisco Umbrella Rank: 5038
1 KB
3 google-analytics.com
google-analytics.com — Cisco Umbrella Rank: 36
www.google-analytics.com — Cisco Umbrella Rank: 45
region1.google-analytics.com — Cisco Umbrella Rank: 3094
21 KB
2 dyntrk.com
c.eu1.dyntrk.com
1 KB
2 teads.tv
sync.teads.tv
344 B
2 bizibly.com
cdn.bizibly.com
431 B
2 2mdn.net
s0.2mdn.net
104 KB
2 brealtime.com
biddr.brealtime.com
2 KB
2 googletagservices.com
www.googletagservices.com
87 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 8811
957 B
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 882
927 B
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 783
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 590
260 B
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 25384
683 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 201
2 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1122
752 B
2 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
335 B
2 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2636
319 B
2 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1901
1 KB
2 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1497
680 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 461
990 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
109 KB
1 adkernel.com
dsp.adkernel.com
233 B
1 fksnk.com
fksnk.com
613 B
1 ctnsnet.com
gcm.ctnsnet.com
609 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 949
1 KB
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 7261
535 B
1 vidoomy.com
vid.vidoomy.com — Cisco Umbrella Rank: 5036
17 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 370
703 B
1 dotomi.com
casale-match.dotomi.com — Cisco Umbrella Rank: 2647
187 B
1 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1195
35 B
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1774
350 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 93873
215 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 486
145 B
1 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1005
770 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1918
361 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 20216
219 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1558
596 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 117032
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 7247
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 11716
411 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 707
161 B
1 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 2420
217 B
1 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1244
match.sharethrough.com Failed
159 B
1 33across.com
ssc.33across.com Failed
ssc-cms.33across.com
1 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 592
440 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 508
628 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 727
6 KB
0 adingo.jp Failed
cc.adingo.jp Failed
0 stackadapt.com Failed
sync.srv.stackadapt.com Failed
0 turn.com Failed
r.turn.com Failed
0 googleapis.com Failed
fonts.googleapis.com Failed
295 75
Domain Requested by
45 securityaffairs.co 1 redirects securityaffairs.co
23 cm.g.doubleclick.net 10 redirects spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
googleads.g.doubleclick.net
21 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
securityaffairs.co
16 i0.wp.com securityaffairs.co
12 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
10 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
8 ib.adnxs.com 2 redirects cdn.pixfuture.com
spl.zeotap.com
acdn.adnxs.com
googleads.g.doubleclick.net
7 s.amazon-adsystem.com 4 redirects ads.us.e-planning.net
r.casalemedia.com
eus.rubiconproject.com
7 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
6 dsum-sec.casalemedia.com 2 redirects r.casalemedia.com
googleads.g.doubleclick.net
6 a.audrte.com 2 redirects ads.us.e-planning.net
a.audrte.com
6 match.adsrvr.org cdn.pixfuture.com
ads.us.e-planning.net
spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
googleads.g.doubleclick.net
5 token.rubiconproject.com 4 redirects eus.rubiconproject.com
4 googleads4.g.doubleclick.net googleads.g.doubleclick.net
4 www.google.com googleads.g.doubleclick.net
tpc.googlesyndication.com
4 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
4 pixel.tapad.com 3 redirects ads.us.e-planning.net
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 ap.lijit.com 2 redirects cdn.pixfuture.com
4 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
4 secure.adnxs.com 2 redirects
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 dmp.adform.net 2 redirects spl.zeotap.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 u-iad04.e-planning.net ads.us.e-planning.net
r.casalemedia.com
vid.vidoomy.com
3 contextual.media.net securityaffairs.co
cdn.pixfuture.com
2 c.eu1.dyntrk.com 2 redirects
2 sync.teads.tv googleads.g.doubleclick.net
2 us-u.openx.net googleads.g.doubleclick.net
2 cdn.bizibly.com googleads.g.doubleclick.net
2 s0.2mdn.net googleads.g.doubleclick.net
2 ads.pubmatic.com cdn.pixfuture.com
2 u.openx.net cdn.pixfuture.com
2 biddr.brealtime.com cdn.pixfuture.com
2 acdn.adnxs.com cdn.pixfuture.com
2 www.googletagservices.com googleads.g.doubleclick.net
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 partner.googleadservices.com pagead2.googlesyndication.com
2 tags.crwdcntrl.net s.e-planning.net
tags.crwdcntrl.net
2 s.e-planning.net ads.us.e-planning.net
2 pr-bh.ybp.yahoo.com 2 redirects
2 pm.w55c.net 2 redirects
2 dsum.casalemedia.com r.casalemedia.com
2 aax-eu.amazon-adsystem.com 1 redirects ads.us.e-planning.net
2 sync-tm.everesttech.net spl.zeotap.com
googleads.g.doubleclick.net
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 idsync.frontend.weborama.fr 2 redirects
2 dpm.demdex.net 2 redirects
2 sync.tidaltv.com 2 redirects
2 image6.pubmatic.com spl.zeotap.com
ads.pubmatic.com
2 onetag-sys.com 1 redirects ads.us.e-planning.net
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 hb.emxdgt.com cdn.pixfuture.com
2 prebid.media.net cdn.pixfuture.com
2 apex.go.sonobi.com cdn.pixfuture.com
2 hbopenbid.pubmatic.com cdn.pixfuture.com
2 prg.smartadserver.com cdn.pixfuture.com
2 pixfuture2-d.openx.net cdn.pixfuture.com
2 fastlane.rubiconproject.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 aa.agkn.com 1 redirects cdn.pixfuture.com
2 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
2 lg3.media.net securityaffairs.co
2 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
2 l.sharethis.com ws.sharethis.com
securityaffairs.co
1 dsp.adkernel.com googleads.g.doubleclick.net
1 fksnk.com 1 redirects
1 gcm.ctnsnet.com 1 redirects
1 ssc-cms.33across.com cdn.pixfuture.com
1 ps.eyeota.net
1 js.cookieless-data.com s.e-planning.net
1 vid.vidoomy.com ads.us.e-planning.net
1 px.ads.linkedin.com eus.rubiconproject.com
1 ads.yahoo.com eus.rubiconproject.com
1 id.rlcdn.com 1 redirects
1 casale-match.dotomi.com 1 redirects
1 rtb.adentifi.com r.casalemedia.com
1 dmp.brand-display.com 1 redirects
1 pixel-us-east.rubiconproject.com eus.rubiconproject.com
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 sync.richaudience.com spl.zeotap.com
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 dsp.adfarm1.adition.com 1 redirects
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 i.e-planning.net ads.us.e-planning.net
1 r.casalemedia.com ads.us.e-planning.net
1 ssum.casalemedia.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 ssp.disqus.com ads.us.e-planning.net
1 btlr.sharethrough.com cdn.pixfuture.com
1 c2shb.ssp.yahoo.com cdn.pixfuture.com
1 id5-sync.com cdn.pixfuture.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google-analytics.com google-analytics.com
1 pixel.wp.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 match.sharethrough.com Failed googleads.g.doubleclick.net
0 cc.adingo.jp Failed googleads.g.doubleclick.net
0 sync.srv.stackadapt.com Failed googleads.g.doubleclick.net
0 r.turn.com Failed
0 ssc.33across.com Failed cdn.pixfuture.com
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
295 118
Subject Issuer Validity Valid
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-24 -
2023-04-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
sharethis.com
Amazon		 2022-06-19 -
2023-07-18		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-03		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-11 -
2023-07-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-06-15 -
2022-09-18		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
*.emxdgt.com
Amazon		 2022-06-03 -
2023-07-02		 a year crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
ads.us.e-planning.net
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
*.audrte.com
Amazon		 2022-02-24 -
2023-03-24		 a year crt.sh
ssp.disqus.com
Amazon		 2021-12-20 -
2023-01-18		 a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-23 -
2023-02-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-08 -
2023-06-10		 a year crt.sh
dmp.theadex.com
R3		 2022-06-27 -
2022-09-25		 3 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-11 -
2023-03-10		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-03 -
2023-03-07		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
adentifi.com
Amazon		 2022-08-05 -
2023-09-03		 a year crt.sh
*.e-planning.net
R3		 2022-07-25 -
2022-10-23		 3 months crt.sh
*.vidoomy.com
Sectigo RSA Domain Validation Secure Server CA		 2021-08-06 -
2022-09-05		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-23 -
2023-03-22		 a year crt.sh
eyeota.net
GoGetSSL RSA DV CA		 2022-03-18 -
2023-03-18		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-30 -
2023-07-31		 a year crt.sh
*.adkernel.com
AlphaSSL CA - SHA256 - G2		 2021-12-30 -
2023-01-31		 a year crt.sh
teads.tv
R3		 2022-08-17 -
2022-11-15		 3 months crt.sh

This page contains 37 frames:

Primary Page: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Frame ID: 5C1FE084D701E6CB24EDDB08BA2F4F70
Requests: 122 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 4471E627FB5899329DDB9B9A89552E37
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Frame ID: 0789BCE18FB145BF5B9EADF03DAA521B
Requests: 11 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Frame ID: 9851AA76A2F60A4CCAF9914600FFD052
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: B450639EBB46B73FE63A71C52A1F65D9
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 82E53F81DF5B1BB58EAAE16679B7EB44
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&cmp=0
Frame ID: B1ABC324F822FE9FB72B2F12B15407D4
Requests: 31 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Frame ID: AEFCC03F007CA63C6370946C42378999
Requests: 4 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 9759D35213766721A288D2FA42038047
Requests: 2 HTTP requests in this frame

Frame: https://u-iad04.e-planning.net/um?dc=3ab023ac29ea5990&fi=df6b421f94c39fbc&uid=a6f37f0123013099a595be2217fc435a
Frame ID: C572F41DF1AC99B71F2FAE81A6269AD3
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AOcWnmSwpKDivdPz
Frame ID: A3EECB3B871C306647EF020CD7F73D62
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: DBA4BB0B0B2F17261CD26481BFBA179E
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 215F094D61836F95DB1599F404FFC457
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Frame ID: 42F20C5032C09EDFC3A9E0BE531158F6
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Frame ID: 76E72FC0DBC46536A667D9F0BF2C8DD7
Requests: 16 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: B5BFA393B501EFD750D4E5E34EF41B5C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: F2ECBDD3C27FAC2C3D34827921ACBADA
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 5A131C54879866C2EACA539F8C1CDA6E
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 7128E656A551E5B20725D06406C1FE04
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 5CE1D421C9C1D4E7A9DF4914C6D3757E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 7218329681DA511B8C238584293501BD
Requests: 2 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 66B2B5A216D5A9C944C56E3527E1A55F
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: E84679229038C6EF36BBF32E2F10A8F7
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 300397DCE168616C42A2ED8A8AB5A52D
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: EDF32D72E840E6788222DBFCA81E83FC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 7F31ED8979D9A1B53DAE8DA0B43BECB8
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: B7538D46F8ABE271EDEC1236C4E63731
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYu4vpvAEwAQ&v=APEucNUzGxWL7JJePe0J6-BMIPgmIxMx-0LCNrjaEssZ4DRHbCr3Hzz6-IRfzbM_9p4e-STd4Xh6B5C1glkOa_uyZ9A7dQJJIHNHp1W4ArIyREcbNHtyMcJ5lVXREEW_ThGjBONdTjYuAQ4UksfJdAkhOo1ysL2Gn3YSP-uq6Aj-fhKZ_JgC05AEhaX7ur-6uQ_JV3JNouP4kgKM0lMTDaD_YF3Sp_PPYw
Frame ID: D7BF5AD14861C8F612E43151411FACF3
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 74B8C1FEB762A1A299E268C145B7774C
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYk7favAEwAQ&v=APEucNX1iJ9y6FRRtbfQ65k-2j4xHnUvdMznST22N-ddU7E7uYhc8DljL2vXhAGlWT661j_1rJKU3S__wQICtNCmnJAwAHV1F3OTLIHdnhS4knYZu0_Wr0CA8ygGkFKc3C9G0m9KYDQm0YJVk3OeMyqCHcf_ST2u4cmBwN4sqeZldmcpeZSnKrdLU3DWRTwkDQI2Zl0tJzBS5RDsDODtMMrT1e61e9dcQA
Frame ID: CB1BA8F2B9B8C00671471AD4AFFA1DBD
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1E05502A33B645C4B5273255F8A252D9
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7A59D8ED6A8523240788706632EB239A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 08DF6EB813CD9932755DD76809BB9BE2
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3F0E1322FDA783122561C1CDAC99A96A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EAC9A6B058B8923ACD91DE35906C5E77
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A196FD3CBCEAC1A7ABA20565AF2AC8B0
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C2E1AA86DB3FBC23F618DB101CC83C76
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

JackPOS malware presented as a Java Update SchedulerSecurity Affairs

Page URL History Show full URLs

  1. http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' HTTP 301
    https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

295
Requests

80 %
HTTPS

26 %
IPv6

75
Domains

118
Subdomains

86
IPs

10
Countries

3202 kB
Transfer

5017 kB
Size

69
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' HTTP 301
    https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 87
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 88
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=IWvowXwxeG9pNlc1WWxCcXhrR2VtSVBzbnhvcEdDdkp3Rk4vdlVoOFhqZWdDQXgrMTJwMlpRdXJyWGJPZS9CZ2JLeEpCZXhjaG0zQkZpUmlpQmU5M1NQekdLeGVVZ2JGeWwzcnZyeWR5YjhVVWdBeVdicGFpdjFpVUdkZDhQYTVwMGtFVCs2aE82aGZvY1RvOHlFY3phbjcxbkJWSHdJUWV6TmZZSWZvUDNmWGlwenQxb25MeERYZXFNckhRdll6MmE5WmNmT2gvOUkrN2dEbkF6czRXaU5BVEpwYnNvaHFNZXB3anE4WmZTdGF5YkdFPXw&cppv=2
Request Chain 119
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 121
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Ddf6b421f94c39fbc%26uid%3D%24UID HTTP 302
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=df6b421f94c39fbc&uid=8897075711278565879
Request Chain 123
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Request Chain 124
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D HTTP 302
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Request Chain 130
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f8902ad1-39b6-4fa4-993b-040a1f2cea39%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Df8902ad1-39b6-4fa4-993b-040a1f2cea39%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%2526reqId%253Df5a2ba58-6151-4f39-5745-1e1bbd017902%2526zdid%253D1361&gdpr=0&gdpr_consent=
Request Chain 136
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=22581ba0-d393-4850-be85-18e43739b2a7&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 137
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=45037441285948232663779435849935842974&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 139
  • https://bn01.er.bemail.it/zeotap.php?_bid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022082405-17792-0.054571001661312371-3202f64daec7e872ceeb0a5cebb39d08&zdid=533&env=mWeb
Request Chain 140
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7135166694255097999&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 141
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade
Request Chain 142
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361&bounce=1&random=2878338975 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=z1J8rzkpua4nXeI65p.TSO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 144
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 145
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-XXXrJPRE2oo0KO0V6Okdx77X1L5CnxC3tg--~A&zpartnerid=570&env=mWeb
Request Chain 146
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=P36wgGTmvp8geg7mJ8iQt2rWcGkI%2Bjxr%2BS41iYitP1U%3D
Request Chain 150
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=815f6305-344e-4000-930d-24f05a698f1a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 151
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 152
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&dcc=t
Request Chain 153
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&dcc=t
Request Chain 155
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Request Chain 162
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB&dcc=t
Request Chain 163
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YwU0TWG8g7NCjw3rhpyPXAAA HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YwU0TWG8g7NCjw3rhpyPXAAA&google_tc= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENhkikQlTDsTVw6Zi25en9Q&google_cver=1&gdpr=1
Request Chain 164
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b59e17da-5058-0ef4-6d958fc3
Request Chain 165
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=K5Y0Dlv21OqAeG5&gdpr=1
Request Chain 167
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661371854&gdpr=1
Request Chain 169
  • https://id.rlcdn.com/709414.gif HTTP 307
  • https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Request Chain 170
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=lpp6tsoFTLKWAQtiWYSOmw&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lpp6tsoFTLKWAQtiWYSOmw
Request Chain 172
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L76MGRG3-M-7QOV&sigv=1&esig=2~23fdf5cfd1bccf8a958369f035b1d9d31d747482
Request Chain 173
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/qUG60DvuD-e7HmdV3l-stw?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8954114931755018888
Request Chain 174
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHPbkoxFdxC4frvAkc9pN8Y&google_cver=1
Request Chain 175
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmVjODA5ZDc1MTVhYmFiNTA5M2UzMjk3NmQwZGI1MDU5YTg1MDEzMQ
Request Chain 176
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L76MGRG3-M-7QOV
Request Chain 186
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=g9mHLMoaQ-PQKS5KEmRtQgvog&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=g9mHLMoaQ-PQKS5KEmRtQgvog&gdpr=0&gdpr_consent=&google_gid=CAESENELhba-eCPS_nSzOWZPsPg&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 188
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=4302902058995668923 HTTP 302
  • https://a.audrte.com/p
Request Chain 229
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
Request Chain 230
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwU0TWG8g7NCjw3rhpyPXAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
Request Chain 231
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHKRAFsBubhod0QFwzXOysk&google_cver=1
Request Chain 232
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg5NzA3NTcxMTI3ODU2NTg3OQ%3D%3D
Request Chain 249
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEP93cMB5X8jNZ7aEhvCtRTA&google_cver=1&google_push=AehlK4BL6DxUTfieL4m4mG3YBg658_f5Z-zeRJDUvy1KVF-MZ_Sbe2G2iDvUm-HltM5ZJ-VxMnCMHxw-bHi_-zEAv8oEu4HAatI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4BL6DxUTfieL4m4mG3YBg658_f5Z-zeRJDUvy1KVF-MZ_Sbe2G2iDvUm-HltM5ZJ-VxMnCMHxw-bHi_-zEAv8oEu4HAatI&google_hm=kv6WwLtlTVqfJwYvu1_p4Gg
Request Chain 250
  • https://fksnk.com/cs/google?google_gid=CAESEJ1EI4_ta9QlzAOTWjI4SE8&google_cver=1&google_push=AehlK4AbKbfuJpJ7MmpzQ6ci7T33nMZT4uLaGEfxW_nboS2gGdVrp4Vv29xCEvLujqKVUt8-xSsz4irgX9Cc4LCNB6PGU4_3p2qj HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkRDRDRDM0IyOUNGOTUwNQ==
Request Chain 251
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJBhNhX6y7_dFWXZTOBLOHI&google_cver=1&google_push=AehlK4BYc9PcWPjlrsNpnLbs2J6_NZ7BuHDfeY8tKQ-Q93XZYuEx-gX6y_-qX-go7FBwf475GMDoNSk8PKOD7jjMO8XAADAdzGBH HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BYc9PcWPjlrsNpnLbs2J6_NZ7BuHDfeY8tKQ-Q93XZYuEx-gX6y_-qX-go7FBwf475GMDoNSk8PKOD7jjMO8XAADAdzGBH&google_hm=ODk1NDExNDkzMTc1NTAxODg4OA%3D%3D
Request Chain 252
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG8c06lmpY55a83SQFoVimQ&google_cver=1&google_push=AehlK4CRvY4vLmG2Z4jfdiXbo5aeO8Py3VQ2hVgMdTAcR8BzvIErF1usW3SRkHk4kILLhx6FE2Xb8ZW7QP61vGCmGnYwVsjkfsK7 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc2TUdSRzMtTS03UU9W&google_push=AehlK4CRvY4vLmG2Z4jfdiXbo5aeO8Py3VQ2hVgMdTAcR8BzvIErF1usW3SRkHk4kILLhx6FE2Xb8ZW7QP61vGCmGnYwVsjkfsK7
Request Chain 254
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMswpVUQJZ6v5xQ4gjWJtWo&google_cver=1&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnuePUgA1EypGEEY HTTP 307
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMswpVUQJZ6v5xQ4gjWJtWo&google_cver=1&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnuePUgA1EypGEEY&sovrn_retry=true HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnuePUgA1EypGEEY&google_hm=FMhavGZHrzS07Ur4Tw2KxC0-
Request Chain 257
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDNBfjEV6w1dm7IIT8Ywtyo&google_cver=1
Request Chain 259
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEOjHTNusPZRPW2A_PGtmAww&google_cver=1
Request Chain 273
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESENvVT3hsB9ySR7d0WH-_3CA&google_cver=1&google_push=AehlK4DKY_eQwnw7z81CQ8C1RcOp1zoEsieCpFQ9x9xUr6HRkbFRgTLQIq8td540ocRFMoT5IhvpLQWYo2dIKs_8Ba5jLHg2RkM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDAxNjAyOTQ4ODY2MTQ0NTkyMw==&gdpr=&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENvVT3hsB9ySR7d0WH-_3CA&google_cver=1
Request Chain 275
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESECwLq4ATeSOJCs-1XT9KHxc&google_cver=1&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9InXm199pPTxmrVlR8tX HTTP 302
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESECwLq4ATeSOJCs-1XT9KHxc&google_cver=1&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9InXm199pPTxmrVlR8tX&prevuid=&knw= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9InXm199pPTxmrVlR8tX&google_hm=
Request Chain 277
  • https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEPMIc28hQ6X0Aqeg6DxXZxQ&google_cver=1&google_push=AehlK4CwTYGE8rxQ3JYTsjzOaxqYItNhAnMycyr3uOGiYL3SeGJdcJmty7kzY2UFs-nvrN-dBMg3anvERvtQSl6cbblRhS6F6Y-I HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4CwTYGE8rxQ3JYTsjzOaxqYItNhAnMycyr3uOGiYL3SeGJdcJmty7kzY2UFs-nvrN-dBMg3anvERvtQSl6cbblRhS6F6Y-I

295 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request jackpos-pos-malware.html
securityaffairs.co/wordpress/22121/malware/
Redirect Chain
  • http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html'
  • https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
103 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
215a2eea7d67d08fa3b90f935f43c6a2f80c912d9eb3db986eb370116e5cfa8b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 20:10:48 GMT
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/22121>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=22121>; rel=shortlink
server
Apache

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 Aug 2022 20:10:47 GMT
Keep-Alive
timeout=15
Location
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Server
Apache
Transfer-Encoding
chunked
X-Redirect-By
WordPress
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		101 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Tue, 12 Jul 2022 21:45:23 GMT
server
Apache
accept-ranges
bytes
etag
"193c1-5e3a295f4b1f7"
content-length
103361
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073acf500"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d761a00"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"c22-5de9c4c5f3471"
content-length
3106
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"6a71-5de9c4c5f3471"
content-length
27249
content-type
text/css
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"23809-5e093c3f1132e"
content-length
145417
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
7007743
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
6c27480193430d6ea3ddfc5c9cf7f881
cf-ray
73f67e71dbe39b9e-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		18 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"4991-5e57184efbe91"
content-length
18833
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Thu, 04 Aug 2022 22:03:25 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5e57184c7d47c"
content-length
12591
content-type
text/css
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0de3c40"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073acf500"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"8583-5de9c4c5f53b0"
content-length
34179
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e402b540"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:c400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 03:54:09 GMT
content-encoding
gzip
vary
Accept-Encoding
age
58601
x-cache
Hit from cloudfront
content-length
12778
server
nginx/1.20.1
etag
W/"62bdf23a-c590"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
FRA2-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
K_ncuEIQfZMm9ik6sva2rRg3JXrzOi0OJwmaNzS85094nXoZQmxSyA==
expires
Fri, 26 Aug 2022 03:54:09 GMT
sharethis.js
platform-api.sharethis.com/js/ 		190 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-78.fra60.r.cloudfront.net
Software
/
Resource Hash
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:08:34 GMT
content-encoding
gzip
vary
Accept-Encoding
age
136
etag
W/"2f749-jZtDoLQECLv0cAmOiJJ6B61Kdic"
x-frame-options
SAMEORIGIN
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
FRA60-P3
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
_LUdDQmicsGJYQJFe0LjIP7HdJjpLpwTlEtg7dvgdriivquarGVm5A==
dmedianet.js
contextual.media.net/ 		368 B
552 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-mnt-h
21-hkkj
server
Apache
date
Tue, 23 Aug 2022 20:10:51 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
strict-transport-security
max-age=31536000
content-length
368
expires
Tue, 23 Aug 2022 20:15:51 GMT
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Thu, 25 Aug 2022 20:10:52 GMT
jackpos_1.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos_1.png?resize=470%2C179
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
c37f0638aea7427161e04791736d419b581672d91342c43f74fed6caaf93fc23
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"142defefc1ad8d24"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos_1.png>; rel="canonical"
content-length
19232
expires
Thu, 15 Aug 2024 07:59:48 GMT
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		32 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 25 May 2022 22:59:02 GMT
server
Apache
accept-ranges
bytes
etag
"7e90-5dfde04f437ff"
content-length
32400
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e60748e80"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
gitlab.jpg
securityaffairs.co/wordpress/wp-content/uploads/2019/11/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2019/11/gitlab.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
88885639a47e159a207aeee8cb7c86f4581d83aed11fbca1fa336926a74ea08c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Mon, 04 Nov 2019 15:30:08 GMT
server
Apache
accept-ranges
bytes
etag
"105b-59686fd990000"
content-length
4187
content-type
image/jpeg
hikvision-logo.jpg
securityaffairs.co/wordpress/wp-content/uploads/2022/08/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/08/hikvision-logo.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
48acfb4d54e849db7ebb5b083c4843a615a19f83dbfb73d5b1c8b44347ecf70f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Tue, 23 Aug 2022 08:11:43 GMT
server
Apache
accept-ranges
bytes
etag
"93e6-5e6e41d652c83"
content-length
37862
content-type
image/jpeg
Honey-Encryption-2.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/Honey-Encryption-2.jpg?resize=296%2C170&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
6726257bf91f6c971363480bb63164537b19bfd2d3c34133196f755922dda986
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:47 GMT
server
nginx
etag
"42eaaa243d13039a"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/Honey-Encryption-2.jpg>; rel="canonical"
content-length
4416
expires
Thu, 15 Aug 2024 07:59:47 GMT
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5e57184ec6340"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 20 Jul 2022 22:10:23 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5e443de11a895"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"7c3-5e093c3f23c09"
content-length
1987
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:50 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"45a7-5e57184efbe91"
content-length
17831
content-type
application/javascript
e-202234.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202234.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn
date
Tue, 23 Aug 2022 20:10:51 GMT
content-encoding
br
server
nginx
etag
W/"62f6b688-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 13 Aug 2023 23:03:42 GMT
pview
l.sharethis.com/ 		0
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1661285451812.73816&hostname=securityaffairs.co&location=%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&title=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sop=false&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.155.94 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-155-94.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
444 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:c800:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
via
1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
age
47
etag
"e6e1643313740711175f51662a65b42f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
accept-ranges
bytes
x-amz-cf-pop
FRA2-C1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
30
x-amz-cf-id
Cf5kDK-bdb1vcFWlsAUrq1KVl5ZOfSyvbyc23On0PV-HqqDXCneyaA==
analytics.js
google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
3647
date
Tue, 23 Aug 2022 19:10:05 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 23 Aug 2022 21:10:05 GMT
gtm.js
www.googletagmanager.com/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dd6ff8484afb4e1147726d409ad3ab1d41900885756dec9654e3c191a0406225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37936
x-xss-protection
0
last-modified
Tue, 23 Aug 2022 18:52:17 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 23 Aug 2022 20:10:51 GMT
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Tue, 23 Aug 2022 20:10:52 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=58293
Connection
keep-alive
Content-Length
15
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:51 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
jackpos-2.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-2.png?resize=476%2C293
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
72133d32df2afc6b9627d461268f0b37980034d4ab0a575912b80bcca5e6c609
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"85f8a0befe9d9b71"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-2.png>; rel="canonical"
content-length
38272
expires
Thu, 15 Aug 2024 07:59:48 GMT
jackpos-3.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-3.png?w=703&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
db2175fffb1a59f6b07a5b10c728a0d7cdbe90e33794678d0d958d4da934578b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"e1eb2d423bcd810e"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-3.png>; rel="canonical"
content-length
9932
expires
Thu, 15 Aug 2024 07:59:48 GMT
jackpos-4.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-4.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
e5a60c03a7ac0033874b06898e7d33e5baa504587739cab70acbed545d69c1f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"2a6de0f2955a3613"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-4.png>; rel="canonical"
content-length
26432
expires
Thu, 15 Aug 2024 07:59:48 GMT
jackpos-5.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-5.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b34b10bbc97d3457a9e8c59779850e01d45160be2c72ac4e5f7bdb0eb3635cef
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"585c043fc7bd0fc0"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-5.png>; rel="canonical"
content-length
25826
expires
Thu, 15 Aug 2024 07:59:48 GMT
jackpos-6.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-6.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b0eaabca31ab1a868f8b464116c58bad92ddf1115263cf5468d537cd1c2f0c5c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"ad8eba1ffb6dbb4d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-6.png>; rel="canonical"
content-length
16334
expires
Thu, 15 Aug 2024 07:59:48 GMT
jackpos-7.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-7.png?w=707&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
daf92c82c637532aeb9ecd9f35a952a776f9cbe815d85022545b463a44fa45f9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"4dd8ae6d46553363"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-7.png>; rel="canonical"
content-length
24980
expires
Thu, 15 Aug 2024 07:59:48 GMT
jackpos-8.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		139 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-8.png?resize=1024%2C730&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
fd220df146748e62564afbe3c20d831eb9cb64a89c6686836b3b8be811b8be0c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Aug 2022 19:59:48 GMT
server
nginx
etag
"f814455a0c5d2303"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-8.png>; rel="canonical"
content-length
141934
expires
Thu, 15 Aug 2024 07:59:48 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 20:10:51 GMT
x-content-type-options
nosniff
last-modified
Wed, 22 Jun 2022 21:28:00 GMT
server
nginx
etag
"89e5fea0740da8de"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Sat, 22 Jun 2024 09:28:00 GMT
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A11.2&blog=29506073&post=22121&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=0&rand=0.09871284268875513
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 23 Aug 2022 20:10:51 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
js
www.googletagmanager.com/gtag/ 		199 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0cb65845f5a4a0b4e7281b9e846e7d04771be053f0729f34bba22ec4ec7c0382
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
72832
x-xss-protection
0
expires
Tue, 23 Aug 2022 20:10:52 GMT
collect
www.google-analytics.com/j/ 		2 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1078265678&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ul=en-us&de=UTF-8&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=289931216&gjid=1376338693&cid=1595664349.1661285452&tid=UA-59069958-1&_gid=941409000.1661285452&_r=1&_slc=1&z=1851672421
Requested by
Host: google-analytics.com
URL: https://google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe8m0&_p=1078265678&cid=1595664349.1661285452&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1661285452&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
cf-cache-status
HIT
last-modified
Wed, 10 Aug 2022 15:56:37 GMT
server
cloudflare
age
101637
etag
W/"62f3d535-84bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rkTli8FLnisMFzqHsdYCR%2BvdWUwLjiYzrcV4piaKw8Ur2sUGKnF%2B8iWQKimXNMtXv7AiJbnYlucs1Ad8feqQM2JZw553qxxVlSkeRn6L%2FFdPnNOkhUf37xpqbygGfU%2B74whtCR3GDuq%2BZ2oqRdkU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Wed, 24 Aug 2022 15:56:50 GMT
cache-control
public, max-age=172800, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
73f67e7caa449b33-FRA
cf-bgj
minify
pbix.js
cdn.pixfuture.com/ 		401 KB
402 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
29939
cf-polished
origSize=410578
cf-bgj
minify
last-modified
Wed, 18 May 2022 15:53:44 GMT
server
cloudflare
etag
W/"62851688-643d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awro5sKHUdyCuRTvSFiXLMaGYUNDlWI5Cv3kEcv%2BJUgGrFb25%2B6L1aR6cdm3129Rcvi07HoqkDA1YpzThRctxOxlB%2FQem%2BwV1q5R%2FXZ7WnSfqDJfJ8p%2FFv%2F061qxO%2B1n0%2BygLXl9m76SNalCTiqs"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=172800, no-transform
cf-ray
73f67e7d0aef9b33-FRA
expires
Thu, 25 Aug 2022 11:51:28 GMT
r.js
aa.agkn.com/adscores/ 		0
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.108.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-108-197.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=iso-8859-1
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=jackpos,malware,presented,as,java,update,schedulersecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d9393d6f69b1aaa9ec2c90fb5115dc3c48f9d5e43e9dd440ae22e7ce3ad066c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 20:10:52 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=jackpos,malware,presented,as,java,update,schedulersecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
411f5447558df29814ddf3296a10673f066cab570696ace7f80031289ef7ec94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 20:10:52 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1661285451812.73816&hostname=securityaffairs.co&location=%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&title=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sop=false&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.155.94 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-155-94.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:52 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Tue, 23 Aug 2022 20:10:52 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=58293
Connection
keep-alive
Content-Length
15
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:52 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
69775f20-945e-4c36-8c8e-821c31a773d0
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:52 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
d6a1bcb3-2750-4506-b945-1b25ad7f741a
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:52 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
7aa2336e-cc91-49a4-934a-778654001a0b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:52 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
3edd4403-a77d-4296-b0f7-7f2bc5a2f3fd
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=IWvowXwxeG9pNlc1WWxCcXhrR2VtSVBzbnhvcEdDdkp3Rk4vdlVoOFhqZWdDQXgrMTJwMlpRdXJyWGJPZS9CZ2JLeEpCZXhjaG0zQkZpUmlpQmU5M1NQekdLeGVVZ2JGeWwzcnZyeWR5YjhVVWdBeVdicGFpdjFpVUdkZD...
344 B
615 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=IWvowXwxeG9pNlc1WWxCcXhrR2VtSVBzbnhvcEdDdkp3Rk4vdlVoOFhqZWdDQXgrMTJwMlpRdXJyWGJPZS9CZ2JLeEpCZXhjaG0zQkZpUmlpQmU5M1NQekdLeGVVZ2JGeWwzcnZyeWR5YjhVVWdBeVdicGFpdjFpVUdkZDhQYTVwMGtFVCs2aE82aGZvY1RvOHlFY3phbjcxbkJWSHdJUWV6TmZZSWZvUDNmWGlwenQxb25MeERYZXFNckhRdll6MmE5WmNmT2gvOUkrN2dEbkF6czRXaU5BVEpwYnNvaHFNZXB3anE4WmZTdGF5YkdFPXw&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
88162166625901fbcdc74789389ec23ce09b147a0190b13b89332a69125575fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3770
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
location
https://mug.criteo.com/sid?cpp=IWvowXwxeG9pNlc1WWxCcXhrR2VtSVBzbnhvcEdDdkp3Rk4vdlVoOFhqZWdDQXgrMTJwMlpRdXJyWGJPZS9CZ2JLeEpCZXhjaG0zQkZpUmlpQmU5M1NQekdLeGVVZ2JGeWwzcnZyeWR5YjhVVWdBeVdicGFpdjFpVUdkZDhQYTVwMGtFVCs2aE82aGZvY1RvOHlFY3phbjcxbkJWSHdJUWV6TmZZSWZvUDNmWGlwenQxb25MeERYZXFNckhRdll6MmE5WmNmT2gvOUkrN2dEbkF6czRXaU5BVEpwYnNvaHFNZXB3anE4WmZTdGF5YkdFPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1548
content-length
482
expires
0
529.json
id5-sync.com/g/v2/ 		216 B
628 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
2ca255fd4cde9981e90de28f5642c4069a1393e1049edf923c4c656d74e6227a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 20:10:52 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		63 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
f8d898545c96f8682748ea467e823e862818d5d216a7cbf0647d8eeb4d094d82

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Thu, 22 Sep 2022 20:10:52 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 23 Aug 2022 20:10:52 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1173
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
cookie_sync
prebidserver.pixfuture.com/ 		281 B
598 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
281
expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1c5b986abda81f6ccecf23a6946ba0bea84303f973d59b1a002f4f88749cf1e7

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		283 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=c8e1cefe-a0fa-4c77-a187-7e3759fa7e35%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=fd252918-26f3-4bdd-91d4-5fe40604e4db&l_pb_bid_id=4f88766c6aa941&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.009382009324716778
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
6e155eb66948cb13b18b47112618311f4ee4d53304875a149f9f7b666d30a11e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
710 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:52 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
2fbc3002-8252-42b7-b59d-010fbb65b057
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=fd252918-26f3-4bdd-91d4-5fe40604e4db&nocache=1661285452866&pubcid=c8e1cefe-a0fa-4c77-a187-7e3759fa7e35&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWphY2twb3MsbWFsd2FyZSxwcmVzZW50ZWQsYXMsamF2YSx1cGRhdGUsc2NoZWR1bGVyc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1qYWNrcG9zLG1hbHdhcmUscHJlc2VudGVkLGFzLGphdmEsdXBkYXRlLHNjaGVkdWxlcnNlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4cfc4351f84af123af27bf0c2ac6164f92bf0c1dbb033a0bf0e3c7d25f9ef2f1

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 20:10:52 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
11aec997464b179c3ef245b17d1ce9c2965634e23ded2ab9e5d51364caf490d9

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 20:10:53 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
trinity.json
apex.go.sonobi.com/ 		95 B
847 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221662107636b73c6%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&s=5f2f77ee-ef4e-4357-9a74-bfccb5b39635&pv=83940bda-45e4-487f-b6db-13b02732e445&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%22c8e1cefe-a0fa-4c77-a187-7e3759fa7e35%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c8e1cefe-a0fa-4c77-a187-7e3759fa7e35%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=jackpos%2Cmalware%2Cpresented%2Cas%2Cjava%2Cupdate%2Cschedulersecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
33a3605b6a9943f44fa71ae241090c61e6df682700e4a07846ec9e60860b10c3
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:53 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-44
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
914 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e79dcb9b9140b13b721fa9fba75dea3609c158632adf11e8e61aad5f2f4afe2b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
hb
ssc.33across.com/api/v1/ 		0
0
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
02c2bc873706b969cfa158bd9586caceb487c7c3ea68d5bac6fbb8dbf2138a2d

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
x-sovrn-pod
ad_ap7ams1
access-control-allow-headers
X-Requested-With, Content-Type
content-length
24
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661285452874&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.124.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-124-206.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 20:10:53 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
8a6ff6d0a573cf22733dbc6b59e5bdf0ba50993447b5af0aaabb7ebd193405d0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
/
hb.emxdgt.com/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661285452878&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.124.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-124-206.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 20:10:53 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
hb
ssc.33across.com/api/v1/ 		0
0
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 20:10:51 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
trinity.json
apex.go.sonobi.com/ 		30 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2235630ca31ba7575%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&s=e630118e-e9ad-4d76-b5f2-39c82145587d&pv=83940bda-45e4-487f-b6db-13b02732e445&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%22c8e1cefe-a0fa-4c77-a187-7e3759fa7e35%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c8e1cefe-a0fa-4c77-a187-7e3759fa7e35%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=jackpos%2Cmalware%2Cpresented%2Cas%2Cjava%2Cupdate%2Cschedulersecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:53 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-72
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
30
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=c8e1cefe-a0fa-4c77-a187-7e3759fa7e35%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=e84820b5-30d3-4b5a-ba82-e76833236896&l_pb_bid_id=37da4248a134e4c&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4106923981689923
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
ac8e9fe6abad8c61f68305e217a60554161603c008d3fc7b178120f675b8e9ce

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:53 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/ 		1 KB
775 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0ae4083d6122dd541bfff88c9450701e2076199e05a1203cbdffd03732d095c1

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e84820b5-30d3-4b5a-ba82-e76833236896&nocache=1661285452882&pubcid=c8e1cefe-a0fa-4c77-a187-7e3759fa7e35&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWphY2twb3MsbWFsd2FyZSxwcmVzZW50ZWQsYXMsamF2YSx1cGRhdGUsc2NoZWR1bGVyc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1qYWNrcG9zLG1hbHdhcmUscHJlc2VudGVkLGFzLGphdmEsdXBkYXRlLHNjaGVkdWxlcnNlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
6e963740b72632083df3e640be36cb8c6337aaad30c1cd51ec14802b9c2406da

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/universal/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.20.56 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-20-56.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 20:10:53 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
prebid
ib.adnxs.com/ut/v3/ 		139 B
831 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
a63410e44c5ab0c0c5cf8ea5514e4b334f60d20c2ae86a9d686c105a749eb261
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:52 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
b38b9dac-c9ec-42af-8246-62e77fe2a1db
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
ee09da3ee1d48f0a0671fb34cab548d6921e76d37bb268ab640cae79aa7a25f4

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 20:10:53 GMT
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
x-sovrn-pod
ad_ap7ams1
access-control-allow-headers
X-Requested-With, Content-Type
content-length
24
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:52 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=IWvowXwxeG9pNlc1WWxCcXhrR2VtSVBzbnhvcEdDdkp3Rk4vdlVoOFhqZWdDQXgrMTJwMlpRdXJyWGJPZS9CZ2JLeEpCZXhjaG0zQkZpUmlpQmU5M1NQekdLeGVVZ2JGeWwzcnZyeWR5YjhVVWdBeVdicGFpdjFpVUdkZDhQYTVwMGtFVCs2aE82aGZvY1RvOHlFY3phbjcxbkJWSHdJUWV6TmZZSWZvUDNmWGlwenQxb25MeERYZXFNckhRdll6MmE5WmNmT2gvOUkrN2dEbkF6czRXaU5BVEpwYnNvaHFNZXB3anE4WmZTdGF5YkdFPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 23 Aug 2022 20:10:52 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1109
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
ads.us.e-planning.net/uspd/1/ Frame 4471
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ac3e300152c6f1b64b2af36fdbd7c557c97ab4d05840833ccb68d18ca4bba433

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Tue, 23 Aug 2022 20:10:53 GMT
expires
Tue, 23 Aug 2022 20:10:53 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
IAD-1217

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Tue, 23 Aug 2022 20:10:53 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
IAD-1217
ptag
a.audrte.com/ Frame 4471 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
4f859cadda4f55e61fb98f51e2db59f7c789115830a60ae47cdcd5bed94854c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:54 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1681
um
u-iad04.e-planning.net/ Frame 4471
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Ddf6b421f94c39fbc%26uid%3D%24UID
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=df6b421f94c39fbc&uid=8897075711278565879
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=df6b421f94c39fbc&uid=8897075711278565879
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:53 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
4141b766-bd4c-4505-a603-f4023ce07835
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=df6b421f94c39fbc&uid=8897075711278565879
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
redirectuser
ssp.disqus.com/ Frame 4471 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3Ddf6b421f94c39fbc%26uid%3D%24UID&partner=eplanning
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.68.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-68-186.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
no-store
vary
origin
expires
0
usync.html
eus.rubiconproject.com/ Frame 0789
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 Aug 2022 20:10:53 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Tue, 23 Aug 2022 20:10:53 GMT
location
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
server
AkamaiGHost
usermatch
r.casalemedia.com/ Frame 9851
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76e7054b15dc0f0fb484a2c95737fba13ef39c7717f389001867132fe0a81e4a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73f67e876dec9b3d-FRA
content-encoding
br
content-type
text/html
date
Tue, 23 Aug 2022 20:10:54 GMT
dropped-udsids
39|230|241|45|191|47|188|65
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=treiFVMBfhavLUSSzKERpKdVVu4vo%2Ba3IUj7HFWxTt2zrcfTh6WOdYk6nLDXKUGRJ0uB0kL9JsZXH2CbpUSu0uLaWI%2BWyHmMsGRHF4faSEwanj5VP8OXSu3hjTPVb7hJ%2FB%2Fe"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73f67e867c265c6e-FRA
content-type
text/html; charset=iso-8859-1
date
Tue, 23 Aug 2022 20:10:53 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
location
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vq8ExS33pfRFFOZeCOf6FXz4bxj0a8qduL6c9jIDNoUupjuB55UqNCR1YKB0%2F47Yr5W4F4Gb4OsEEdG39gBrxXxn9mqfJXxatoPB6R2nVS3CXUT%2BSJeaItKmzR22Qvp6ir6LzhRe"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame B450 		1 KB
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
136949
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Tue, 23 Aug 2022 20:10:53 GMT
etag
W/"61ddbb71-5f5"
expires
Tue, 18 May 2027 11:39:16 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-reqid
7881dc1c07a47a679cca9b6132cafbbe
x-cf-tsc
1653097306
x-cf1
29080:fB.cdg1:co:1585621119:cacheB.cdg1-01:H
x-cf2
H
x-cf3
H
x-cff
B
/
onetag-sys.com/usync/ Frame 82E5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame B1AB 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f11405bc8426b53fda439e8d37e97e2a0a9f33e0660eb0b4953608fa746b570d

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
73f67e866f07bbad-FRA
content-encoding
br
content-type
text/html
date
Tue, 23 Aug 2022 20:10:53 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
getuid
ib.adnxs.com/ Frame B1AB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame B1AB 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame B1AB
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f8902ad1-39b6-4fa4-993b-040a1f2cea39%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Df8902ad1-39b6-4fa4-993b...
70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f8902ad1-39b6-4fa4-993b-040a1f2cea39%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Df8902ad1-39b6-4fa4-993b-040a1f2cea39%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%2526reqId%253Df5a2ba58-6151-4f39-5745-1e1bbd017902%2526zdid%253D1361&gdpr=0&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f8902ad1-39b6-4fa4-993b-040a1f2cea39%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Df8902ad1-39b6-4fa4-993b-040a1f2cea39%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%2526reqId%253Df5a2ba58-6151-4f39-5745-1e1bbd017902%2526zdid%253D1361&gdpr=0&gdpr_consent=
date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame B1AB 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame B1AB 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cm
trc.taboola.com/sg/zeotap/1/ Frame B1AB 		0
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-vcl-time-ms
2
date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 varnish
server
nginx
x-timer
S1661285454.049333,VS0,VE2
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-ams21071-AMS
u
dmp.v.fwmrm.net/ad/ Frame B1AB 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f16:e61:3f00:93d2:52b:cea6:7db8 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame B1AB 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:52 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=22581ba0-d393-4850-be85-18e43739b2a7&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=22581ba0-d393-4850-be85-18e43739b2a7&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e897d6bbbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=22581ba0-d393-4850-be85-18e43739b2a7&zpartnerid=317&gdpr=1&gdpr_consent=
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=45037441285948232663779435849935842974&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=45037441285948232663779435849935842974&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e892d01bbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-1-v038-09331a469.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
3QuJ34SXSg4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=45037441285948232663779435849935842974&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame B1AB 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022082405-17792-0.054571001661312371-3202f64daec7e872ceeb0a5cebb39d08&zdid=533&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022082405-17792-0.054571001661312371-3202f64daec7e872ceeb0a5cebb39d08&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e88cc27bbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022082405-17792-0.054571001661312371-3202f64daec7e872ceeb0a5cebb39d08&zdid=533&env=mWeb
Date
Wed, 24 Aug 2022 03:39:31 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7135166694255097999&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7135166694255097999&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e88ec62bbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7135166694255097999&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Date
Tue, 23 Aug 2022 20:10:54 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
check
pixel.tapad.com/idsync/ex/receive/ Frame B1AB
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade
95 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H3
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade
date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=z1J8rzkpua4nXeI65p.TSO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=z1J8rzkpua4nXeI65p.TSO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e89bdc9bbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
last-modified
Tue, 23 Aug 2022 20:10:54 GMT
server
Weborama Collect Frontend
location
https://mwzeom.zeotap.com/mw?webouuid=z1J8rzkpua4nXeI65p.TSO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame B1AB 		0
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.83 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventTyp...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eve...
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-574...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e8b992ebbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
expires
0
cache-control
no-cache
x-server
10.40.9.88
content-length
0
x-consent
absent
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-XXXrJPRE2oo0KO0V6Okdx77X1L5CnxC3tg--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-XXXrJPRE2oo0KO0V6Okdx77X1L5CnxC3tg--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e899dabbbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
http/1.1 spdc0103.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-XXXrJPRE2oo0KO0V6Okdx77X1L5CnxC3tg--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=P36wgGTmvp8geg7mJ8iQt2rWcGkI%2Bjxr%2BS41iYitP1U%3D
95 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=P36wgGTmvp8geg7mJ8iQt2rWcGkI%2Bjxr%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e878934bbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:53 GMT
server
AAWebServer
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=P36wgGTmvp8geg7mJ8iQt2rWcGkI%2Bjxr%2BS41iYitP1U%3D
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires
0
usermatch.gif
beacon.krxd.net/ Frame B1AB 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.252.199.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-252-199-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
private, no-cache, no-store
x-request-time
D=79 t=1661285454
x-served-by
beacon-n015-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame B1AB 		95 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.149.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
cQZGoH6Q
sync-tm.everesttech.net/upi/pid/ Frame B1AB 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 varnish
server
Varnish
x-timer
S1661285454.387546,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4026-HHN
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=815f6305-344e-4000-930d-24f05a698f1a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba5...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=815f6305-344e-4000-930d-24f05a698f1a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e8a6f24bbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Tue, 23 Aug 2022 20:10:54 GMT
Server
MT3 4494 7cf1da7 master cdg-pixel-x33 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=815f6305-344e-4000-930d-24f05a698f1a&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Tue, 23 Aug 2022 20:10:53 GMT
usermatch.gif
beacon.krxd.net/ Frame B1AB
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd01...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
34.252.199.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-252-199-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
private, no-cache, no-store
x-request-time
D=32 t=1661285454
x-served-by
beacon-n009-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
date
Tue, 23 Aug 2022 20:10:54 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a012-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame B1AB
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
MAY16QZNERWQ8WHZ1322
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
XGBEDQ264PCRTWK8YHVE
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame B1AB
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59f...
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59f...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
F6CBQRF8VC9ETSWDD4ZN
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ZV10RGKAJEDDXYJ7A0WD
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame B1AB 		0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
69.192.160.219 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-219.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
content-length
0
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame B1AB
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73f67e8ccb0dbbad-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
date
Tue, 23 Aug 2022 20:10:54 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame B1AB 		557 B
470 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d25eb2099a62e609d61961d156e76dc97b114b30f0ddc2bf53b047142141cd67

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e87489ebbad-FRA
date
Tue, 23 Aug 2022 20:10:53 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
usync.js
eus.rubiconproject.com/ Frame 0789 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4a77aa8515e0914305d566f070e6aed1f158741280d2dfb5a9cd6d48c8bb3599

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10422
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9442
Expires
Tue, 23 Aug 2022 23:04:35 GMT
cmp
spl.zeotap.com/ Frame B1AB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
73f67e879955bbad-FRA
date
Tue, 23 Aug 2022 20:10:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 0789 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east&khaos=L76MGRG3-M-7QOV
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8eb2d9eeed9b9c468975d0ba24565e5b
Content-Type
image/gif
casale
match.adsrvr.org/track/cmf/ Frame 9851 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 9851 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 9851
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB&dcc=t
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ZZZ2VZB3F3703GPYK98M
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4FP1BPKV241RWTCAH9AX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwU0TWG8g7NCjw3rhpyPXAAABIgAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 9851
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YwU0TWG8g7NCjw3rhpyPXAAA
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YwU0TWG8g7NCjw3rhpyPXAAA&google_tc=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENhkikQlTDsTVw6Zi25en9Q&google_cver=1&gdpr=1
43 B
909 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENhkikQlTDsTVw6Zi25en9Q&google_cver=1&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e897a30922b-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HY3qw28kLwivKogph4P1konSDZPnJwG%2BbzjnS2t2mhfRGKf%2Fp0aGKnXdixgEcDrfeLeKYMItd89uNkhVHGBNFIQ4chHphg1M%2Fr1DAlG5qEuK%2FmtJS7TnZpNJo1HSPegcgnk8DxdqKmivRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENhkikQlTDsTVw6Zi25en9Q&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum.casalemedia.com/ Frame 9851
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b59e17da-5058-0ef4-6d958fc3
43 B
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b59e17da-5058-0ef4-6d958fc3
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e89ebcebb8f-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipV%2FkuoQyCAv%2FKRa2ddLrNUdBrPthS96usTjHb5ToGg1iEJXRuEMXIwEdwCZpC9eLGSPpXkTe0ubEAboTaJajcgvmTFZ6wxax6HLiVqf72T0djK9BCpwA8%2F9IpPJlnkw83LA%2BruJ"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
server
nginx/1.22.0
access-control-allow-origin
*
p3p
CP='This is not a P3P policy!'
location
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b59e17da-5058-0ef4-6d958fc3
cache-control
max-age=3600
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119
crum
dsum-sec.casalemedia.com/ Frame 9851
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=K5Y0Dlv21OqAeG5&gdpr=1
43 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=K5Y0Dlv21OqAeG5&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e896a27922b-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tV6MNxLoW5VOx9S5d%2FlTVQW8qJZBqsadJqb%2Byj4oLHVf2pjEKKE7x6ZurNuWlvAzTtS6v3WfXAlZquEu1rTRQ2xdAAsFYfge6Vac8V9QvQE1KyUtpyEx6Pajyx8DxZTBoEevLlvKY5fHvg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:53 GMT
Server
PingMatch/9853e75#9853e75792b29505864c0b7c23889ef441e21f3f i-0b4faee82b62afb2e@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=K5Y0Dlv21OqAeG5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
CookieIndex
rtb.adentifi.com/ Frame 9851 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.243.198.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-243-198-75.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
rum
dsum.casalemedia.com/ Frame 9851
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661371854&gdpr=1
43 B
410 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661371854&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e89ebd1bb8f-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OYlM98MTKDJZHglkus5WrlpZuY0wvKx4RfiCq9piNsj%2FgvY2x01taxDjvzyivZrnlpzD%2FrSLkP7QL6wyp2oE%2FaCLn25UGlD2D1FyQblMF4tKLgYTijOZbf6ht8r8%2FPjOYL5EPHSM"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661371854&gdpr=1
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
um
u-iad04.e-planning.net/ Frame 9851 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=99e41df815fd80b4&fi=df6b421f94c39fbc&uid=YwU0TWG8g7NCjw3rhpyPXAAA%261160
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Ddf6b421f94c39fbc%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
server
openresty
content-type
image/gif
esync
token.rubiconproject.com/ Frame 0789
Redirect Chain
  • https://id.rlcdn.com/709414.gif
  • https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
0
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Tue, 23 Aug 2022 20:10:54 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ecm3
s.amazon-adsystem.com/ Frame 0789
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=lpp6tsoFTLKWAQtiWYSOmw&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lpp6tsoFTLKWAQtiWYSOmw
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lpp6tsoFTLKWAQtiWYSOmw
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
C35B5DAFTD4R9WPFYDQ9
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lpp6tsoFTLKWAQtiWYSOmw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 0789 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
v1
ads.yahoo.com/cms/ Frame 0789
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L76MGRG3-M-7QOV&sigv=1&esig=2~23fdf5cfd1bccf8a958369f035b1d9d31d747482
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L76MGRG3-M-7QOV&sigv=1&esig=2~23fdf5cfd1bccf8a958369f035b1d9d31d747482
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L76MGRG3-M-7QOV&sigv=1&esig=2~23fdf5cfd1bccf8a958369f035b1d9d31d747482
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 0789
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/qUG60DvuD-e7HmdV3l-stw?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8954114931755018888
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8954114931755018888
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

date
Tue, 23 Aug 2022 20:10:54 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8954114931755018888
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
tap.php
pixel.rubiconproject.com/ Frame 0789
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHPbkoxFdxC4frvAkc9pN8Y&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHPbkoxFdxC4frvAkc9pN8Y&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEHPbkoxFdxC4frvAkc9pN8Y&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0789
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmVjODA5ZDc1MTVhYmFiNTA5M2UzMjk3NmQwZGI1MDU5YTg1MDEzMQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmVjODA5ZDc1MTVhYmFiNTA5M2UzMjk3NmQwZGI1MDU5YTg1MDEzMQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmVjODA5ZDc1MTVhYmFiNTA5M2UzMjk3NmQwZGI1MDU5YTg1MDEzMQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 0789
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L76MGRG3-M-7QOV
0
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L76MGRG3-M-7QOV
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:54 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: A64117F9CD7A40E78B4FBBFA0B288A5B Ref B: FRAEDGE1415 Ref C: 2022-08-23T20:10:54Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXm7iliUctatr3OJ3VC1A==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L76MGRG3-M-7QOV
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
lotame20220804.html
s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/ Frame AEFC 		627 B
544 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Tue, 23 Aug 2022 20:10:54 GMT
etag
W/"62ec189b-273"
expires
Sun, 22 Aug 2027 20:10:54 GMT
last-modified
Thu, 04 Aug 2022 19:06:03 GMT
server
openresty
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 9759 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Tue, 23 Aug 2022 20:10:54 GMT
etag
W/"601b131c-27c"
expires
Sun, 22 Aug 2027 20:10:54 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
sync
vid.vidoomy.com/ Frame C572 		49 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3Ddf6b421f94c39fbc%26uid%3D%7B%7BVID%7D%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
br
content-type
text/html
date
Tue, 23 Aug 2022 20:10:54 GMT
etag
W/"61c991db-c5bc"
last-modified
Mon, 27 Dec 2021 10:13:47 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
AZySIRmICMKh
x-77-nzt-ray
oATA8mPClD0
x-77-pop
frankfurtDE
x-accel-expires
@1662322254
x-cache
MISS
setuid
prebidserver.pixfuture.com/ Frame A3EE 		0
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AOcWnmSwpKDivdPz
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html
date
Tue, 23 Aug 2022 20:10:54 GMT
expires
0
pragma
no-cache
vary
Origin
lt.min.js
tags.crwdcntrl.net/lt/c/15238/ Frame AEFC 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 23 Aug 2022 01:48:47 GMT
content-encoding
gzip
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
age
66128
etag
W/"fdcd13007d5be3c218bd461a6aad998b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
WAOjvNIqpbz7cjDP14B14lNc-fE15pbBDKaTaZlDnmSEDNEKFPoWXQ==
GS.d
js.cookieless-data.com/ Frame 9759 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1661285454598
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.158.28.82 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-158-28-82.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:54 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
optimus_rules.json
tags.crwdcntrl.net/lt/c/15238/ Frame AEFC 		155 B
642 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 23 Aug 2022 00:05:23 GMT
via
1.1 999a435eb37a050d3de26fe63534c416.cloudfront.net (CloudFront)
age
72332
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
155
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
etag
"1a1722e9cedbdc8af0dcd3345e46c73a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age: 86400
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
3dtlG_wYs90FCWUW7ivKOQV_FE55qjXbF-rziOwcUXDCZCIiRYzkPg==
data
bcp.crwdcntrl.net/6/ Frame AEFC 		20 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.96.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-96-235.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:54 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://s.e-planning.net
expires
0
cache-control
no-cache
x-server
10.40.34.40
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
20
x-consent
absent
ptrack
a.audrte.com/ Frame 4471 		368 B
880 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptrack?arlocation=80.255.7.104&p=M1353665098&artime=2022-08-23T20:10:54.944Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lMkZzZXR1aWQlM0ZiaWRkZXIlM0RlcGxhbm5pbmclMjZnZHByJTNEJTI2Z2Rwcl9jb25zZW50JTNEJTI2ZiUzRGIlMjZ1aWQlM0QlMjRVSUQ=&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
9feefbb9b5b7fb405ccd9d806b13c07908100ecbe0f55c2c485f3091936de7d9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:55 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
263
p
a.audrte.com/ Frame 4471
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=g9mHLMoaQ-PQKS5KEmRtQgvog&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=g9mHLMoaQ-PQKS5KEmRtQgvog&gdpr=0&gdpr_consent=&google_gid=CAESENELhba-eCPS_nSzOWZPsPg&google_cver=1
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:55 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Tue, 23 Aug 2022 20:10:55 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame 4471 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=g9mHLMoaQ-PQKS5KEmRtQgvog&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.232.64.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-64-79.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:55 GMT
Content-Length
1241
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
p
a.audrte.com/ Frame 4471
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=4302902058995668923
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:55 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Tue, 23 Aug 2022 20:10:55 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame DBA4 		116 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05c2df6f880821a5412da5bd32e02e32386fd9419751854934a7dc290299dda7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40226
x-xss-protection
0
server
cafe
etag
13544352990650090002
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 20:10:56 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:55 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 20:10:55 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 215F 		116 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0847f2b5aad6239a4dc45599d8c8941ef8d347560d8d708ff602a149cd3187e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40225
x-xss-protection
0
server
cafe
etag
8724622158460915089
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 20:10:56 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:55 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 20:10:55 GMT
um
u-iad04.e-planning.net/ Frame C572 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-iad04.e-planning.net/um?dc=3ab023ac29ea5990&fi=df6b421f94c39fbc&uid=a6f37f0123013099a595be2217fc435a
Requested by
Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3Ddf6b421f94c39fbc%26uid%3D%7B%7BVID%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://vid.vidoomy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Tue, 23 Aug 2022 20:10:56 GMT
server
openresty
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/ Frame DBA4 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0b11f3ebcdaee9f2c375600391daa93ba1ab5274dcae31a77af3ebc7c9e0bf1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122737
x-xss-protection
0
server
cafe
etag
4657378357819102553
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 20:10:56 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/ Frame 215F 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bded81b3343ca2138f17d3cfdfe835a723cfc51232eb672e3a7a904eda3ac572
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122626
x-xss-protection
0
server
cafe
etag
11530062064661178593
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 20:10:56 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 215F 		222 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
b45ec4d08f4adc2a767d2cc32412b1b176b7eff2ed0247f1f682ed2a155c2366
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
207
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 215F 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 215F 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 42F2 		17 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdcb6dcac177e2bd242d497b88d719c4679b755e96e4c50301818c8bbbb54036
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9226
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 20:10:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame DBA4 		222 B
276 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
8faa473c93f596b9e81bc9eb37bd1d2fb0239f62ee30ee2a59a6d3e38d5d3711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
208
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame DBA4 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame DBA4 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 76E7 		19 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
534b1c0a9029601d9eea1ba65bde9d809fcc85a1b4b91d39581fa3f81b0fc816
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
10460
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 20:10:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 42F2 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A7xO5ewjLeQFM4mSduRXzTEREgRf5HfGgiGuvo1tVwzhC6TB5jv9_zV5Jd31fzZDCqcrKhD8UJQKpZFONmr9PA4VTA4A9IIMYzjxvMfE0LTDwMnyE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:56 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 42F2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 19:57:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
805
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 19:57:31 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 42F2 		140 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44049
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661168302676581"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 20:10:57 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 42F2 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 19:58:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
754
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 19:58:22 GMT
l
www.google.com/ads/measurement/ Frame 42F2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaR-bAo-eFVFuEJT4yha45dsoKUAQmCcmb4CqbH2IVyUqVVTQHd1Wf4w6C5xt1F_ZoM91V7dUEIZ90lkrk_zmC3ALwGU8w
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
checksync.php
contextual.media.net/ Frame B5BF 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
10edff49f8c05f32543b533aaacb096a5e07f4de51b107b25f8ee76207d7d30c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8306
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 20:10:56 GMT
expires
Thu, 25 Aug 2022 20:10:56 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame F2EC 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 -, , ASN (),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
55364
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 23 Aug 2022 20:10:56 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 879588
X-Served-By
cache-lga21925-LGA, cache-hhn4059-HHN
X-Timer
S1661285457.989375,VS0,VE0
check.html
biddr.brealtime.com/ Frame 5A13 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
806
CF-Cache-Status
HIT
CF-RAY
73f67e9a3bf06939-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 23 Aug 2022 20:10:57 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 23 Aug 2022 21:10:57 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
check.html
biddr.brealtime.com/ Frame 7128 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
5990
CF-Cache-Status
HIT
CF-RAY
73f67e9a3a64bb9d-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 23 Aug 2022 20:10:57 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 23 Aug 2022 21:10:57 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
TZDfxO4uwORNUA/4irnRs9qqp9lI3eH+ruz8qqqAX5jBwgQ1rzgBbhsPKs2FgAnYzrbwWSW5JnM=
x-amz-request-id
15DYQDFYDGXZWWWF
pd
u.openx.net/w/1.0/ Frame 5CE1 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 23 Aug 2022 20:10:56 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7218 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 -, , ASN (),
Reverse DNS
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=73366
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 20:10:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 24 Aug 2022 16:33:42 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 66B2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 -, , ASN (),
Reverse DNS
Software
33XP004 /
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
server
33XP004
x-33x-status
2000208
checksync.php
contextual.media.net/ Frame E846 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
10edff49f8c05f32543b533aaacb096a5e07f4de51b107b25f8ee76207d7d30c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8306
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 20:10:56 GMT
expires
Thu, 25 Aug 2022 20:10:56 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame 3003 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 -, , ASN (),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
55364
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 23 Aug 2022 20:10:56 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 877998
X-Served-By
cache-lga21925-LGA, cache-hhn4038-HHN
X-Timer
S1661285457.989820,VS0,VE0
pd
u.openx.net/w/1.0/ Frame EDF3 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 23 Aug 2022 20:10:56 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7F31 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 -, , ASN (),
Reverse DNS
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=73366
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 20:10:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 24 Aug 2022 16:33:42 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame B753 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 Aug 2022 20:10:56 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
pixel
googleads.g.doubleclick.net/xbbe/ Frame D7BF 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYu4vpvAEwAQ&v=APEucNUzGxWL7JJePe0J6-BMIPgmIxMx-0LCNrjaEssZ4DRHbCr3Hzz6-IRfzbM_9p4e-STd4Xh6B5C1glkOa_uyZ9A7dQJJIHNHp1W4ArIyREcbNHtyMcJ5lVXREEW_ThGjBONdTjYuAQ4UksfJdAkhOo1ysL2Gn3YSP-uq6Aj-fhKZ_JgC05AEhaX7ur-6uQ_JV3JNouP4kgKM0lMTDaD_YF3Sp_PPYw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 20:10:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 42F2 		62 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7366f573a428638ca07043e8d63d12909260623923431faa3c46bed59f9ee43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29846
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:56 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 20:10:56 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:56 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 20:10:56 GMT
usync.js
eus.rubiconproject.com/ Frame B753 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4a77aa8515e0914305d566f070e6aed1f158741280d2dfb5a9cd6d48c8bb3599

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 20:10:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10419
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9442
Expires
Tue, 23 Aug 2022 23:04:35 GMT
async_usersync
ib.adnxs.com/ Frame F2EC 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:57 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
4cbd5784-168f-47f3-be93-23c556e95ea3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 7218 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=76408998&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:55 GMT
content-length
0
async_usersync
ib.adnxs.com/ Frame 3003 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:57 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
6dc8f909-09ce-4cdc-8f09-cc8f627128c5
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D7BF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
43 B
913 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYu4vpvAEwAQ&v=APEucNUzGxWL7JJePe0J6-BMIPgmIxMx-0LCNrjaEssZ4DRHbCr3Hzz6-IRfzbM_9p4e-STd4Xh6B5C1glkOa_uyZ9A7dQJJIHNHp1W4ArIyREcbNHtyMcJ5lVXREEW_ThGjBONdTjYuAQ4UksfJdAkhOo1ysL2Gn3YSP-uq6Aj-fhKZ_JgC05AEhaX7ur-6uQ_JV3JNouP4kgKM0lMTDaD_YF3Sp_PPYw
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e9b4842922b-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bM9WfMMNYyBjP4e%2BsGmh%2BRLTQmXjsJZuvmavvTUcoV%2Bhpho80d0A7RTNArsK7cqZZZQxZsFyiGj1h1vPf1BB%2BNVQVG2hUlw2IPs%2F5c4brQzf4%2BEj4wF28XiicZ3p7KZfcd9jFDIqa3gwg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D7BF
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwU0TWG8g7NCjw3rhpyPXAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
43 B
913 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYu4vpvAEwAQ&v=APEucNUzGxWL7JJePe0J6-BMIPgmIxMx-0LCNrjaEssZ4DRHbCr3Hzz6-IRfzbM_9p4e-STd4Xh6B5C1glkOa_uyZ9A7dQJJIHNHp1W4ArIyREcbNHtyMcJ5lVXREEW_ThGjBONdTjYuAQ4UksfJdAkhOo1ysL2Gn3YSP-uq6Aj-fhKZ_JgC05AEhaX7ur-6uQ_JV3JNouP4kgKM0lMTDaD_YF3Sp_PPYw
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73f67e9b98a2922b-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVXL8hbX9DuW%2BPv8FJD6VOD%2BowoVkZiATyTnGlY6J0ltvu%2FJ8EFIL7qAiujvny6LWbGUkj9tHUCaDtG4o98JjlTf%2BNtZSv9jmw4OCNmhGC748KHJH9IeC0ERkxH2vItyeF4O6Ey0xjx5lA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPYCLqV1UZG9937WBzX23P0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame D7BF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHKRAFsBubhod0QFwzXOysk&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHKRAFsBubhod0QFwzXOysk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYu4vpvAEwAQ&v=APEucNUzGxWL7JJePe0J6-BMIPgmIxMx-0LCNrjaEssZ4DRHbCr3Hzz6-IRfzbM_9p4e-STd4Xh6B5C1glkOa_uyZ9A7dQJJIHNHp1W4ArIyREcbNHtyMcJ5lVXREEW_ThGjBONdTjYuAQ4UksfJdAkhOo1ysL2Gn3YSP-uq6Aj-fhKZ_JgC05AEhaX7ur-6uQ_JV3JNouP4kgKM0lMTDaD_YF3Sp_PPYw
Protocol
HTTP/1.1
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:57 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
2f00f6ae-fe0c-4d01-afc8-4a6a593b5805
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHKRAFsBubhod0QFwzXOysk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame D7BF
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg5NzA3NTcxMTI3ODU2NTg3OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg5NzA3NTcxMTI3ODU2NTg3OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYu4vpvAEwAQ&v=APEucNUzGxWL7JJePe0J6-BMIPgmIxMx-0LCNrjaEssZ4DRHbCr3Hzz6-IRfzbM_9p4e-STd4Xh6B5C1glkOa_uyZ9A7dQJJIHNHp1W4ArIyREcbNHtyMcJ5lVXREEW_ThGjBONdTjYuAQ4UksfJdAkhOo1ysL2Gn3YSP-uq6Aj-fhKZ_JgC05AEhaX7ur-6uQ_JV3JNouP4kgKM0lMTDaD_YF3Sp_PPYw
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:57 GMT
X-Proxy-Origin
80.255.7.104; 80.255.7.104; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
8901dedf-3ff5-4ad0-912b-4e652a230ac6
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg5NzA3NTcxMTI3ODU2NTg3OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/ Frame 42F2 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:02:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
532
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11819
x-xss-protection
0
server
cafe
etag
10563440404697844360
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 20:02:05 GMT
9242723511236791065
s0.2mdn.net/simgad/ Frame 42F2 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/9242723511236791065
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
1a5b2672823a1a10d7ae5c4af371d3a09598d1c2815c8b09cb258bd17bccf96e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 11:38:52 GMT
x-content-type-options
nosniff
age
549125
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36055
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 01:11:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 17 Aug 2023 11:38:52 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/elements/html/ Frame 42F2 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:09:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
18418590997839133011
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 20:09:43 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 42F2 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuq8UE7MYbILUGYOjFRCvpvPWqsqPbP6ySeOAAn66QS55MfUw1IFKg-80_sCV39OWiqDiWtr0TRAuUf9qZseYQ5e7nP_juK4D9PBK_JlFExLPE-W6hYA24OgJg3-M-j7UQF_XxL98KhsD3G9P7EEspeVIk_v38Xsl6p1BiMlluP9mEGWC6NnAPGBfX8XriVXj154sig4aAyLD-n_YmTJfzmLenA6wYXUC7jZDJRoUS-nmjcX9PCmBifVPqtC1ZBpNvCIqbMtt55_xYs2-9Q-1WMWTgwFUs9CAjdCNHfPag19T13mzrLthSzRzvIJZSPJ7vH3vyvkfKOVOUCjjtNRHql43FJxPIjOA5tX3EktO0Ib70gcLvLhFQhuLa7cL01StPfBlGcu1kfVhaJw3iJwVhEOA9UKzfFJYn5Dj14K2CgDwQfbZE0SpRxcqrknjUbKeLUP50q04clsVOWDTJ8fp8mpZq3d_4vY7B60n2snmwkXqgMD-v82w8unAI-SUwmdRSlPJYjB4Ki5KSjsRExAwGQ-cU4jjK-QIJF19S8E-T3moIpLwrHeZxvBpcRcE6Uu6ut_T7bX7YOMEdpPQGYo6Tr6_ZbtcdfddS-NA0ntYOle7DFE96KfpZTRiDYvQHcQoI3IhIG_8sZvOlvrDbMNQOAjTqO9LhHhcEVdXuikQ-LrCOMAGl4dFy9iSNOQknEuzVHh1aeEMkrFG3xv2xztNFsgm6ZFb4YgM5N5bfwNm-zp1ruFXxtCFp-La_Ml9byBxbSzOIpwgM6WtIiwzQfvNeca6bukzbhdTY4-Y7Y1ybjU_CGwOipANCncDdawP3IXRX1uNubGoNeIS89JNkaOuNejcww_q4trSHKo7tyf82KseI2yjukXVVCuYBZ9fd5c-0r7S0UHrgv898wSJJoodWa5u_0cwJU7Iu-xIqWHdj5S3Llii1knjjU53YDqDVjx4erigPRHKVGKsgUKne6Hd_lHkHAyp7uCJ38CL46mHUU0naGlBs0qtuFJwGlQtZA64ges71PEXSD5_ImSdSBIO-FKoYEIdQQaIx83zFbYvXZCjxGblFgae_Wc3fFZ74eBkaW99wTEQm6xxlB2sC5twfLhkFQFs1QVYZstV1UmxFGKpgzXm0W2q6MxJT1UNEKigRlnYxny1YQN3qMqR7DRn0r6JAW5SQJ5au-fjU-ITKeyUDDUF8GNQI9sRd7foTp3MpYf1v6P86ppV4&sai=AMfl-YS-dvFYcp7Q2zMvtTuLRbKTrRLIsbtUEZaCRUUUwtnCxXBLTMd2qO7GORLPRiFIKRSfHtWFkQDw_Er2bhf0iDwU_wnNB5PV3SxGcLDKpiJNB_skJU9fA7PdyT4ns0tDkeuSjrkJ5vVmSbLouyxLvjn7UrUmPg&sig=Cg0ArKJSzLTyvWqQNAUMEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220818.81679&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Tue, 23 Aug 2022 20:10:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 42F2 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 11:23:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31660
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Aug 2023 11:23:17 GMT
i
cdn.bizibly.com/ Frame 42F2 		43 B
346 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/i?v=10214551&a=514567931&c=162591625&s=6140839&p=322265078&m=0&n=1736363306
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 -, , ASN (),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
last-modified
Fri, 19 Aug 2022 00:00:17 GMT
server
ECS (frb/674C)
age
418241
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 74B8 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
20333
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 14:32:04 GMT
etag
48472445140208031
expires
Wed, 24 Aug 2022 14:32:04 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 42F2 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4283017e2719dbeaabcc2c3fe171a6fd6f2941bf933f2be98d6295fb1f8d5cae

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 76E7 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CLjO7rFNQfC8eoJd4F0JlXODV7SIiXBFv14sFYAnhc6tGT3hDWPzhVspor40kCcKYpOvmMKLzLYGpYojIj0xGyrJ6u0-KoMpppZ6FLu8p0ARCzzDU
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 76E7 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:02:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
489
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 20:02:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 76E7 		140 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44049
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661168302676581"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 20:10:57 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 76E7 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
163
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 20:08:14 GMT
l
www.google.com/ads/measurement/ Frame 76E7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRmO0Nbf6RI0FqrB9iR91Yx-KXnVfge2YjBrhHPS6MzFzSoas0HAI_o_8TiDlVPgFySE7DDDMaChKbLtdvyMHPMMDaB5A
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame CB1B 		640 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYk7favAEwAQ&v=APEucNX1iJ9y6FRRtbfQ65k-2j4xHnUvdMznST22N-ddU7E7uYhc8DljL2vXhAGlWT661j_1rJKU3S__wQICtNCmnJAwAHV1F3OTLIHdnhS4knYZu0_Wr0CA8ygGkFKc3C9G0m9KYDQm0YJVk3OeMyqCHcf_ST2u4cmBwN4sqeZldmcpeZSnKrdLU3DWRTwkDQI2Zl0tJzBS5RDsDODtMMrT1e61e9dcQA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 20:10:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 76E7 		62 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bde968d971ad6c7d8ccfb6e2bb4e8c2aa337ee85bd7ac79b0c78cbbcf7c6bc47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29749
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
google
match.adsrvr.org/track/cmf/ Frame 74B8 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKYM7zIIl4Z7TWUSW9ZI4TA&google_cver=1&google_push=AehlK4BrX8aPsSOweSYOcilmZiTJmQOFt5fCeLMfEjdtGLK-HfeNuAmjUqTLrYue76q-KItnU6OICY_xQXWg5wOjduHbDAs1oSU
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 74B8
Redirect Chain
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEP93cMB5X8jNZ7aEhvCtRTA&google_cver=1&google_push=AehlK4BL6DxUTfieL4m4mG3YBg658_f5Z-zeRJDUvy1KVF-MZ_Sbe2G2iDvUm-HltM5ZJ-VxMnCMHxw-bHi...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4BL6DxUTfieL4m4mG3YBg658_f5Z-zeRJDUvy1KVF-MZ_Sbe2G2iDvUm-HltM5ZJ-VxMnCMHxw-bHi_-zEAv8oEu4HAatI&google_hm=kv6WwLtlTVqfJwYvu1_p4Gg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4BL6DxUTfieL4m4mG3YBg658_f5Z-zeRJDUvy1KVF-MZ_Sbe2G2iDvUm-HltM5ZJ-VxMnCMHxw-bHi_-zEAv8oEu4HAatI&google_hm=kv6WwLtlTVqfJwYvu1_p4Gg
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
via
1.1 google
server
Apache-Coyote/1.1
status
302
p3p
CP="NOI DSP COR NID CUR OUR NOR"
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AehlK4BL6DxUTfieL4m4mG3YBg658_f5Z-zeRJDUvy1KVF-MZ_Sbe2G2iDvUm-HltM5ZJ-VxMnCMHxw-bHi_-zEAv8oEu4HAatI&google_hm=kv6WwLtlTVqfJwYvu1_p4Gg
cache-control
no-cache, must-revalidate
content-type
text/html;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 74B8
Redirect Chain
  • https://fksnk.com/cs/google?google_gid=CAESEJ1EI4_ta9QlzAOTWjI4SE8&google_cver=1&google_push=AehlK4AbKbfuJpJ7MmpzQ6ci7T33nMZT4uLaGEfxW_nboS2gGdVrp4Vv29xCEvLujqKVUt8-xSsz4irgX9Cc4LCNB6PGU4_3p2qj
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkRDRDRDM0IyOUNGOTUwNQ==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkRDRDRDM0IyOUNGOTUwNQ==
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=RkRDRDRDM0IyOUNGOTUwNQ==
date
Tue, 23 Aug 2022 20:10:57 GMT
content-language
en-US
content-type
text/html;charset=ISO-8859-1
pixel
cm.g.doubleclick.net/ Frame 74B8
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJBhNhX6y7_dFWXZTOBLOHI&google_cver=1&google_push=AehlK4BYc9PcWPjlrsNpnLbs2J6_NZ7BuHDfeY8tKQ-Q93XZYuEx-gX6y_-qX-go7FBwf475GMDoNSk8PKOD7jjMO8XAADA...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BYc9PcWPjlrsNpnLbs2J6_NZ7BuHDfeY8tKQ-Q93XZYuEx-gX6y_-qX-go7FBwf475GMDoNSk8PKOD7jjMO8XAADAdzGBH&google_hm=ODk1NDExNDkzMTc1NTAxOD...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BYc9PcWPjlrsNpnLbs2J6_NZ7BuHDfeY8tKQ-Q93XZYuEx-gX6y_-qX-go7FBwf475GMDoNSk8PKOD7jjMO8XAADAdzGBH&google_hm=ODk1NDExNDkzMTc1NTAxODg4OA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Tue, 23 Aug 2022 20:10:57 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4BYc9PcWPjlrsNpnLbs2J6_NZ7BuHDfeY8tKQ-Q93XZYuEx-gX6y_-qX-go7FBwf475GMDoNSk8PKOD7jjMO8XAADAdzGBH&google_hm=ODk1NDExNDkzMTc1NTAxODg4OA%3D%3D
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame 74B8
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG8c06lmpY55a83SQFoVimQ&google_cver=1&google_push=AehlK4CRvY4vLmG2Z4jfdiXbo5aeO8Py3VQ2hVgMdTAcR8BzvIErF1usW3SRkHk4kILLhx6FE2X...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc2TUdSRzMtTS03UU9W&google_push=AehlK4CRvY4vLmG2Z4jfdiXbo5aeO8Py3VQ2hVgMdTAcR8BzvIErF1usW3SRkHk4kILLhx6FE2Xb8ZW7QP61vGCmGnYwVsjkfsK7
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc2TUdSRzMtTS03UU9W&google_push=AehlK4CRvY4vLmG2Z4jfdiXbo5aeO8Py3VQ2hVgMdTAcR8BzvIErF1usW3SRkHk4kILLhx6FE2Xb8ZW7QP61vGCmGnYwVsjkfsK7
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc2TUdSRzMtTS03UU9W&google_push=AehlK4CRvY4vLmG2Z4jfdiXbo5aeO8Py3VQ2hVgMdTAcR8BzvIErF1usW3SRkHk4kILLhx6FE2Xb8ZW7QP61vGCmGnYwVsjkfsK7
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
sync
dsp.adkernel.com/ Frame 74B8 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEJThBbCst4tzxQRLKJrb1hg&google_cver=1&google_push=AehlK4CZdLXWEiAfjFt3mAVjrU5wMEqCx5El3178idNPF34ivkYHtoX8qVxHULfRtISLw0GQ-K2VQT5WJqqClEdJ9d_T7owMjwhT
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 20:10:57 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
pixel
cm.g.doubleclick.net/ Frame 74B8
Redirect Chain
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMswpVUQJZ6v5xQ4gjWJtWo&google_cver=1&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnueP...
  • https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMswpVUQJZ6v5xQ4gjWJtWo&google_cver=1&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnueP...
  • https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnuePUgA1EypGEEY&google_hm=FMhavGZHrzS07Ur4Tw2KxC0-
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnuePUgA1EypGEEY&google_hm=FMhavGZHrzS07Ur4Tw2KxC0-
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Tue, 23 Aug 2022 20:10:57 GMT
location
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DMOSK_mqGfSppGdyywW1xXG4wmDsHEm2wgfIl6H8qr3_zcguSvgPgDYZ3U3Ofydn7ff0OVYhCXScjutnuePUgA1EypGEEY&google_hm=FMhavGZHrzS07Ur4Tw2KxC0-
access-control-allow-methods
GET, POST, DELETE, PUT
access-control-allow-origin
*
access-control-allow-credentials
true
connection
close
x-sovrn-pod
ad_ap7ams1
access-control-allow-headers
X-Requested-With, Content-Type
attr
cm.g.doubleclick.net/pixel/ Frame 74B8 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KrlctJcemuMj8vJBIisSnX_MzQYzqZwII1kjLNG9iXZJ9For7JtwrmwXxINHNXmktY_oWp
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456161&bpp=15&bdt=281&idt=256&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=2&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1844342163&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069028%2C31069064%2C31064019&oid=2&pvsid=331677409633823&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220822&fu=4&bc=31&ifi=1&uci=1.sl4quil7r3dk&fsb=1&xpc=fl39Y2auaW&p=https%3A//securityaffairs.co&dtd=271
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1E05 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
540213
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 17 Aug 2022 14:07:24 GMT
expires
Thu, 17 Aug 2023 14:07:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sd
us-u.openx.net/w/1.0/ Frame CB1B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDNBfjEV6w1dm7IIT8Ywtyo&google_cver=1
43 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDNBfjEV6w1dm7IIT8Ywtyo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYk7favAEwAQ&v=APEucNX1iJ9y6FRRtbfQ65k-2j4xHnUvdMznST22N-ddU7E7uYhc8DljL2vXhAGlWT661j_1rJKU3S__wQICtNCmnJAwAHV1F3OTLIHdnhS4knYZu0_Wr0CA8ygGkFKc3C9G0m9KYDQm0YJVk3OeMyqCHcf_ST2u4cmBwN4sqeZldmcpeZSnKrdLU3DWRTwkDQI2Zl0tJzBS5RDsDODtMMrT1e61e9dcQA
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDNBfjEV6w1dm7IIT8Ywtyo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame CB1B 		43 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYk7favAEwAQ&v=APEucNX1iJ9y6FRRtbfQ65k-2j4xHnUvdMznST22N-ddU7E7uYhc8DljL2vXhAGlWT661j_1rJKU3S__wQICtNCmnJAwAHV1F3OTLIHdnhS4knYZu0_Wr0CA8ygGkFKc3C9G0m9KYDQm0YJVk3OeMyqCHcf_ST2u4cmBwN4sqeZldmcpeZSnKrdLU3DWRTwkDQI2Zl0tJzBS5RDsDODtMMrT1e61e9dcQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame CB1B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEOjHTNusPZRPW2A_PGtmAww&google_cver=1
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEOjHTNusPZRPW2A_PGtmAww&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYk7favAEwAQ&v=APEucNX1iJ9y6FRRtbfQ65k-2j4xHnUvdMznST22N-ddU7E7uYhc8DljL2vXhAGlWT661j_1rJKU3S__wQICtNCmnJAwAHV1F3OTLIHdnhS4knYZu0_Wr0CA8ygGkFKc3C9G0m9KYDQm0YJVk3OeMyqCHcf_ST2u4cmBwN4sqeZldmcpeZSnKrdLU3DWRTwkDQI2Zl0tJzBS5RDsDODtMMrT1e61e9dcQA
Protocol
H2
Server
104.111.242.245 -, , ASN (),
Reverse DNS
Software
akka-http/10.2.8 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
cache-control
max-age=0, no-cache, no-store
expires
Tue, 23 Aug 2022 20:10:57 GMT
server
akka-http/10.2.8
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEOjHTNusPZRPW2A_PGtmAww&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame CB1B 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYk7favAEwAQ&v=APEucNX1iJ9y6FRRtbfQ65k-2j4xHnUvdMznST22N-ddU7E7uYhc8DljL2vXhAGlWT661j_1rJKU3S__wQICtNCmnJAwAHV1F3OTLIHdnhS4knYZu0_Wr0CA8ygGkFKc3C9G0m9KYDQm0YJVk3OeMyqCHcf_ST2u4cmBwN4sqeZldmcpeZSnKrdLU3DWRTwkDQI2Zl0tJzBS5RDsDODtMMrT1e61e9dcQA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 -, , ASN (),
Reverse DNS
Software
akka-http/10.2.8 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
cache-control
max-age=0, no-cache, no-store
expires
Tue, 23 Aug 2022 20:10:57 GMT
server
akka-http/10.2.8
content-length
23
content-type
image/gif
view
googleads4.g.doubleclick.net/pcs/ Frame 42F2 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuq8UE7MYbILUGYOjFRCvpvPWqsqPbP6ySeOAAn66QS55MfUw1IFKg-80_sCV39OWiqDiWtr0TRAuUf9qZseYQ5e7nP_juK4D9PBK_JlFExLPE-W6hYA24OgJg3-M-j7UQF_XxL98KhsD3G9P7EEspeVIk_v38Xsl6p1BiMlluP9mEGWC6NnAPGBfX8XriVXj154sig4aAyLD-n_YmTJfzmLenA6wYXUC7jZDJRoUS-nmjcX9PCmBifVPqtC1ZBpNvCIqbMtt55_xYs2-9Q-1WMWTgwFUs9CAjdCNHfPag19T13mzrLthSzRzvIJZSPJ7vH3vyvkfKOVOUCjjtNRHql43FJxPIjOA5tX3EktO0Ib70gcLvLhFQhuLa7cL01StPfBlGcu1kfVhaJw3iJwVhEOA9UKzfFJYn5Dj14K2CgDwQfbZE0SpRxcqrknjUbKeLUP50q04clsVOWDTJ8fp8mpZq3d_4vY7B60n2snmwkXqgMD-v82w8unAI-SUwmdRSlPJYjB4Ki5KSjsRExAwGQ-cU4jjK-QIJF19S8E-T3moIpLwrHeZxvBpcRcE6Uu6ut_T7bX7YOMEdpPQGYo6Tr6_ZbtcdfddS-NA0ntYOle7DFE96KfpZTRiDYvQHcQoI3IhIG_8sZvOlvrDbMNQOAjTqO9LhHhcEVdXuikQ-LrCOMAGl4dFy9iSNOQknEuzVHh1aeEMkrFG3xv2xztNFsgm6ZFb4YgM5N5bfwNm-zp1ruFXxtCFp-La_Ml9byBxbSzOIpwgM6WtIiwzQfvNeca6bukzbhdTY4-Y7Y1ybjU_CGwOipANCncDdawP3IXRX1uNubGoNeIS89JNkaOuNejcww_q4trSHKo7tyf82KseI2yjukXVVCuYBZ9fd5c-0r7S0UHrgv898wSJJoodWa5u_0cwJU7Iu-xIqWHdj5S3Llii1knjjU53YDqDVjx4erigPRHKVGKsgUKne6Hd_lHkHAyp7uCJ38CL46mHUU0naGlBs0qtuFJwGlQtZA64ges71PEXSD5_ImSdSBIO-FKoYEIdQQaIx83zFbYvXZCjxGblFgae_Wc3fFZ74eBkaW99wTEQm6xxlB2sC5twfLhkFQFs1QVYZstV1UmxFGKpgzXm0W2q6MxJT1UNEKigRlnYxny1YQN3qMqR7DRn0r6JAW5SQJ5au-fjU-ITKeyUDDUF8GNQI9sRd7foTp3MpYf1v6P86ppV4&sai=AMfl-YS-dvFYcp7Q2zMvtTuLRbKTrRLIsbtUEZaCRUUUwtnCxXBLTMd2qO7GORLPRiFIKRSfHtWFkQDw_Er2bhf0iDwU_wnNB5PV3SxGcLDKpiJNB_skJU9fA7PdyT4ns0tDkeuSjrkJ5vVmSbLouyxLvjn7UrUmPg&sig=Cg0ArKJSzLTyvWqQNAUMEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=247&vt=11&dtpt=246&dett=2&cstd=0&cisv=r20220818.81679&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnZITpXdcabeZWUjDts5sE7ATV_EoReHW-bcrRW3mBludYBIWLhxS4_Rj8RB6WPjWt1YZvfqhW0wEoOxcpxAWUj8JXvg&cry=1&dbm_d=AKAmf-DoVN9at_gE858jscO3tfGzvdDI_73f9ULtV7DspQkNS4L0f4BvqXBOLM23ePLXgCqDorVf-S1K_RzmVOa4knzP5Sjsy-b8lTSj2JgeTV7dvqmuurygprFM0fHsreYHjjz-ewwTwzztCQhy2t3jlaPuNcQtbAu4LaLo8DE7f8fV_fPfWHD4QlujgxcM96ADZKpOvLse6T_3K0tdJ7kaBoruQxE-n8SMx8bBCds5-zm7AYkWF2uRHvKcuyO5pOSLMzClkNXIRqJ3zY7d1QRN-j36u1O6349C9zn2hmxdfVB9DdHBI1K_eebTZYDzVT4Qnig59Od6Mfw1r7i-Viq8CInhXhBLb_N5qmr3GgqW0MA_o_fmHymcDrlUth3KQzzQ-WpmNb5KBuosxXXY2sMze8SyoQuxN1SisYFn2PH8k6-AXtzeyEppzUFZkDNbTLBRDtU51GTAKCQdN96u6weH2rVwLkYelwDZBw2E--gpu7WbZT0l4onKvjzO0l5Y0qcxXY0RLM1dZ9MMr2qEcJmE-18zXI_w5NGunadwkRNxTov5TgKjsccO-dkgA-O21rgaqGmtZ39cHtrkq89aSWUhNJE84s9V_1obI1TbaA-pjCqCIBfPghJ0g8GMVFjV5an4SDY60K36fuSHfG5s5HYRZq19gxmb8D6tTDL2hrZ49uhV5oPThEbByTJnP0QDnbRm11iFPDwIvOjCH2AGw0H1B8ceBG2xJc80-CijOena3pXcC4dLv9c19cM6-EiwfJSO4nx0hMpPJWv9VPsJUPQVuhD9-YogO90BCiSOp5ZQNfKBUpixG1DfhOsOdMeXdJQkeoGjK3DIZ7w0OZiCFvF_aWqV2XV9OIZYGChMWVTLDCeE8bXLL4BVdhhnkCStfZT8322FeCaFjN5muR19Kicijcj_tmbgi4vJpgymJY9kMiug6ejhLx_9gCMOYkLux8ZYGt1H1Zm8B4MpZq3UFamnvRY7ROf82xOzknlomKakGgwrmsdRLk6tHW8jyvDYql5Ik5cMNr43-HSVDBgiayUukviMX-0OmPsvLFRQc9k4SZW0LU0VY8j6lZxJYY39z8BlCs4AtgvbfBlHQRNazAj6RuHA2MlcK2HH2lVv4mWrTixe5PUR_fZyH0LGbrI_p975rFqF9r3d4W7ZoiAHqubEH71bBj0jzav8Vo2vhAtbfJBQ6CxG0Wfd1QXWP-eXT5DOacPVvmU0fuCx6e2VLmgMyr4QHGYY8fiYzwfBZqMfeZz7emezI6PcDJ27JSZ4iH2eTSrTz8D_XJZgK4eY6iXXu3FSl0cBSixIYluOP-IdXs8VdYLJ9IcYK9QN3iSRZk6rWq3V8Cd6y-gHQXe9Xe2aM1vGS74uz0f5w4iqaC3dqbu06s8xPI34LHUrmpO2Cc_2JmCfKkrOMD-6lli6MT9hDxQcOwT5uQOkP5MTtYgrAeL9DYTiFjAMPlor_Ma0NVRWy7i1OqHvuuJw8q3Q1bf-oQtA8z-Fp4fhLy1TQb5B2Zs_5_WKmjkH8T7v9RxCbBHEqm3_-eKk2zwPR0mtyeoZoa-RFZZ_o-jWI9P-stoXptGKl6x8GwDt5OVw--JbSJSVwtL0dpch0pWRABTIiuSA4wg8civvfamK2IXxXsD1Sawl30OsbxQp-ZvcTXGDKpDWFCVNq2rr_tmA5Yexdarwc616gn79bLHxxzYRwc05AeY43SgRAZfWWYTOGroJQ5lKojrYTWGv08EymdRRK4w5GHfoMFXMCua3O5qC2LfodxD4WNtDkxnvB1UAfbqq1E2Ag4dHlnBKf0lOAorv5nnSXDy6o_2PYYdLoK-AEXOB4rw0ceeJgVnQoy4U9WFf0XRrFh_hBR94PWRopHxCXi5d_CiIT25S0N56aTgI2ZzdSVts9vDN5_LTFjf1biDIBo1qyHg39T2rB2iMYvzDSELl0IRE0TQ6CRWKqLANattuqlGuvBBmVG2_jYW5ErVOYF0CwObohN55hpX3xP61BrPat34nBJyBHdC6VUmIrRbwgoBttMtn2xkaxZDXxRKQ17LVh8i7rWQ0zdQUofTnoVtQL81ZWcxtIf0rpD5u6ASmyKNCFY6HEdfX5InG8avM3lNSuTJxeOV1LuQ0PRpnkszeIfINZTdtgrwcDPqIgesDzmb1nwIg07e0f30Qih1lkJA7Sj_QRlklaT0kPT-I1n4Rrf0XP7c2dW-cTxLbpUlvXdvCggrRwbPl4aho4NVJ0ISteiTdgQ5Sr65-9AehwLf8w0RF58_HKM84eACI3SjzUZkokWAtHRE2eJ4uIhIm_g2Q6tZzx9BOl0PqQJLM-yOlmyhhJbfTrCl8SRyBePB1kBjfnUq2aUpFbbPVnvGMASf4HZqkqKCKpQXpr8POV8u_owfE3M3iA5SWn8LDcQywpL2KuSuJr8Ax7E7nKzgJnE1CZ6ZOSuOIoE_uQkasRkRNMQuUd_ZEsy3PTn1nVn0buoR29eL33KuoyOxVQ17wZeLAatMRZMMzHdsXiEzf4TR39hxIXhwpMxVn8y2i2M3b--MlbT7kaD22LDAooXNZz07gHhSM-a3joTgCfK7vysBW_FopojXKZ11K-V5Ih5-6hoKb5ybyKX6F_k7bPjRto7tKSIo-AjOWJiavqUQifmxQed6PQs5sNLojzeA74RBVcVxkBrJirYMAuWbiJAmLuXJgAX-wEzj6tdMhBjxAoV6GC62TJK2yp0n33Ltvl0AarcyczGr4vmOSSvOEunYPUQd-A_gbon1LFLLUJlTLV_LHV5vbLFp5Dkqa7rB1hso4tTlgdqPrzlSTqvyDblxanZggnO3mE4KymVike5-9FHgxi6jSLNq3VvgeT_Km4h00wKUYXRcXbDWWt1pQLkOHmY7ukn5HNuztytS4LTyQ5WO9HYKJNXgHGcJ3_K7wQrVB0EgnKbPnH21KcyuLLjdgw5HsfKenNbkS-4ONhyZm-6IP51Xn0ASHM1Gdf3Vzyn9PP-f1O4X1cvvKpdx2GVy7w1ASWYuhG8LZ5VkerVmuWfnmGS_Oj6VST3mFbj7rePO2cIALOQhF_z7D9a0aZiovzuqg-H76SvpeG44pYdru4OGxgURn31iodK3bpbecfaQ9PHLF8tgAyIg&cid=CAASEuRoqWXhmdsYmP6-GGq5aqEJvg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/ Frame 76E7 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:02:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
532
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11819
x-xss-protection
0
server
cafe
etag
10563440404697844360
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 20:02:05 GMT
5383157078274187439
s0.2mdn.net/simgad/ Frame 76E7 		68 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/5383157078274187439
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
3723f07c34b2c950803b130d7604825b7e4d81e0007444723f01245e4cbd27d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 15:48:23 GMT
x-content-type-options
nosniff
age
534154
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69517
x-xss-protection
0
last-modified
Tue, 08 Mar 2022 18:56:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 17 Aug 2023 15:48:23 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/elements/html/ Frame 76E7 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220818/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:09:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
18418590997839133011
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Sep 2022 20:09:43 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 76E7 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2vrvisemjYTdtHgyzXD-HaYoE-ZBtDIDIzrNDq-cCKkIaZjX_WZ9zQaLdoDmbVukBGyAVAkvbwvcfn0lnTDDFNRpKr9e1rx6_Pedq_hx1k4w7hLIjwlQf3YYRYUCsm0i2dRwZdK-luIi-RzEZ_HqgczIj6FfTN5fvYomvqYKlGpF99Z1knzduXULfUOaATRjr6z2o0M9MyKcAZIwdliCGQu2QWVAW2-_wWUIkRU79ZP0osP6MvRoH1Jmn9kW-Sa_7UrjU67FUOX72Xbtb41yBcpc3kNjH_7y17lOVh90SvIXvuCaIVO2dca3LEnJA-vtUI_6QAfZ_j6Iv6rP2OxVqkDCntF6S3ZgbPHqFkxxsZr2pPe8Of3I-NenqL34uSfQD0HfAZgEHtXP9gIUuBkq0M-eVMMT6DnGXC_3Wyh_j7GRGROd9VUcUorC_FTfKOtAFynKfBkebYTsiOrPrOsoyz1lWuM-tIW70o6EVRAMTRdJgndXkbM0ixwPmJW5GQqHKelPgAROnGGvw1bPQ3AaTeaL3dQbKKmoOB_LxF1dQEfh3ORl8pQVH4dhJYd6AadHxdSobE_YXkWLapNajnrELqkppQ3dzs_zkY_lnsRCaABIuDngtJY18D3PHEz7yVGnPNZIpxW1sufBJq0Hu1tvHjUSdG65H1pk_BHgHFbAwXcuJ4Xp7U6c_B2Vb1eqvgpi7l36ReOSE8Mw40cSuc8gQUokTvV89F_OSN0teEiU5txxlQkGegck3J1ZI8ln1rgtWeYE8FspaGzJ-22uSxg5TAtLVRoox-p3ffpx53W4V8Hos3zpvpY2NaXk8kF13zAce_WDhDWeuAPLWMbUgKEmeoS3qPjhg5iWFi8fuCH3teOHqsROZWPOrR3jjJjLnAEtqQismav66QuGiyIoyRrq0jgomjkL7XHqlvscLqIBUbNqzAoS3LxKiMjZXZuOwp3LxXd5oIn1lLyjsrCQqFJcTn88Iz54G9_2Lgzy_W-zMRzK4-66lJcT87HS2Xp48BU-BoG8Ce3D5MOS0W1ec5k4q1LT51nGuL-rb4BPhgSBg9yrOK38PsXmBfAo17n2x3abL6dkQq5DeBHfCce3Dek4AwQ9MItWLcaoCZH7KCyGGflj1FFCDRgK0SyeflfJHsuiZqvia-6FR8Oj3BuflnRSTqNmECQ_S-mrG58HUDKhhjDSIJif5YnDE-JBTYneysFwDAEyuVVwk-A&sai=AMfl-YQW3pCjAZ9M43rMaj03fnHb6vbe0Gtell1d3lm3T2dSJ5DJNtIhxGXUOilXUsZyazXH91EwqpgA81f9B0ZUrm3FyzemuEqrvj2KK7GcSMGvIuV2JvMuNRyqXaacruwllqsvOe_0FTYFxVbOXq9xwLKpkDTBNg&sig=Cg0ArKJSzBkUDinhdrRkEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220818.84224&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Tue, 23 Aug 2022 20:10:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 76E7 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 11:23:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31660
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Aug 2023 11:23:17 GMT
i
cdn.bizibly.com/ Frame 76E7 		43 B
85 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/i?v=10214551&a=514597620&c=168062694&s=6140839&p=322120724&m=0&n=3418446676
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 -, , ASN (),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
last-modified
Fri, 19 Aug 2022 00:00:17 GMT
server
ECS (frb/674C)
age
418241
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
sodar
pagead2.googlesyndication.com/getconfig/ Frame 215F 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220818&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a92f3f08afbadfd29c61d8b7e49c53616d201e5eabaccb90b91f39e98f39f012
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11062
x-xss-protection
0
hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
pagead2.googlesyndication.com/bg/ Frame 1E05 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 06:26:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
49472
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14041
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Aug 2023 06:26:25 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 7A59 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
20333
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 14:32:04 GMT
etag
48472445140208031
expires
Wed, 24 Aug 2022 14:32:04 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 08DF 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
540213
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 17 Aug 2022 14:07:24 GMT
expires
Thu, 17 Aug 2023 14:07:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 76E7 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
648fca982d6855ce943e98199386947631852939971e86898bd54f5c05bd01df

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 7A59
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESENvVT3hsB9ySR7d0WH-_3CA&google_cver=1&google_push=AehlK4DKY_eQwnw7z81CQ8C1RcOp1zoEsieCpFQ9x9xUr6HRkbFRgTLQIq8td540ocRFMoT5IhvpLQWYo2dIKs_8Ba5jLHg2RkM
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDAxNjAyOTQ4ODY2MTQ0NTkyMw==&gdpr=&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENvVT3hsB9ySR7d0WH-_3CA&google_cver=1
0
0
5w3jqr4k
sync-tm.everesttech.net/upi/pid/ Frame 7A59 		0
83 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDQgj0qODFPvQF_w4QXLRvI&google_cver=1&google_push=AehlK4CwYxvaw3rWy1LQAgV7PeAYKXx7UHeLOZjCr1JwXFcwW9qFo-XmR8eWhsovXs8hRChxQ3abKO4BKxqF3Epd7xA2kpyRpVsx
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
via
1.1 varnish
server
Varnish
x-timer
S1661285457.493723,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4026-HHN
pixel
cm.g.doubleclick.net/ Frame 7A59
Redirect Chain
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESECwLq4ATeSOJCs-1XT9KHxc&google_cver=1&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9I...
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESECwLq4ATeSOJCs-1XT9KHxc&google_cver=1&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9I...
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9InXm199pPTxmrVlR8tX&google_hm=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9InXm199pPTxmrVlR8tX&google_hm=
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Tue, 23 Aug 2022 20:10:57 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AehlK4ANbOffMUY52IeE9DEoJ2Jx8e5tlC8fD-km-2nAvzL5KBDh20J8SEq2bvzTDOKznDGeYxrAZKlu9InXm199pPTxmrVlR8tX&google_hm=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
sync
sync.srv.stackadapt.com/ Frame 7A59 		0
0
pixel
cm.g.doubleclick.net/ Frame 7A59
Redirect Chain
  • https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEPMIc28hQ6X0Aqeg6DxXZxQ&google_cver=1&google_push=AehlK4CwTYGE8rxQ3JYTsjzOaxqYItNhAnMycyr3uOGiYL3SeGJdcJmty7kzY2UFs-nvrN-dBMg3anvERvtQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4CwTYGE8rxQ3JYTsjzOaxqYItNhAnMycyr3uOGiYL3SeGJdcJmty7kzY2UFs-nvrN-dBMg3anvERvtQSl6cbblRhS6F6Y-I
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4CwTYGE8rxQ3JYTsjzOaxqYItNhAnMycyr3uOGiYL3SeGJdcJmty7kzY2UFs-nvrN-dBMg3anvERvtQSl6cbblRhS6F6Y-I
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4CwTYGE8rxQ3JYTsjzOaxqYItNhAnMycyr3uOGiYL3SeGJdcJmty7kzY2UFs-nvrN-dBMg3anvERvtQSl6cbblRhS6F6Y-I
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
/
cc.adingo.jp/adx/push/ Frame 7A59 		0
0
v1
match.sharethrough.com/E4rooAtA/ Frame 7A59 		0
0
attr
cm.g.doubleclick.net/pixel/ Frame 7A59 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KEuLet-lWCBJeNkPvjkWcVnbPwSHD0nJm1bHa3eU0Px8JdLiVWy2M0kMgk-Jx2_d2cd0BqMg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661285456&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661285456113&bpp=15&bdt=253&idt=333&shv=r20220822&mjsv=m202208170101&ptt=5&saldr=sa&correlator=7412954427270&frm=21&ife=1&pv=1&ga_vid=1595664349.1661285452&ga_sid=1661285456&ga_hid=1142380323&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069029%2C31069064%2C31060049&oid=2&pvsid=1271092954696629&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&alvm=r20220818&fu=4&bc=31&ifi=1&uci=1.1wx32u65awdi&fsb=1&xpc=3CbuyFY8t8&p=https%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
pagead2.googlesyndication.com/bg/ Frame 08DF 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 06:26:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
49472
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14041
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Aug 2023 06:26:25 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 76E7 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2vrvisemjYTdtHgyzXD-HaYoE-ZBtDIDIzrNDq-cCKkIaZjX_WZ9zQaLdoDmbVukBGyAVAkvbwvcfn0lnTDDFNRpKr9e1rx6_Pedq_hx1k4w7hLIjwlQf3YYRYUCsm0i2dRwZdK-luIi-RzEZ_HqgczIj6FfTN5fvYomvqYKlGpF99Z1knzduXULfUOaATRjr6z2o0M9MyKcAZIwdliCGQu2QWVAW2-_wWUIkRU79ZP0osP6MvRoH1Jmn9kW-Sa_7UrjU67FUOX72Xbtb41yBcpc3kNjH_7y17lOVh90SvIXvuCaIVO2dca3LEnJA-vtUI_6QAfZ_j6Iv6rP2OxVqkDCntF6S3ZgbPHqFkxxsZr2pPe8Of3I-NenqL34uSfQD0HfAZgEHtXP9gIUuBkq0M-eVMMT6DnGXC_3Wyh_j7GRGROd9VUcUorC_FTfKOtAFynKfBkebYTsiOrPrOsoyz1lWuM-tIW70o6EVRAMTRdJgndXkbM0ixwPmJW5GQqHKelPgAROnGGvw1bPQ3AaTeaL3dQbKKmoOB_LxF1dQEfh3ORl8pQVH4dhJYd6AadHxdSobE_YXkWLapNajnrELqkppQ3dzs_zkY_lnsRCaABIuDngtJY18D3PHEz7yVGnPNZIpxW1sufBJq0Hu1tvHjUSdG65H1pk_BHgHFbAwXcuJ4Xp7U6c_B2Vb1eqvgpi7l36ReOSE8Mw40cSuc8gQUokTvV89F_OSN0teEiU5txxlQkGegck3J1ZI8ln1rgtWeYE8FspaGzJ-22uSxg5TAtLVRoox-p3ffpx53W4V8Hos3zpvpY2NaXk8kF13zAce_WDhDWeuAPLWMbUgKEmeoS3qPjhg5iWFi8fuCH3teOHqsROZWPOrR3jjJjLnAEtqQismav66QuGiyIoyRrq0jgomjkL7XHqlvscLqIBUbNqzAoS3LxKiMjZXZuOwp3LxXd5oIn1lLyjsrCQqFJcTn88Iz54G9_2Lgzy_W-zMRzK4-66lJcT87HS2Xp48BU-BoG8Ce3D5MOS0W1ec5k4q1LT51nGuL-rb4BPhgSBg9yrOK38PsXmBfAo17n2x3abL6dkQq5DeBHfCce3Dek4AwQ9MItWLcaoCZH7KCyGGflj1FFCDRgK0SyeflfJHsuiZqvia-6FR8Oj3BuflnRSTqNmECQ_S-mrG58HUDKhhjDSIJif5YnDE-JBTYneysFwDAEyuVVwk-A&sai=AMfl-YQW3pCjAZ9M43rMaj03fnHb6vbe0Gtell1d3lm3T2dSJ5DJNtIhxGXUOilXUsZyazXH91EwqpgA81f9B0ZUrm3FyzemuEqrvj2KK7GcSMGvIuV2JvMuNRyqXaacruwllqsvOe_0FTYFxVbOXq9xwLKpkDTBNg&sig=Cg0ArKJSzBkUDinhdrRkEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=176&vt=11&dtpt=175&dett=2&cstd=0&cisv=r20220818.84224&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_CFb7H5I-Erhk5LWz6XZIxiipfGrm3i4K-H3P5PDIokL8LxMpYp3TYPuEusD2IqnI15i-1FANCPEwJzx9TXmpfj2x6A&cry=1&dbm_d=AKAmf-BGyv1cJcvCxTZm8Y3LlQihZsl1mPRkPBqREHQj_XfysrjjhTRcaP1LznB7ghAbjEM-mjtCD9suUNLCXvb_QvI3zvNjKMvu3mkQIHqCbg7MhWpj8AbG53YnK2vdkGuDdAolyKsYWvCYxUBkpjPpcgfVGnHYLcAGciZhniuIWq8DxfOPWbfTSiDBzpfUqBdf1_-b_gPcnUSVJTIy1YSyQiXHBHHpMeingtC-egGny1UYGaARuGJy_nOHu4TN9QHv9rz-Wg_t4jvXs7dz8U5KVaqxtCsztWpywmdyN0hy4KeS4_WvgE5upnsso7Jr1zIsRPxPKsX6jCBN_f9GSi2lacNO0z8y2NA00VJymTMb_tTJf8YkVEmzJL4I1EOn4XVgUGsfBFIq_D7wAj30gfHaug0G3DCPDuRsbmDPTtUKzls37kYwQpNRR88hu175_0ha1E8t1Xx9lT8Jr4EgLsqyXe_TgfjiXvfAMcf-Gj_5fpXAOVUkesV1e2Rm-fvS2V2Zcjv8qChribJnPjtS339lUkWYOf4QoWqDzVuvLhCE3PBw2nYaJq958x19VyYcuox3_WD3Lg6ULyhMzC2tgbYNcZYybnPII74FIUG4IsiItZ2oK6OE9nLxS9z8O0yOndARUPzEyIbFzE7s_4zsQ9X8OoB9i9U0gCe80itgM8MbcFyQWLUoyeWhre720Pb8ufJzsZcQ1nWwFtG0_Up1gSirz43nEyqRu3K5eKvyRbY8N0CrocDr0l0SnHpcAfN5Ju8X4k061f-py5sVsI2uaensmggvERmgRfpfxML7zcayz_T2n2JlKN6qjXDW6XEINAR2FHd3y6MjqkHcEWWd7S-mFCShiVGTtpYLItLQmbuYxFpvTMrEK2egza24ZK0FPlTtcYfaucnDmDyZqJkn6_-HG0x3VsxQgtJV8Nn_d8iK1FRkM3CaU3C2Skvm53RlPoKmZX6QWITelgVzacdwwRw7FJmf8t33bKUJti0-OCR6Lw2q8lDziFC0-SIGWWxuHU0lP3OmF8ngLPJX_mtzLiCS8Q5IsYeOzFYBubxACB0DRKIT3Ndwf44dog-It-4Eyh_dQ4I5E-32sfcr5gFGmQV2srglVc2-xc7LzBgDO-8ovghQkOf9iz8yeeRC7m7xuavkS6cDxE-UFL_cu3izIkdPiKt3w4p1ZgwbdF6X8aOQiJGjupU7P-aVEKrTi0b2mirIRlm4hS0Q0xhNIbCrqQqZcSCaocPF7lKRMfT_3CMRqutQKaE10EZUGoXIlthBd-9dXU0xgbsPtxCGXpkm3wxL1hV_bCafaQJSXHGdwc1KdWSVgyedBqjt8fpJQoxyd0WYs9k2BmY3AgTevfjUQitIl6fgc9W00ctj0dui-Xnf30QkZNUbRcyImuJ4vji8HPSgN9uhwS-a4N-oR8BpmpIOZFz2N638ypGWl_fWGJU4gZEUnExojlJuHq90jlE3l4S2cF8GR9EeImDYdWnV_TbCqziCpGT9ELn6DGY2YdS1PLlgVVuNYL7rUTZGkSQwOA0nUQTlPNjsn4rm3mcKYopQzSQGDpOHyz7d36VUirlzkFCK-ftIPORuGATrvZO4qjZp7iNKNK5VfXN_WSbOEJOVkrZYoiCwI8y8Un60A6rUwimg_J2tdUniS8gdIexJCavtMbNlFVxEO4iciyX_f9OpcDsZ8VAFRoZu3ePcJnIZ_0edQS2gjVQt3HA49CqLIly1kas9QHgAuT-K4eyV5lopQyTZWkvAdwg6FiyLb4v3U9qvMvnb-c-xgfG5rjcgNk2ZGnK4ixpwfWWUGCB2E-w30cN5T8IPRzwRgylMqCAg1HpLspsrChrH0RyfswQQ1ECw3gzaeghushP6vIpblVn6V7r7sTrYuVIsLTG1B1Ya7sqp12uZOJQhuayN3HXrgP0DIn1z9PKB03aoZRtoxx97QvqApQIXxNoKjt90jVm1OHnot98VymSH03VgzSsP4QVMtnlHdgHq8qgJ1qg1ziJuy4fj9cnxguaOw6sbgXyNhRvTMSZrrmpqelWcviVq2lOPbDjDjac35PDe0-0g2IgYav9I-lrQB2F90gSeATfzMfgHlH4A6YYvo25asortIJ4k-bM_StFQauStQvOSLQ-DJ-DQZph75TAWo3xmOZAqNg6KQvAoJ8tTWm763tgDqWHnMEcrDgXRK5z18-Vx5lv8GnYLshSCLeLsBglBNvmbeFtdOKzFC8ksO8wbGNSg_Ul0gVOQY-vKLFeWiQXvtE1KZHHyUk08K2DXu993iN3plk2YhwE7DzP3ZfVKC7CM6nf6D_UcBseyZWRrOagpgA56Hf4xNL9eSDKhb81E4XkKuH73hLCuLWWYEIzxFHSKv1GF3Vk6wTRtPOPk5Vpl1xQ5WWA3ptCqwlt1ijfLQTPY03Vuo-3ZgzizKKgUuNPhgqq265l36OxmbzmZibLkdxwlNoOhLM5IKrxsksU8QNVA26McGGEZrYVLT8se-ORBNRyw0OPkJOHCsTzif45Ky7qf5D62rSSaxNc7j6QO7N06KIPvkJuh2lBgKa6i-trgcG9sovic5M1S4hnAtuBqeQhCyx3-H-lMUxAu4EDEsU7WUQsv1GjXqgMyvVQU-9pxxIs_1AgP6oRy_0mmOpJT9kdEYQarZtkqWKBgbPeZYu_j8mXe7WSSCSvpyfPIwBmoEQFx-yZoM_RrdArMHqBuBWHsq-KzApslAyT_cYwsZhMC86g_MstCjcZcJzdN5kpye1uJLdCGWBDh9EBnJWVCjbMxcJt9b3fLci51_yQApHpXiWjK_2gMi6DDSP2SQTmlJkTDi9TcuWG1miqxlEpPBRUW0Smf6LpT5D8P_TL336F6SDS_2azXePKW8uzI5H07xxcgCd2W2Bz3K9Rn5OSuYGllPZScQ1x8S-mse8PFgH-8zVTijIgsmjc1nfltSCyClSX5YSB3eRxRHYYFOYgoZBR-08srD8huoD8dftLKFEwHH-11S_ZDqL0qffWyzVWA0oUW1J9Wk-uG-RgAgLCiZrvtNJpPVDtsg2eTr4T8fWs9U5HrHmDDiKNTmHLX5DZSF6VoqCvnHTz-GdAn6Xur_C8rqjTeCL1Mdbzb4lUUpJnoNgNUSz8f6Dc&cid=CAASEuRo3bMKymWLroilzec6eDoU5g&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:57 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/ Frame 76E7 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=bdt.253,req.351,bpp.15,fb.984,e2e.1402,fs.352,reqs.404,ress.984,rese.991&srt=632&e=&id=csi_pagead&gqid=UDQFY7qEIc2c3gONhaKoCQ&qqid=CPe-iczi3fkCFQjjmgodsZwNNw&rt=lb.335,ol.418
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame DBA4 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220822&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3b7859cd853c2371945f6490d969601eca2aa4b9669f7af05d7e3a546595f540
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11157
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 215F 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069028
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 20:10:57 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E05 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BSRs7UDQFY--DPbnDx_AP4d-iiAUAAAAAOAHgBAI&bg=!dHeldzPNAAYUOm8VNDo7ACkAdvg8WuVXzwFGCFj-KSQur79Zj5YGWB03GE_khtmatORR9ZeI8_UkbAIAAACPUgAAAAJoAQeZAx2o15Cpdt8H554nmNbJ7nTL7wGNctH1yA7m9ZWdx4BOXt7Iyn8-aAyV8pdAU7cWUZcbiwqVUIG80z-TsvMgo87GfwmsQ9rasJebtH8dgwYoujD0uXWpWmdroJVunPqclPLeHDGo-mX4BSO4jCXoH9IwA0LwPTvXLxGoxGll1B58d2H6ciP0C-MrSCBabgwcf_SWDM2WBAXy67VGHOS8AH8CNenxinJpDhWOgLY4jnEqjVEyms5KJ3csl2LSAOvBIAT5rlXOwpKn4S5yKx1tSZ1NfXfaCipe5PIc0sUJT79RazwsfTIO1s-jYb7MbSjcRR-Y349QCEtRc0sMZiPhuqsuMsQ1FKAitXPt_pEzpSLjylMQ0Cf3pF7RWZrDMW8hdvuqwdlMWc0oAyR7-kT_0gZGkPAUbN5fUdtKvEJSmm81bmv54qWPZZ_CN5b6RlGAAVSc1cLjdPnWG779EFVu1l2kfknyueCHSqfXFA2rla8uTOXEWShAaN5JxG23w2G0PryzNt5XpnvyH0nq90uOQPqESM4IHoywzGAcF7AgsEc9RWW_et9BZQVyiR5Ei77qS6rDRk9kQCKHzxe5uZXOBtXRt-5xcE_CxVgFvtkp1598pMUWtOLJTWI3c1FLkO_VKALL5LyjyAgbdu2fwAxRf26quYsTbPqOeUpxattHpD3f1ACerVQJdxOlzCSckPArAeW_CEPypZd0a01fSgRmdPmb-9yHdOWWr6BzrQG8Cfe2fsohxJvQqh8zg_j7ZT_r5qBZ06Fi_ekvqGZrk5B_DtYmnQCKriXG0-kI1nOPQ7FDYhrgE0391BvXag_62-78WB8gHSW89cd7e0j1ay9GdBjO-hyJLbyaMbstg-2WGF28-F6AY-dRV2o8wvYmlu7eG6mKqck5B3IA2IxsuJnjQk8-JQE2iFjTguLimZwy2Wf_4mv5QG4AoyqqdvY8vHmJsLYnbbTSaVG5jaAYjYNb0uc3DYKrmg2uvlhpwVq0FqBrIkG4mEnOVSlEpoBmojBvOZKZdiu0o_tDLv98pV4jBaHXmaOS9TXHlXr0D4Dpmw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3F0E 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1838
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 19:40:19 GMT
expires
Wed, 23 Aug 2023 19:40:19 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame EAC9 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
05a6edae07b133b9b27d25b6df60016908a05db08d44c505b7afd53c56867c91
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-96CCdMXSHm1KmqhOnan28Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-96CCdMXSHm1KmqhOnan28Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 20:10:57 GMT
expires
Tue, 23 Aug 2022 20:10:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar2.js
tpc.googlesyndication.com/sodar/ Frame DBA4 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 20:10:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 20:10:57 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 08DF 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Boz-MUTQFY9fiEP3Kx_APobOPMAAAAAA4AeAEAg&bg=!aGulay_NAAYUOm8VNDo7ACkAdvg8Wly3sfnxezf-DEos_8erU4kSaN-futN3NNsSgRKhGLd7N8ZFZAIAAABVUgAAAAJoAQeZAy_wFeQzOgd0ZELl7vVDBujGqN0e_HUjwhjhJSz2-zjr3wQ-qss0FQb-p6Fnhjw6-ToNBbV-J6yGex6xmpHMt9B4n9cEkFhjcirAtpd4m1K86QBprrO5-mdqvxiX9wC2m8EpAOR-L4x3SJjBiyLO8HaThwC71prHuZBtxJliohzkdeoz561NvtDAr0fnSfcJFYsl_scwipmJys_CkAtZ-d5reR4ImldTNDn0rZuJnDPCZUwsMLvZXOC4kUwaFiPDbzEbp884FScvNIToqoVixkHlF-IdqR61cnvB8LSa2__GLA-CX0k96f0iVtd8RtJBzf7pKRwkVEkuv2DULGYzYPNmcViAOmR14j0LL2h1cBBer7udvm8CNU8fHcjS0xVPZjKLs2DpeUQ5yBCSEJsntyHniVKwu3r_46SrNGEjgNcMyG_VVkqS60tjIDLnQlkUNG2Vcgd1NzdEtesKmin6cZfPhIQOa-fEJFlV2pcHs15Y_vH4HNP0d4uA71NMT3Jh9psb3vnYRKDHaMiO8IGY94teyrwgOnacDmflGvwJRXvFraxQcSDV4EKYUwrBHrXawBj7pR1D_uWjzo-vwzKLvA-r3EDfTCiQugiRlki8FVbznamrA24VUFtJRyQ2pO2LNn6ytzKOpSghuwg32mDxf_ut1_T0A5liIP9x8ydFXkdK7K8G2aUvrFW-xo1lpkeL7tX9TDZknbFGrhpGWnni-u6yQ0HZM3Qw_P2wsowTdG26EM7uOlObNli9HOBtWRWFN0OJmP1sILTDZPt9FQJSbYYh-PD9rfo75wZXZ1434a4QRWmEWb3w0svZ_fIO4MXos6Ky4EDEw99Sh-QsZf-TAR3LbeqT-7LxDZgZVr7CrqvHDz5GvvBc5ERZEm_FhMrgkvOSylj-7jbObgh7tsh9pGbt9RmQ7i9TvqWdWnbNtmvqZjlw9QEQ5kTg3d0Flck5buBSgz_OrIDNRJNw357WrFXdHDn763OaDkSSSupTWkL-pkx4Q4NO0Yo9z91TWQ_FvGavjeg-joRx6VsnKCJ13JzosigY1dmHY8Oodq-S68cw9EHpUFFvcp2sQ4c0SWsk3A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 20:10:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
pagead2.googlesyndication.com/bg/ Frame 3F0E 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 06:26:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
49472
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14041
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Aug 2023 06:26:25 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame EAC9 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220818&jk=331677409633823&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A196 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1838
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 19:40:19 GMT
expires
Wed, 23 Aug 2023 19:40:19 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame C2E1 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b6a3ee62d947697275776e9f176744cc5041ad34f22dd0c1b48f5db5c716c739
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Ik3dCik27grwG3N6-sGJ3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-Ik3dCik27grwG3N6-sGJ3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 20:10:57 GMT
expires
Tue, 23 Aug 2022 20:10:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
pagead2.googlesyndication.com/bg/ Frame A196 		0
0
sodar
pagead2.googlesyndication.com/pagead/ Frame C2E1 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
r.turn.com
URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENvVT3hsB9ySR7d0WH-_3CA&google_cver=1
Domain
sync.srv.stackadapt.com
URL
https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEOPr-Mxr7a1ihNTP6ItAPlI&google_cver=1&google_push=AehlK4C82_V0wZOxCQKVvPmJhxcShFoMZlM_ZMmTBmLYz3KeaYNwY-W6y6CoW4c9B78fa9c_COe8m34TsDNkBs0cRAaYYJciDZw
Domain
cc.adingo.jp
URL
https://cc.adingo.jp/adx/push/?google_gid=CAESENMm5lxXT2ub7H-R76MP8Fc&google_cver=1&google_push=AehlK4CYlE0t2wODu9qc76YwK8UxUVG-PXvcMKK3YH5s_nYedQUgbaABVJlkiwzZJqRlpx_UmxlgYR__LUCeTRToTXZwSyccpbjx
Domain
match.sharethrough.com
URL
https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEOjwChzmrMEJ62pJFiiZDng&google_cver=1&google_push=AehlK4CfnX3BV-Az3ALl_fPbkyVmYG2_EjRBKwFDA2izyDkbcAvqu2Mi4X3SucyooJ-4e0f9fBs_H1R3yuQ-V78tyzaHm3laV1e4_Q
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/bg/hd9qiIGAqjescZkeItwy2wgAtCffeqilIyGkY3Q_MTc.js
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220822&jk=1271092954696629&rc=

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ string| GoogleAnalyticsObject function| ga object| dataLayer object| _mN function| logFailoverPing object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| wp object| twemoji function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| google_tag_manager object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture boolean| isPending string| prebid_file function| findCMP_PixFuture object| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients

69 Cookies

Domain/Path Name / Value
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _gid
Value: GA1.2.941409000.1661285452
.securityaffairs.co/ Name: _gat
Value: 1
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1661285452.1.0.1661285452.0.0.0
.securityaffairs.co/ Name: _ga
Value: GA1.1.1595664349.1661285452
.agkn.com/ Name: ab
Value: 0001%3Aj3%2F2oTDeFZCd3Dmaw8g9LYWvCGXCLT3j
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.securityaffairs.co/ Name: _pubcid
Value: c8e1cefe-a0fa-4c77-a187-7e3759fa7e35
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-08-23T20%3A10%3A52%22%7D
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2C%unqZbr!]tbP6j2F-XstGt!@DH[$^^6z
.adnxs.com/ Name: uuid2
Value: 8897075711278565879
.rubiconproject.com/ Name: khaos
Value: L76MGRG3-M-7QOV
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qr24PVnXnL/eQNb0fGVcfL/XWaA1sYWTLHCRi4Lg8bJK7p9U68dlNfx5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
.securityaffairs.co/ Name: cto_bundle
Value: SMVtHl8lMkJBNFI0TDRiSENZTjRlSDQ5MmNld1FYMVJkMDlFaDl0eFpFVGtIWlhIR2VvdFdiSUltJTJCaDkza01DJTJCenZ2M2U1SjI2SndBZVdXaDNoajVKWFZmV3huTGZGciUyRlNxVGhTNVlYNmVLbVlIbU8zZVJlUDdCNkJ6Wms4SnROSEtaRVhG
.securityaffairs.co/ Name: cto_bidid
Value: Xeq5Yl9wY0N3ckVad0VmTCUyRkp0b1d0dlQ0T2JkRWo2S3BPMXFpZmx2WDFBOEM2UFJhNDlrTUViSVJrakRtSUxzczBOQ24zR09nMWJnMnFzVk9MeHhkaHZKb3l3JTNEJTNE
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: HAPLB8A
Value: s8544|YwUx0
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: AOcWnmSwpKDivdPz
.casalemedia.com/ Name: CMID
Value: YwU0TWG8g7NCjw3rhpyPXAAA
.casalemedia.com/ Name: CMPS
Value: 1128
.zeotap.com/ Name: zc
Value: 55f4f045-f407-43d8-5e4e-7a59ff4c9ade
.zeotap.com/ Name: zsc
Value: N%A8%B9%0E.%BE%5C%1Fw%1C%A7%5C%CA%05%C1SJ%DDFz%2F%C9%9D%D0%9Ae%AD%F0%D6TR%99%A5q%CC%05%BE%C4%D46%24AS%9B%FEq%D1%9Bb%A6%0DA%9B%81%F2%2B%15%DD%F0%0A%EA%FA2%98%D8%9E%FD%DA%B1%05%A3ir%2C%C6%91%06%E0%F4us%D5%DE%F4%8A%BB%13%26%3D%FA_%F1%A0s%F3%7Dg%FDK%A5%D3%27%A4%15%B0Py%01t%DA%25%85%1B%95%88%EE%CE%AB%01%E2%A1%AD%9EVI%C8%98%3E%80%2B%0E%3E%E4%ADI%FB%B2%D9%81q%EB%29%7BY%D6%BE2%87%00%96%0F-%BD%E2%F1%E1%1BK%CCl%E68%8B%D29%7F%D7+
.casalemedia.com/ Name: CMPRO
Value: 1160
.casalemedia.com/ Name: CMRUM3
Value: f16305344d05a0&2f6305344d05a0&416305344d05a0&276305344d0b40&bc6305344d05a00&2d6305344d05a0&e66305344d2760&bf6305344d05a0
.casalemedia.com/ Name: CMST
Value: YwU0TWMFNE0A
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-8480c5d4-c6ca-3ae3-88e6-0346103ba4b6
.demdex.net/ Name: demdex
Value: 45037441285948232663779435849935842974
.adfarm1.adition.com/ Name: UserID1
Value: 7135166694255097999
.w55c.net/ Name: wfivefivec
Value: K5Y0Dlv21OqAeG5
.weborama.fr/ Name: AFFICHE_W
Value: pIS-S6U08xGk86
.tidaltv.com/ Name: tidal_ttid
Value: 22581ba0-d393-4850-be85-18e43739b2a7
.dpm.demdex.net/ Name: dpm
Value: 45037441285948232663779435849935842974
.w55c.net/ Name: matchcasale
Value: 5
.brand-display.com/ Name: _knxq_
Value: b59e17da-5058-0ef4-6d958fc3.1661285454.0.1661285454.1661285454
.theadex.com/ Name: axd
Value: 4303540644834428797
.theadex.com/ Name: tis_agL
Value: agLeAo4z
.doubleclick.net/ Name: IDE
Value: AHWqTUn3HW3gaIOv6VCG7JKnyD8bx03siiu8hc_lM6L1xNk7ftiPnrjIY8UBpF2LmU8
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NjK0sDK0MAIAjH390AkAAAA="
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQU9jV25tU3dwS0RpdmRQeiIsImV4cGlyZXMiOiIyMDIyLTA5LTA2VDIwOjEwOjU0LjI5MTM4NzA0MloifX0sImJkYXkiOiIyMDIyLTA4LTIzVDIwOjEwOjU0LjI5MTM2OTY1N1oifQ==
.rlcdn.com/ Name: rlas3
Value: QEPiGpSZQuf36+Wr8Ez6SOqEPE/3dZqEpQ01gQUtEaY=
.rlcdn.com/ Name: pxrc
Value: CM7olJgGEgYIkLwrEAA=
.tapad.com/ Name: TapAd_TS
Value: 1661285454144
.tapad.com/ Name: TapAd_DID
Value: a0fa7f10-6101-4a9d-88a2-79c8149a976d
.richaudience.com/ Name: avcid-zeo-uid
Value: 55f4f045-f407-43d8-5e4e-7a59ff4c9ade
.krxd.net/ Name: _kuid_
Value: PCTAdd7S
.casalemedia.com/ Name: CMTS
Value: 1107
.mathtag.com/ Name: uuid
Value: 815f6305-344e-4000-930d-24f05a698f1a
.yahoo.com/ Name: A3
Value: d=AQABBE40BWMCEE0MnTzSElDF1T1Ll4E2ECsFEgEBAQGFBmMPYwAAAAAA_eMAAA&S=AQAAAvXewywy8he5l8AqcvYP4jk
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&7a22beec-bb06-47cc-88a3-b8392aaa09e2"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjEyODU0NTQ7MjswMjFAuf3A9XkfUd1LP2W5lrJNdb2AmH8SZUzl4h51pFSRMQ==
.linkedin.com/ Name: lidc
Value: "b=TGST03:s=T:r=T:a=T:p=T:g=2822:u=1:x=1:i=1661285454:t=1661371854:v=2:sig=AQGSMKiij3nhHqOmafqs0z7rXXYYzJrg"
.fwmrm.net/ Name: _uid
Value: "o0b7b_7135166694251191492"
.amazon-adsystem.com/ Name: ad-id
Value: A4ZmNX6SJEHtqhOY0s0ZCRI
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 4302902058995668923
.audrte.com/ Name: arcki2_ddp
Value: CAESENELhba-eCPS_nSzOWZPsPg!20210804!1661285455232
.audrte.com/ Name: arcki2_adform
Value: 4302902058995668923!20210804!1661285455366
.audrte.com/ Name: arcki2_TTT
Value: 1661285455367!g9mHLMoaQ-PQKS5KEmRtQgvog!H4sIAAAAAAAAAB2WTc4upw6EF8PYEmAwZpjBHVxFySDKBjA/+19Cnn6PdKT+3qZtU64qe44ze21VRrkmba4qc40sOlucva+fO9KuZ5Y8p5S+Q3SdLXGfy9Ldl5ecNXYqkevrbUttK6TdcmTel6Ude1r26/FmUqv2bDW5d5NE40g8fTJskvGso7OmfQixn8ptnNSZl7hTWPGI+cJ6jpJsz9Xm6TKeV9FrpMuPJ8rIRDtlzVT3fC9nk3Gji/ZyZZVwCV5a9Pz29nTOqGMWCvfm0rrxfo4u+66xp/nsb6V5SbcsZL3hot6nrG1d5rYybmk3t5ci39p8upylXVrZBpih4m2pzWXX66Nwe9f8SssTxGvrsvpr0l7tZQNmrJYMaPL2LCNPXs0bEv128T0A+1DX8dT9lFeiyXAl3CXcLFHEaj6x92rPLQ33ekce4jxxu/Nk1r6laJvv1Ch6S2rFrytttTkuYGYO5Zbpje3SonK4pnwBoWoVChkUvovMM7dcb6ccO6f4SafN8jaVvmPUNOltqGXZMQnrvfXQ1BZt1NXlbn/SRuOQjymPQm++W1d4Wq9ymXW+cgrpTsg0Cj+7WX5r9/d6uvDyVNBbS8FpENMLha/Ml0E495lm3VASgsSFnm2rAcZWAeHefEV40JbW5ygFvsJ8aTEz6Ui8l62rpe4xLN0eS2ehwTpId+8SxPAkN22jawedl1DUq5Oahh4O5TCBBFC+0PU4BiVPenfvuaG/mq7vdlQ3q0tGBs/KrcWBoI3Y/CKmlNuikc56SN19g7k+8qRVas3lQaX3JpF+QnAa0Eu2zu0sr/R2r8ua0rtTiVS7xO5Z7szR4FFt0dMIVR/9cwAFh098MfeSbrS5edXzXqrPp93boApe0GpscRouDmzjuGbFMGZvA4Ufubpo8OlE8t6lO+LcZ6wyetoWqHpwMdu05VQSj5hy32m3ub7cHMT1ENqk6jsgnincGvS7KKEMLVpz0qbWHzLfu/4iAabGRz+rjnDxn5feLBNSqNg12mJBuj6X1NH8XTjAv4SQUURXWfWQBPfjEPS9a9/5zAaaTrVDrA9n5Qdwmk/8ZK5o2TxqVR2alt+HKSzBIKgkHHGejT/RqzssTrXgkK9d6wNMp/CgprUyJmMvn9Va9hlpcLNezsf8L5J+7x+emLHA6cgBeNN+vtdYQyiR3r2+gABS7BnD76EUq2k6mEYpUmEF/oSa8DfoWbkeD8BzU6dzgMuhkc8Hwea9ohbETrkO0Qde0EkGvd8c41PwhxhEDQaIRqmQmkh7KrLBvb9XDSeVwB4Fa78FmTIXTqoYTfsy9WIKoig42g+2vVCb4xAtDfQwv4lhBnMVIycT1lG3V/MN8UpODRlHB8w90Yi2b0rNAKcX/Hx47pq0v1sWzJ1hIG4LCNwWU2S6rtp0Yj20LnagxvrNwxaG2du8UtCaD8zfdKQGS7UDgbX6jR345vwtb6OzOjuWykQ4CG/iEDo+vqBZ8Q5RZ84VbXmrpabPkRhdyOMuLHot0lUa0J/iCaP0XFfCZnL7sSArhwYxl22Xy1DD68t4b6fX9jmOUCyGMe9g+7JcZfc+Dm5PJQ6f7hmjLME4CjjV+MYKCiuV1F/ta6WGzm3if+N9JlZ/kioDMw78HtwbAwj6fyMak/zNlofrRJ8dRMbtEAW97XTXpNV877QJPq2MYVzmkQHgm9NKPen/f//1xz9//u9fIceQiktw8XS6vX6R31wfFfFECSgqpGTmoi/9bMTXbZ2Oo77J95Aep+NPr3WzTuh4mi49bovvFSw/8UOA8b6n8bBxer0zc6Ln7KwH/OfOH8vWWpc5Mb1OhBUtM5awrWMmUVGr7m92EQTjHueW9+IeS3vnXQ1XrPa1vbKmOOAiOWwMMTTuntzw9sp6gLuixv5BVCE1s22cisyzbqyNaVAMFp67Qd+/hQmIdQREG7nt3ZPPkVe8J/d8TvqhO+udbE1zIBt2LvWkpAl4A9/1m6ftsAt9DT58+RBSs54Yret+CxVj63P3A1UrMdGM1x3+WGKSZS7KZVmjAq+xX6Q3pH/kOdp+7k7X7SrcaM5q1WrGQR70nrcx5wrAYSPfVI0MevdbHNsnaZpgklkC8OV6Y19m/Dpts06GfYU/Fp712L/YgbQgGQQ20mKcOluTYKewAO5ht+9KZ+BlpqVyNEUPqqVc5tP7EM/fxGGJm1z6LtWrlvrCBNgLaTDLjWLf3xpkcu6q3LztxfYJLzBfqDy+XYrFFU8+t+I1Jxr9idNKwlWZidwex8AkD8aNw7Nn4qwdX2NStlQP7ruWwddv7+CD73bfPl5Ymfpj9e7/AdPACBulCwAA
.audrte.com/ Name: arcki2
Value: g9mHLMoaQ-PQKS5KEmRtQgvog!20210804!1661285455503
.eyeota.net/ Name: SERVERID
Value: 21121~DM
.securityaffairs.co/ Name: __gads
Value: ID=1812ca91ba5b25a9-221d152201ce0079:T=1661285456:RT=1661285456:S=ALNI_MbrclLYLseh-PmuX6HjlWzI75j9bQ

11 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 389)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 390)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 391)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 392)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
javascript error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D55f4f045-f407-43d8-5e4e-7a59ff4c9ade%26reqId%3Df5a2ba58-6151-4f39-5745-1e1bbd017902%26zdid%3D1361
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://tags.bluekai.com/site/87734?id=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=55f4f045-f407-43d8-5e4e-7a59ff4c9ade&reqId=f5a2ba58-6151-4f39-5745-1e1bbd017902&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDQgj0qODFPvQF_w4QXLRvI&google_cver=1&google_push=AehlK4CwYxvaw3rWy1LQAgV7PeAYKXx7UHeLOZjCr1JwXFcwW9qFo-XmR8eWhsovXs8hRChxQ3abKO4BKxqF3Epd7xA2kpyRpVsx
Message:
Failed to load resource: the server responded with a status of 503 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
bcp.crwdcntrl.net
beacon.krxd.net
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c.eu1.dyntrk.com
c2shb.ssp.yahoo.com
casale-match.dotomi.com
cc.adingo.jp
cdn.bizibly.com
cdn.pixfuture.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
contextual.media.net
dmp.adform.net
dmp.brand-display.com
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fksnk.com
fonts.googleapis.com
gcm.ctnsnet.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
match.adsrvr.org
match.sharethrough.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-us-east.rubiconproject.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
ps.eyeota.net
px.ads.linkedin.com
r.casalemedia.com
r.turn.com
region1.google-analytics.com
rtb.adentifi.com
s.amazon-adsystem.com
s.e-planning.net
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securityaffairs.co
served-by.pixfuture.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssp.disqus.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.richaudience.com
sync.srv.stackadapt.com
sync.teads.tv
sync.tidaltv.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-iad04.e-planning.net
u.openx.net
us-u.openx.net
usermatch.krxd.net
vid.vidoomy.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
api.rlcdn.com
cc.adingo.jp
fonts.googleapis.com
match.sharethrough.com
pagead2.googlesyndication.com
r.turn.com
ssc.33across.com
sync.srv.stackadapt.com
104.111.242.245
104.17.120.107
104.18.18.126
104.18.19.126
107.178.246.49
13.225.78.37
13.32.99.78
135.125.160.77
137.184.242.150
141.95.98.65
142.250.181.226
142.250.184.226
142.250.186.66
15.197.193.217
151.1.205.165
151.101.194.49
151.101.65.108
152.195.15.58
168.119.149.178
172.98.26.121
172.98.26.125
174.129.105.163
174.137.133.49
178.250.2.146
18.158.190.248
185.15.245.83
185.64.189.112
185.86.139.95
185.89.211.12
185.89.211.84
192.0.76.3
192.0.77.2
198.47.127.19
2.18.233.201
2.18.235.93
2001:4860:4802:34::36
2001:8d8:100f:f000::289
205.234.175.175
209.54.182.161
212.82.100.182
216.52.2.39
23.205.235.133
23.35.228.23
23.35.236.201
23.75.240.210
2600:1f16:e61:3f00:93d2:52b:cea6:7db8
2600:9000:20eb:c400:3:c04e:c780:93a1
2600:9000:20eb:c800:c:abe:f440:93a1
2602:803:c003:200::61
2606:4700:10::6816:1957
2606:4700:20::681a:644
2606:4700::6812:acf
2620:1ec:21::14
2a00:1288:80:807::2
2a00:1450:4001:806::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:813::2008
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2006
2a02:2638:1::13
2a02:6ea0:c700::18
2a02:fa8:8806:12::1370
2a04:4e42:400::300
2a05:d018:24:b002:4b1d:b4d8:d7a1:7bd5
2a05:d018:d29:3601:6b06:26e1:4300:34b
3.132.155.94
3.232.64.79
3.64.108.197
34.107.148.139
34.111.131.239
34.111.151.213
34.196.96.235
34.205.124.206
34.252.199.249
34.255.225.203
35.158.20.56
35.186.193.173
35.190.60.146
35.244.159.8
37.157.2.239
51.158.28.82
51.89.9.254
52.206.68.186
52.4.33.45
52.72.177.11
52.95.125.22
54.152.219.204
54.164.129.77
54.243.198.75
54.78.254.47
67.202.105.22
68.183.31.14
69.166.1.15
69.173.144.138
69.173.144.139
69.173.151.100
69.192.160.219
85.114.159.118
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
02c2bc873706b969cfa158bd9586caceb487c7c3ea68d5bac6fbb8dbf2138a2d
05a6edae07b133b9b27d25b6df60016908a05db08d44c505b7afd53c56867c91
05c2df6f880821a5412da5bd32e02e32386fd9419751854934a7dc290299dda7
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0847f2b5aad6239a4dc45599d8c8941ef8d347560d8d708ff602a149cd3187e5
0ae4083d6122dd541bfff88c9450701e2076199e05a1203cbdffd03732d095c1
0b11f3ebcdaee9f2c375600391daa93ba1ab5274dcae31a77af3ebc7c9e0bf1f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0cb65845f5a4a0b4e7281b9e846e7d04771be053f0729f34bba22ec4ec7c0382
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
10edff49f8c05f32543b533aaacb096a5e07f4de51b107b25f8ee76207d7d30c
11aec997464b179c3ef245b17d1ce9c2965634e23ded2ab9e5d51364caf490d9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1a5b2672823a1a10d7ae5c4af371d3a09598d1c2815c8b09cb258bd17bccf96e
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1c5b986abda81f6ccecf23a6946ba0bea84303f973d59b1a002f4f88749cf1e7
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
215a2eea7d67d08fa3b90f935f43c6a2f80c912d9eb3db986eb370116e5cfa8b
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2ca255fd4cde9981e90de28f5642c4069a1393e1049edf923c4c656d74e6227a
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33a3605b6a9943f44fa71ae241090c61e6df682700e4a07846ec9e60860b10c3
3723f07c34b2c950803b130d7604825b7e4d81e0007444723f01245e4cbd27d1
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3b7859cd853c2371945f6490d969601eca2aa4b9669f7af05d7e3a546595f540
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
411f5447558df29814ddf3296a10673f066cab570696ace7f80031289ef7ec94
4283017e2719dbeaabcc2c3fe171a6fd6f2941bf933f2be98d6295fb1f8d5cae
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
48acfb4d54e849db7ebb5b083c4843a615a19f83dbfb73d5b1c8b44347ecf70f
4a77aa8515e0914305d566f070e6aed1f158741280d2dfb5a9cd6d48c8bb3599
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4cfc4351f84af123af27bf0c2ac6164f92bf0c1dbb033a0bf0e3c7d25f9ef2f1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f859cadda4f55e61fb98f51e2db59f7c789115830a60ae47cdcd5bed94854c2
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
534b1c0a9029601d9eea1ba65bde9d809fcc85a1b4b91d39581fa3f81b0fc816
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
648fca982d6855ce943e98199386947631852939971e86898bd54f5c05bd01df
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
6726257bf91f6c971363480bb63164537b19bfd2d3c34133196f755922dda986
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6e155eb66948cb13b18b47112618311f4ee4d53304875a149f9f7b666d30a11e
6e963740b72632083df3e640be36cb8c6337aaad30c1cd51ec14802b9c2406da
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
72133d32df2afc6b9627d461268f0b37980034d4ab0a575912b80bcca5e6c609
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76e7054b15dc0f0fb484a2c95737fba13ef39c7717f389001867132fe0a81e4a
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
85df6a888180aa37ac71991e22dc32db0800b427df7aa8a52321a463743f3137
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
88162166625901fbcdc74789389ec23ce09b147a0190b13b89332a69125575fa
88885639a47e159a207aeee8cb7c86f4581d83aed11fbca1fa336926a74ea08c
8a6ff6d0a573cf22733dbc6b59e5bdf0ba50993447b5af0aaabb7ebd193405d0
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8faa473c93f596b9e81bc9eb37bd1d2fb0239f62ee30ee2a59a6d3e38d5d3711
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32
9feefbb9b5b7fb405ccd9d806b13c07908100ecbe0f55c2c485f3091936de7d9
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3
a63410e44c5ab0c0c5cf8ea5514e4b334f60d20c2ae86a9d686c105a749eb261
a7366f573a428638ca07043e8d63d12909260623923431faa3c46bed59f9ee43
a92f3f08afbadfd29c61d8b7e49c53616d201e5eabaccb90b91f39e98f39f012
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
ac3e300152c6f1b64b2af36fdbd7c557c97ab4d05840833ccb68d18ca4bba433
ac8e9fe6abad8c61f68305e217a60554161603c008d3fc7b178120f675b8e9ce
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0eaabca31ab1a868f8b464116c58bad92ddf1115263cf5468d537cd1c2f0c5c
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34b10bbc97d3457a9e8c59779850e01d45160be2c72ac4e5f7bdb0eb3635cef
b45ec4d08f4adc2a767d2cc32412b1b176b7eff2ed0247f1f682ed2a155c2366
b6a3ee62d947697275776e9f176744cc5041ad34f22dd0c1b48f5db5c716c739
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
bdcb6dcac177e2bd242d497b88d719c4679b755e96e4c50301818c8bbbb54036
bde968d971ad6c7d8ccfb6e2bb4e8c2aa337ee85bd7ac79b0c78cbbcf7c6bc47
bded81b3343ca2138f17d3cfdfe835a723cfc51232eb672e3a7a904eda3ac572
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c37f0638aea7427161e04791736d419b581672d91342c43f74fed6caaf93fc23
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d25eb2099a62e609d61961d156e76dc97b114b30f0ddc2bf53b047142141cd67
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d9393d6f69b1aaa9ec2c90fb5115dc3c48f9d5e43e9dd440ae22e7ce3ad066c1
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
daf92c82c637532aeb9ecd9f35a952a776f9cbe815d85022545b463a44fa45f9
db2175fffb1a59f6b07a5b10c728a0d7cdbe90e33794678d0d958d4da934578b
dd6ff8484afb4e1147726d409ad3ab1d41900885756dec9654e3c191a0406225
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e5a60c03a7ac0033874b06898e7d33e5baa504587739cab70acbed545d69c1f1
e79dcb9b9140b13b721fa9fba75dea3609c158632adf11e8e61aad5f2f4afe2b
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ee09da3ee1d48f0a0671fb34cab548d6921e76d37bb268ab640cae79aa7a25f4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f11405bc8426b53fda439e8d37e97e2a0a9f33e0660eb0b4953608fa746b570d
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f8d898545c96f8682748ea467e823e862818d5d216a7cbf0647d8eeb4d094d82
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fd220df146748e62564afbe3c20d831eb9cb64a89c6686836b3b8be811b8be0c
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0