urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Submission Tags: falconsandbox
Submission: On August 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 91 IPs in 13 countries across 73 domains to perform 385 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 329195.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2022. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:20e... 16509 (AMAZON-02)
1 13.224.189.11 16509 (AMAZON-02)
5 184.51.8.30 16625 (AKAMAI-AS)
13 68.183.31.14 14061 (DIGITALOC...)
9 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 18.119.23.78 16509 (AMAZON-02)
1 2600:9000:206... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
1 2001:4860:480... 15169 (GOOGLE)
2 23.47.212.25 16625 (AKAMAI-AS)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2 3.64.108.197 16509 (AMAZON-02)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 4 185.89.210.180 29990 (ASN-APPNEX)
2 74.119.119.139 19750 (AS-CRITEO)
1 141.95.98.70 16276 (OVH)
5 35.71.131.137 16509 (AMAZON-02)
6 137.184.242.150 14061 (DIGITALOC...)
10 34.98.64.218 15169 (GOOGLE)
4 216.52.2.30 30282 (AS-INAPCD...)
2 3.92.156.8 14618 (AMAZON-AES)
2 16 185.83.142.19 29990 (ASN-APPNEX)
4 185.64.189.112 62713 (AS-PUBMATIC)
4 34.107.148.139 15169 (GOOGLE)
4 69.166.1.15 27630 (AS-XFERNET)
4 3.121.251.124 16509 (AMAZON-02)
4 2602:803:c004... 26667 (RUBICONPR...)
4 81.17.55.112 60781 (LEASEWEB-...)
3 18.195.145.239 16509 (AMAZON-02)
1 2 5.178.65.245 50673 (SERVERIUS-AS)
2 6 54.210.173.147 14618 (AMAZON-AES)
4 5.178.65.246 50673 (SERVERIUS-AS)
1 1 52.22.123.234 14618 (AMAZON-AES)
1 1 23.75.240.210 16625 (AKAMAI-AS)
4 92.123.9.160 16625 (AKAMAI-AS)
3 7 104.18.19.126 13335 (CLOUDFLAR...)
1 104.18.18.126 13335 (CLOUDFLAR...)
1 205.234.175.175 23352 (SERVERCEN...)
1 51.75.86.98 16276 (OVH)
14 2606:4700:10:... 13335 (CLOUDFLAR...)
9 24 142.250.185.130 15169 (GOOGLE)
3 4 107.178.246.49 15169 (GOOGLE)
3 4 37.157.2.234 198622 (ADFORM)
1 2a04:4e42:400... 54113 (FASTLY)
1 2600:1f18:659... 14618 (AMAZON-AES)
2 198.47.127.19 3257 (GTT-BACKB...)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 2 18.202.164.188 16509 (AMAZON-02)
1 18.198.69.109 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
2 2 85.114.159.118 24961 (MYLOC-AS ...)
2 2 34.111.131.239 15169 (GOOGLE)
1 185.15.245.81 24961 (MYLOC-AS ...)
2 3 107.20.181.84 14618 (AMAZON-AES)
1 1 212.82.100.182 34010 (YAHOO-IRD)
2 52.210.248.158 16509 (AMAZON-02)
1 168.119.149.178 24940 (HETZNER-AS)
2 2 151.101.2.49 54113 (FASTLY)
1 1 2.18.233.201 16625 (AKAMAI-AS)
1 1 35.173.74.115 14618 (AMAZON-AES)
3 5 52.95.118.179 16509 (AMAZON-02)
4 7 209.54.182.161 16509 (AMAZON-02)
1 104.111.215.191 16625 (AKAMAI-AS)
1 1 52.31.1.81 16509 (AMAZON-02)
1 69.173.144.165 26667 (RUBICONPR...)
1 2 2a05:d018:d29... 16509 (AMAZON-02)
2 3 23.75.246.168 16625 (AKAMAI-AS)
1 1 2001:678:cb4:... 56396 (AMOBEE)
1 66.155.71.149 13768 (COGECO-PEER1)
5 5 69.173.144.138 26667 (RUBICONPR...)
2 3 69.173.144.139 26667 (RUBICONPR...)
1 2620:1ec:22::14 8068 (MICROSOFT...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
2 172.98.26.121 399668 (E-PLANNING-)
1 2a02:6ea0:c70... 60068 (CDN77 ^_^)
2 13.225.78.37 16509 (AMAZON-02)
1 212.129.3.112 12876 (Online SAS)
1 18.184.216.10 16509 (AMAZON-02)
38 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.66 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 7 2a00:1450:400... 15169 (GOOGLE)
19 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 23.47.208.212 16625 (AKAMAI-AS)
4 151.101.129.108 54113 (FASTLY)
4 104.17.120.107 13335 (CLOUDFLAR...)
1 67.202.105.21 32748 (STEADFAST)
3 23.47.209.72 16625 (AKAMAI-AS)
24 2a00:1450:400... 15169 (GOOGLE)
1 174.137.133.49 27257 (WEBAIR-IN...)
2 2 52.211.22.81 16509 (AMAZON-02)
1 54.64.135.73 16509 (AMAZON-02)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 185.29.132.241 30419 (MEDIAMATH...)
2 2 64.74.236.159 22075 (AS-OUTBRAIN)
2 2 76.223.111.18 16509 (AMAZON-02)
4 172.217.16.130 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.130 15169 (GOOGLE)
385 91
44    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2600:9000:20eb:8600:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ws.sharethis.com
1    13.224.189.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-11.fra2.r.cloudfront.net
platform-api.sharethis.com
5    184.51.8.30 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-8-30.deploy.static.akamaitechnologies.com
contextual.media.net
13    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
9    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    18.119.23.78 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-119-23-78.us-east-2.compute.amazonaws.com
l.sharethis.com
1    2600:9000:206e:9a00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
1    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
google-analytics.com
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
1    2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    23.47.212.25 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-212-25.deploy.static.akamaitechnologies.com
lg3.media.net
3    2606:4700:20::681a:744 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    3.64.108.197 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-108-197.eu-central-1.compute.amazonaws.com
aa.agkn.com
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
4    185.89.210.180 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
2    74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)
mug.criteo.com
1    141.95.98.70 (France)

ASN16276 (OVH, FR)
PTR: ns3216620.ip-141-95-98.eu
id5-sync.com
5    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
6    137.184.242.150 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
10    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
pixfuture2-d.openx.net
u.openx.net
us-u.openx.net
4    216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
2    3.92.156.8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-156-8.compute-1.amazonaws.com
c2shb.ssp.yahoo.com
16    185.83.142.19 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
4    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
4    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
4    69.166.1.15 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
4    3.121.251.124 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-251-124.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
4    2602:803:c004:200::141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
4    81.17.55.112 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
prg.smartadserver.com
3    18.195.145.239 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-145-239.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
2    5.178.65.245 (Rijswijk, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
6    54.210.173.147 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-210-173-147.compute-1.amazonaws.com
a.audrte.com
4    5.178.65.246 (Rijswijk, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
u-ams02.e-planning.net
1    52.22.123.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-123-234.compute-1.amazonaws.com
ssp.disqus.com
1    23.75.240.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    92.123.9.160 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-9-160.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
7    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum.casalemedia.com
dsum-sec.casalemedia.com
1    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
r.casalemedia.com
1    205.234.175.175 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net
i.e-planning.net
1    51.75.86.98 (Istanbul, Turkey)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu
onetag-sys.com
14    2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
24    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
cm.g.doubleclick.net
4    107.178.246.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com
pixel.tapad.com
4    37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
c1.adform.net
1    2a04:4e42:400::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2600:1f18:6593:f601:31be:eaee:1d8c:9fe8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dmp.v.fwmrm.net
2    198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image6.pubmatic.com
2    2a05:d018:24:b002:4b1d:b4d8:d7a1:7bd5 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.tidaltv.com
2    18.202.164.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-164-188.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    18.198.69.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Rogeno, Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
2    85.114.159.118 (Waldshut-Tiengen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    34.111.131.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.131.111.34.bc.googleusercontent.com
idsync.frontend.weborama.fr
1    185.15.245.81 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dmp.theadex.com
3    107.20.181.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-181-84.compute-1.amazonaws.com
bcp.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
2    52.210.248.158 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-248-158.eu-west-1.compute.amazonaws.com
beacon.krxd.net
1    168.119.149.178 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.149.119.168.clients.your-server.de
sync.richaudience.com
2    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    35.173.74.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-74-115.compute-1.amazonaws.com
usermatch.krxd.net
5    52.95.118.179 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
7    209.54.182.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    52.31.1.81 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-1-81.eu-west-1.compute.amazonaws.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
1    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel-eu.rubiconproject.com
2    2a05:d018:d29:3602:d584:42d3:abd8:529d (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
3    23.75.246.168 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-246-168.deploy.static.akamaitechnologies.com
px.owneriq.net
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
1    66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
3    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
2    172.98.26.121 (Ashburn, United States)

ASN399668 (E-PLANNING-, US)
PTR: s.e-planning.net
s.e-planning.net
1    2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
vid.vidoomy.com
2    13.225.78.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-37.fra2.r.cloudfront.net
tags.crwdcntrl.net
1    212.129.3.112 (France)

ASN12876 (Online SAS, FR)
PTR: 212-129-3-112.rev.poneytelecom.eu
js.cookieless-data.com
1    18.184.216.10 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-216-10.eu-central-1.compute.amazonaws.com
ps.eyeota.net
38    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
3    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
partner.googleadservices.com
3    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
3    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
7    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
19    2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
5    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    23.47.208.212 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-208-212.deploy.static.akamaitechnologies.com
ads.pubmatic.com
4    151.101.129.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
4    104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
1    67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
3    23.47.209.72 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-209-72.deploy.static.akamaitechnologies.com
sync.teads.tv
24    2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
2    52.211.22.81 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-22-81.eu-west-1.compute.amazonaws.com
match.360yield.com
1    54.64.135.73 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-64-135-73.ap-northeast-1.compute.amazonaws.com
cc.adingo.jp
1    2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
dclk-match.dotomi.com
1    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    64.74.236.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
4    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net
googleads4.g.doubleclick.net
2    2a00:1450:400e:800::200a (Ireland)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
ade.googlesyndication.com
Apex Domain
Subdomains		 Transfer
58 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123
tpc.googlesyndication.com — Cisco Umbrella Rank: 159
ade.googlesyndication.com — Cisco Umbrella Rank: 285
761 KB
44 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 329195
2 MB
35 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 214
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 303
92 KB
24 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 280
632 KB
24 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 463
ib.adnxs.com — Cisco Umbrella Rank: 230
acdn.adnxs.com — Cisco Umbrella Rank: 604
84 KB
22 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 52506
cdn.pixfuture.com — Cisco Umbrella Rank: 63562
prebidserver.pixfuture.com — Cisco Umbrella Rank: 113191
527 KB
18 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 519
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1015
eus.rubiconproject.com — Cisco Umbrella Rank: 582
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2237
token.rubiconproject.com — Cisco Umbrella Rank: 711
pixel.rubiconproject.com — Cisco Umbrella Rank: 327
28 KB
14 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1891
mwzeom.zeotap.com — Cisco Umbrella Rank: 1478
4 KB
12 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1260
s.amazon-adsystem.com — Cisco Umbrella Rank: 282
9 KB
11 wp.com
i0.wp.com — Cisco Umbrella Rank: 2991
stats.wp.com — Cisco Umbrella Rank: 2570
pixel.wp.com — Cisco Umbrella Rank: 2431
90 KB
11 media.net
contextual.media.net — Cisco Umbrella Rank: 537
lg3.media.net — Cisco Umbrella Rank: 3677
prebid.media.net — Cisco Umbrella Rank: 1269
37 KB
10 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 493
image6.pubmatic.com — Cisco Umbrella Rank: 634
ads.pubmatic.com — Cisco Umbrella Rank: 492
24 KB
10 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 71579
u.openx.net — Cisco Umbrella Rank: 705
us-u.openx.net — Cisco Umbrella Rank: 399
1 KB
9 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 5255
u-ams02.e-planning.net — Cisco Umbrella Rank: 85411
i.e-planning.net — Cisco Umbrella Rank: 7512
s.e-planning.net — Cisco Umbrella Rank: 7146
4 KB
8 google.com
adservice.google.com — Cisco Umbrella Rank: 88
www.google.com — Cisco Umbrella Rank: 9
2 KB
8 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1324
r.casalemedia.com — Cisco Umbrella Rank: 778
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 525
8 KB
6 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2195
10 KB
6 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1019
cms.analytics.yahoo.com — Cisco Umbrella Rank: 796
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 488
ads.yahoo.com — Cisco Umbrella Rank: 2295
3 KB
5 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 820
tags.crwdcntrl.net — Cisco Umbrella Rank: 1220
17 KB
5 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 371
1 KB
5 sharethis.com
ws.sharethis.com — Cisco Umbrella Rank: 8483
platform-api.sharethis.com — Cisco Umbrella Rank: 4580
l.sharethis.com — Cisco Umbrella Rank: 4476
buttons-config.sharethis.com — Cisco Umbrella Rank: 5510
57 KB
4 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2946
5 KB
4 adform.net
dmp.adform.net — Cisco Umbrella Rank: 5038
c1.adform.net — Cisco Umbrella Rank: 612
2 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 464
1 KB
4 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1497
1 KB
4 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2636
637 B
4 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1901
3 KB
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 654
3 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 407
mug.criteo.com — Cisco Umbrella Rank: 2790
1 KB
3 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1030
516 B
3 google.de
adservice.google.de — Cisco Umbrella Rank: 8811
1 KB
3 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 882
1 KB
3 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 1018
1 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 515
usermatch.krxd.net — Cisco Umbrella Rank: 1240
942 B
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1244
475 B
3 google-analytics.com
google-analytics.com — Cisco Umbrella Rank: 36
www.google-analytics.com — Cisco Umbrella Rank: 45
region1.google-analytics.com — Cisco Umbrella Rank: 3094
21 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 418
945 B
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 572
1 KB
2 360yield.com
match.360yield.com — Cisco Umbrella Rank: 4096
787 B
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 194
87 KB
2 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1005
sync.mathtag.com — Cisco Umbrella Rank: 476
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 590
856 B
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 25384
681 B
2 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1558
1 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 201
2 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1122
751 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 461
988 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
108 KB
2 googleapis.com
fonts.googleapis.com Failed
ajax.googleapis.com — Cisco Umbrella Rank: 286
11 KB
1 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 2749
104 B
1 adingo.jp
cc.adingo.jp — Cisco Umbrella Rank: 3586
44 B
1 adkernel.com
dsp.adkernel.com — Cisco Umbrella Rank: 6522
233 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 949
1 KB
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 7261
535 B
1 vidoomy.com
vid.vidoomy.com — Cisco Umbrella Rank: 5036
17 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 370
708 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602
191 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 792
425 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 93873
215 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 486
145 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1918
361 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 20216
220 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 117032
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 7247
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 11716
411 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 707
161 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
1 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 2420
306 B
1 33across.com
ssc.33across.com Failed
ssc-cms.33across.com — Cisco Umbrella Rank: 999
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 508
625 B
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 1543
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 727
6 KB
0 rlcdn.com Failed
api.rlcdn.com Failed
385 73
Domain Requested by
44 securityaffairs.co securityaffairs.co
38 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
securityaffairs.co
googleads.g.doubleclick.net
tpc.googlesyndication.com
s0.2mdn.net
www.googletagservices.com
24 s0.2mdn.net securityaffairs.co
googleads.g.doubleclick.net
s0.2mdn.net
24 cm.g.doubleclick.net 9 redirects spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
googleads.g.doubleclick.net
19 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
s0.2mdn.net
16 ib.adnxs.com 2 redirects cdn.pixfuture.com
spl.zeotap.com
googleads.g.doubleclick.net
acdn.adnxs.com
13 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
pagead2.googlesyndication.com
11 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
9 i0.wp.com securityaffairs.co
7 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
7 s.amazon-adsystem.com 4 redirects ads.us.e-planning.net
r.casalemedia.com
eus.rubiconproject.com
6 dsum-sec.casalemedia.com 2 redirects r.casalemedia.com
googleads.g.doubleclick.net
6 a.audrte.com 2 redirects ads.us.e-planning.net
a.audrte.com
6 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
5 www.google.com googleads.g.doubleclick.net
tpc.googlesyndication.com
5 token.rubiconproject.com 5 redirects
5 aax-eu.amazon-adsystem.com 3 redirects ads.us.e-planning.net
eus.rubiconproject.com
5 match.adsrvr.org cdn.pixfuture.com
ads.us.e-planning.net
spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
5 contextual.media.net securityaffairs.co
cdn.pixfuture.com
4 googleads4.g.doubleclick.net securityaffairs.co
4 biddr.brealtime.com cdn.pixfuture.com
4 acdn.adnxs.com cdn.pixfuture.com
4 u.openx.net cdn.pixfuture.com
4 ads.pubmatic.com cdn.pixfuture.com
4 pixel.tapad.com 3 redirects ads.us.e-planning.net
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 u-ams02.e-planning.net ads.us.e-planning.net
r.casalemedia.com
vid.vidoomy.com
4 prg.smartadserver.com cdn.pixfuture.com
4 fastlane.rubiconproject.com cdn.pixfuture.com
4 hb.emxdgt.com cdn.pixfuture.com
4 apex.go.sonobi.com cdn.pixfuture.com
4 prebid.media.net cdn.pixfuture.com
4 hbopenbid.pubmatic.com cdn.pixfuture.com
4 ap.lijit.com cdn.pixfuture.com
4 pixfuture2-d.openx.net cdn.pixfuture.com
4 secure.adnxs.com 2 redirects
3 sync.teads.tv googleads.g.doubleclick.net
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
3 partner.googleadservices.com pagead2.googlesyndication.com
3 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
3 px.owneriq.net 2 redirects r.casalemedia.com
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 dmp.adform.net 2 redirects spl.zeotap.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 btlr.sharethrough.com cdn.pixfuture.com
3 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
securityaffairs.co
2 ajax.googleapis.com s0.2mdn.net
2 eb2.3lift.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 match.360yield.com 2 redirects
2 us-u.openx.net googleads.g.doubleclick.net
2 www.googletagservices.com googleads.g.doubleclick.net
2 tags.crwdcntrl.net s.e-planning.net
tags.crwdcntrl.net
2 s.e-planning.net ads.us.e-planning.net
2 pr-bh.ybp.yahoo.com 1 redirects r.casalemedia.com
2 sync-tm.everesttech.net 2 redirects
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 idsync.frontend.weborama.fr 2 redirects
2 dsp.adfarm1.adition.com 2 redirects
2 dpm.demdex.net 2 redirects
2 sync.tidaltv.com 2 redirects
2 image6.pubmatic.com spl.zeotap.com
ads.pubmatic.com
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 c2shb.ssp.yahoo.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 aa.agkn.com 1 redirects cdn.pixfuture.com
2 lg3.media.net securityaffairs.co
2 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
2 l.sharethis.com ws.sharethis.com
securityaffairs.co
1 ade.googlesyndication.com
1 sync.mathtag.com 1 redirects
1 dclk-match.dotomi.com googleads.g.doubleclick.net
1 cc.adingo.jp googleads.g.doubleclick.net
1 dsp.adkernel.com googleads.g.doubleclick.net
1 c1.adform.net 1 redirects
1 ssc-cms.33across.com cdn.pixfuture.com
1 ps.eyeota.net
1 js.cookieless-data.com s.e-planning.net
1 vid.vidoomy.com ads.us.e-planning.net
1 ads.yahoo.com eus.rubiconproject.com
1 px.ads.linkedin.com eus.rubiconproject.com
1 pixel-sync.sitescout.com r.casalemedia.com
1 ad.turn.com 1 redirects
1 pixel-eu.rubiconproject.com eus.rubiconproject.com
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 sync.richaudience.com spl.zeotap.com
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 onetag-sys.com ads.us.e-planning.net
1 i.e-planning.net ads.us.e-planning.net
1 r.casalemedia.com ads.us.e-planning.net
1 ssum.casalemedia.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 ssp.disqus.com 1 redirects
1 id5-sync.com cdn.pixfuture.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google-analytics.com google-analytics.com
1 pixel.wp.com securityaffairs.co
1 secure.gravatar.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 ssc.33across.com Failed cdn.pixfuture.com
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
385 117
Subject Issuer Validity Valid
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-24 -
2023-04-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
sharethis.com
Amazon		 2022-06-19 -
2023-07-18		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-03		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-11 -
2023-07-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-06-15 -
2022-09-18		 3 months crt.sh
*.id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.emxdgt.com
Amazon		 2022-06-02 -
2023-07-01		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
ads.us.e-planning.net
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
*.audrte.com
Amazon		 2022-02-24 -
2023-03-24		 a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-23 -
2023-02-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-08 -
2023-06-10		 a year crt.sh
dmp.theadex.com
R3		 2022-06-27 -
2022-09-25		 3 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-11 -
2023-03-10		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-06-14 -
2022-12-07		 6 months crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-15 -
2023-01-15		 a year crt.sh
*.e-planning.net
R3		 2022-07-25 -
2022-10-23		 3 months crt.sh
*.vidoomy.com
Sectigo RSA Domain Validation Secure Server CA		 2021-08-06 -
2022-09-05		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-23 -
2023-03-22		 a year crt.sh
eyeota.net
GoGetSSL RSA DV CA		 2022-03-18 -
2023-03-18		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
teads.tv
R3		 2022-08-17 -
2022-11-15		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.adkernel.com
AlphaSSL CA - SHA256 - G2		 2021-12-30 -
2023-01-31		 a year crt.sh
*.adingo.jp
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-06 -
2023-04-14		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh

This page contains 57 frames:

Primary Page: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Frame ID: 5A0E3E2C74B5097064B2BD1FE2376769
Requests: 145 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 5489CB04B4A3150438AD7B6F8A547F38
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Frame ID: 2A9EFC625F7A9AF24998AF5953859953
Requests: 11 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Frame ID: 7A7CC20B5626AB92887CCD51992A1E1B
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: D48714F179B863769563C42A692292C8
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 421B3FAA39987F2CC48363621E632B58
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&cmp=0
Frame ID: 62E0912B93C2D708B209204CBCA3F725
Requests: 31 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Frame ID: 75257C731BFBB4F25E2DE3744E5448DD
Requests: 4 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 246C46F92324AFDE88C02356CD0912B5
Requests: 2 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=3ab023ac29ea5990&fi=b64e3ac329225617&uid=a6f37f0123013099a595be2217fc435a
Frame ID: B5ABCE461B48C84817C0C4FFB6B7A64C
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AP3fqtLErQGn8k-G
Frame ID: 3F5D9588E87390A9C4B83C2198633611
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 3053D9608950DCDD944A564DAF535341
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: F19B3CA9421F381C2F95A001E55C88D7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: EEE56B698E7FB1269E72D0BAFCD82DB0
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 2838B3D6AE09E65820005A9D4CC0ADD0
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Frame ID: 83BA2F0375DAAA510586C75FE3BDA3CE
Requests: 15 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 2392770A57FAAEE38EEE119888D3A885
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Frame ID: BFA38B72DA45F2668E56EED945AA0616
Requests: 16 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 020A29187C19E8C11434BB403DD6D935
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: CD6CC9FF517C8F7CBE7D1BAD8C0931D9
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 22B7D1A2410343D75736318F3EA11667
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CB27788CFE4C6D7460894CB808863F9F
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 0D672B274CA2B536321D6E286C164A4E
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 1BA897E9632B4FD409973B96EA276A2D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B9E4AA032A40DBAF6E09869068503A39
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 85E1E063F42BB2BBA6FA14EC45765131
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 09EE38F1FD87B8E4F6010920B8DAF414
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 19A993D5D42DE26762793D062C6261A3
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8FD522C9578ECE6F4152A7CF78B459F4
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F86999639C9624EB2E3F74A901FD8BDB
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 4A032BE4EB6D6A9A6641244C64B517DA
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: E55579C80AAAFCFC875EAF7BECD69CBC
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 8CFECC0E0AE53E65F1A4B25083E6A623
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: AA6F5C5B524E44CFA2DD6E70003DC6F7
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: F49A089F2DCDFB8A3C90B0CD5864301F
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 9C64FD89246402C7C75E949AA021F1B8
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 0E5B7000C1A41DA1AB09FD2F2D48F8F5
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C77A3CE4E323F6C37B1621BFA98DA8AA
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 1E7C8F369DEA0DF426712950215EA241
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 450D90C46995E63B45B1091FC5F5ABB7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-eD4xgEwAQ&v=APEucNUdvzUkr0vaUE8eztA2iMniLYygavjgep_eRYpOKYEArZX_zMRrpE7XzqtnGAIBFZC6HZOJqRLBiDZUILE09-yKkXRAYNOfS7EoLysNvJdU8PZsrLqpS0erWIOSRdzgjtNbFAHRfxn8Jb-jZDTNb3zdEJ-1PArMKT-meWFL0rULM5wXgHCxlw346W_I39WeuSWbNLpkm4-17qTENEnEn2tJkCXpFw
Frame ID: 4FE2AFF211A6FB9A691DF469969FBD61
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYidrjwAEwAQ&v=APEucNU8sXXhgtDyx-G7dpBfspv0qoTtYhVOZCOAb6dxKo_kj4mgQzsPZDFsMyYPfIIAmYYN9Mr3vxp60el7jDdyYcxBxh1IrEnRLrlGM54MSLOVlf4VQNeBVqcSdudG8o-Nz16r47pK7WEUBa8Xr4AuONhba2-KSjTiYZs1eysLWeMeUL95RvyKOcTwEXGk6j92sbD8g1JCVagW4SYmX5Ttwvyk2gf4eA
Frame ID: 6340A857BEBCD402BF5BDC714E5E8A0C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E7F78B9C587C0090C1E9F0309441BC89
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 62C6B50DC60955A0B82AF28F78B8DB10
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 17BC6862F57A688F2769D9DCE951D045
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 785FB9DDC0D6E2013EB2E4BEC1D9D542
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Frame ID: 0E91E336906469D57177167D363AAED3
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
Frame ID: 831A55DC17929486722D4FC3E7510B7A
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E56EE38AD9A5D3AC68A95D8969E98988
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A590CB790021BD1E8E5E106FEF4756F0
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 23F098FB742CB079A96E524E09B66AA8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D6F0A5036387A59C890DDD602914120C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EF33CDF3855DB42E89F7E4E54079CDA0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5001EC05784CDB37E524E75840E12D31
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Frame ID: 3ECB3E2CB1E49D74C37EA59C21EEA5E3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Frame ID: 70C4000185261C498086F81071A64D06
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/300x250.png
Frame ID: F66DFA4A0119B6FEEB7552AEF5FF56C1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Russia-linked APT29 targets diplomatic and government organizationsSecurity Affairs

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

385
Requests

85 %
HTTPS

29 %
IPv6

73
Domains

117
Subdomains

91
IPs

13
Countries

4200 kB
Transfer

7072 kB
Size

74
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 83
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 84
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=boCBaHxJY2UyZTNiOHM0YTJRY3FVVVc1NmhDQVkvQjhwUDdPem5PNy9iL1BkUUExSUU0S1Frb3NmQUU4ciswaU5YWkN2TGdIdDkxSWRRZ0Q2MnVCWndtOGoxYm5ZUGoraXg4Q29HeHphQ3lNTkpwdjc5SmlXR0t1VHczaGZvRk1td0ZpdTUvRXlPVllKa3RUU1hNNXVlaVJBMkNGbUlWb1k0Mnh0bkpYQ3p0LzZnQStuQjNhK2VNMUVIYkRzeldCZXlVRHVaWEZSam9LakpIM2Fxald3LytzdG5KVHBQZGNETlRJVUF1UkZsM1VIYUVFPXw&cppv=2
Request Chain 139
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 141
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Db64e3ac329225617%26uid%3D%24UID HTTP 302
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=b64e3ac329225617&uid=3119965975177955759
Request Chain 142
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3Db64e3ac329225617%26uid%3D%24UID&partner=eplanning HTTP 302
  • https://u-ams02.e-planning.net/um?dc=e64f73568d2b3c34&fi=b64e3ac329225617&uid=69a8caf6-c865-5113-a9ef-ead0c728d842
Request Chain 143
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Request Chain 144
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D HTTP 302
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Request Chain 150
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3efb33c3-89a3-4069-9530-1128aeb28b5a%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253D3efb33c3-89a3-4069-9530-1128aeb28b5a%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253Df97a0bc7-b658-4e98-464a-68c939bef403%2526reqId%253De27267a9-377c-4edb-460a-e19440c41707%2526zdid%253D1361&gdpr=0&gdpr_consent=
Request Chain 156
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=a5807187-9f46-4c06-8b73-cbabcd7ae2a0&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 157
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f97a0bc7-b658-4e98-464a-68c939bef403&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f97a0bc7-b658-4e98-464a-68c939bef403&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=72957051754855332073767482814848401857&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 159
  • https://bn01.er.bemail.it/zeotap.php?_bid=f97a0bc7-b658-4e98-464a-68c939bef403&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022081903-14813-0.966000001660872412-c1d76d792a6ca1c859405ce1d90a2581&zdid=533&env=mWeb
Request Chain 160
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7133278862873000079&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 161
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=f97a0bc7-b658-4e98-464a-68c939bef403 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=f97a0bc7-b658-4e98-464a-68c939bef403
Request Chain 162
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f97a0bc7-b658-4e98-464a-68c939bef403&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f97a0bc7-b658-4e98-464a-68c939bef403&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361&bounce=1&random=220413216 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=bFq65WSGt3bZWX6yWoTZ1u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 164
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f97a0bc7-b658-4e98-464a-68c939bef403?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f97a0bc7-b658-4e98-464a-68c939bef403?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 165
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-v4P05xVE2orsNNUwF4X1smKTMITHQ7TnUA--~A&zpartnerid=570&env=mWeb
Request Chain 166
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=npaIhORq0nay6wNBQrjY2t8gmBfafWz9%2BS41iYitP1U%3D
Request Chain 169
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361&_test=Yv5-VQAApjFLDABN HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yv5-VQAApjFLDABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&_test=Yv5-VQAApjFLDABN
Request Chain 170
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=d72462fe-7f56-4b00-805e-90b3a082be8f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 171
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 172
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&dcc=t
Request Chain 173
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&dcc=t
Request Chain 175
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Request Chain 180
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB&dcc=t
Request Chain 183
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yv5-VWyp9gVgaoaHO63G4AAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1&gdpr=1
Request Chain 185
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7141323091131754848&uid=Q7141323091131754848&ref=%2Feucm%2Fp%2Fcc HTTP 302
  • https://px.owneriq.net/noop?ct=image%2Fgif
Request Chain 186
  • https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3665776813737101766
Request Chain 190
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZaQ1JUMlQtMjUtQTJPMQ==
Request Chain 191
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=0fBMZPWNTOyMTX7JsuerQw&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=0fBMZPWNTOyMTX7JsuerQw
Request Chain 192
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6ZCRT2T-25-A2O1
Request Chain 193
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=OmuFcvwuR1Wl5nFcF1OGxw&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=OmuFcvwuR1Wl5nFcF1OGxw
Request Chain 194
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
Request Chain 195
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6ZCRT2T-25-A2O1&sigv=1&esig=2~2b40f69054004cb8491d08293de1ba3d2108f541
Request Chain 196
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJ4idZEMOwQWE-g1u-CK4Ic&google_cver=1
Request Chain 206
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=7256229306290514967 HTTP 302
  • https://a.audrte.com/p
Request Chain 208
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=eg1kxWMmLkoSFmp0jV2bFBYtQ&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=eg1kxWMmLkoSFmp0jV2bFBYtQ&gdpr=0&gdpr_consent=&google_gid=CAESEMeNrxSdgsTyW6YqYWPLCCU&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 230
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696132&pi=t.ma~as.Internal_300x250_0._&w=300&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912031&bpp=10&bdt=182&idt=300&shv=r20220816&mjsv=m202208170101&ptt=5&saldr=sa&correlator=5074098485294&frm=23&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=243411056&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2811006027&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068788%2C44760911%2C31068737%2C31068945%2C31069029&oid=2&pvsid=1550525686931058&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C0&vis=1&rsz=%7C%7Cr%7C&abl=CS&pfx=0&fu=32772&bc=31&ifi=1&uci=1.85lhczjgvngq&fsb=1&dtd=315 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 274
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
Request Chain 275
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yv5-VWyp9gVgaoaHO63G4AAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
Request Chain 276
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENPeySoHSI9_kX4BveOHLHM&google_cver=1
Request Chain 277
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExOTk2NTk3NTE3Nzk1NTc1OQ%3D%3D
Request Chain 280
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnTF3Bx5ksNCYCVc1TRE9w&google_cver=1
Request Chain 282
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEC0SRts-9rdpQwBxVY9LH70&google_cver=1
Request Chain 301
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELrEJITBFhanCYOBxaej-dk&google_cver=1&google_push=AehlK4ACwq1YM_rKV-V8eO-YtRtCL9kDgddDbFCPUs2nm3ZAGwiIYlkXM77_TDS8tR_zzgl4RVvpVZ3CfC84D5LLO8rOQVk7aoQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1NjIyOTMwNjI5MDUxNDk2Nw&google_push=AehlK4ACwq1YM_rKV-V8eO-YtRtCL9kDgddDbFCPUs2nm3ZAGwiIYlkXM77_TDS8tR_zzgl4RVvpVZ3CfC84D5LLO8rOQVk7aoQ
Request Chain 302
  • https://token.rubiconproject.com/token?pid=2249&pt=n&google_gid=CAESEOHvWR-pPz5C3vIHAA54z_E&google_cver=1&google_push=AehlK4B8DLNF3hcIceCMhQSqr8ue6knb-Kz2X9LUoD5Lx3uGuewqoy5ugnWOn7yOhMsHXtOGYqJphaQgCyMPTUJaC5xatvlQDpII HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
Request Chain 304
  • https://match.360yield.com/match/ebda?google_gid=CAESEPyaPu3unbkQ8IQflpDiYKs&google_cver=1&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge3sHNQTfD8Xjc HTTP 302
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEPyaPu3unbkQ8IQflpDiYKs&google_cver=1&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge3sHNQTfD8Xjc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=X3VdaKu9St2AXM-8ugsbcQ&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge3sHNQTfD8Xjc
Request Chain 309
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJueZdwJttBIGw1_hGqwxoQ&google_cver=1&google_push=AehlK4B5ga5BriElSiXXYCTpic6XoL1kijjw9jAMK1hv_BbCIhc0zgngxM6vfZJI7tFk3-X1bJfo4ahQ1QDw5oduqBimDVXISQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=1yRi_n9WSwCAXpCzoIK-jw&google_push=AehlK4B5ga5BriElSiXXYCTpic6XoL1kijjw9jAMK1hv_BbCIhc0zgngxM6vfZJI7tFk3-X1bJfo4ahQ1QDw5oduqBimDVXISQ
Request Chain 310
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKIO7pgnlXKKAzf3fWv3MvI&google_cver=1&google_push=AehlK4CtGO_4bctNLEu2oJlseS6oxzOjOJhJRJC1M2h_c7cwhqObbMa4R05-b-Bu8QnJbEKfdG_i4_GPgmW0imngLkh8yS0PnsH2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEzMzI3ODg2Mjg3MzAwMDA3OQ%3D%3D&google_push=AehlK4CtGO_4bctNLEu2oJlseS6oxzOjOJhJRJC1M2h_c7cwhqObbMa4R05-b-Bu8QnJbEKfdG_i4_GPgmW0imngLkh8yS0PnsH2
Request Chain 311
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECKU5J5fn5_dX_ZqOqmPXS0&google_cver=1&google_push=AehlK4AlFedqJep-mptLMWw9Ny8INVqTplBfkQnwl60AlCrvoL4N19Fk7oqDhoNVxHPUSJS6AjhyGLHU0wgdCtuXReTiSbQ78Wpp HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AlFedqJep-mptLMWw9Ny8INVqTplBfkQnwl60AlCrvoL4N19Fk7oqDhoNVxHPUSJS6AjhyGLHU0wgdCtuXReTiSbQ78Wpp&google_hm=NTc5OTc3NjE4OTc5NDgyMzcwOA%3D%3D
Request Chain 312
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJjtWnS3r98Re3Amiyjndbg&google_cver=1&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK7uoNde8dNHwrVSE HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEJjtWnS3r98Re3Amiyjndbg&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK7uoNde8dNHwrVSE&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK7uoNde8dNHwrVSE&google_hm=cExNeU9PY1FDN2R1b09sY1ZtdXE=
Request Chain 313
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHyueEQzgjK2B1RvfF5N8i8&google_cver=1&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7e HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7e&google_gid=CAESEHyueEQzgjK2B1RvfF5N8i8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MjIyNjQ4ODEyMjIyNzQ5OTQ2&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7e

385 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request apt29-targets-diplomats.html
securityaffairs.co/wordpress/130787/apt/ 		99 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2ef1a575171191975846fa2b38e3b55449010f6fd6675a66ed974d618f8c6043

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:04 GMT
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/130787>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=130787>; rel=shortlink
server
Apache
x-pingback
https://securityaffairs.co/wordpress/xmlrpc.php
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		101 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Tue, 12 Jul 2022 21:45:23 GMT
server
Apache
accept-ranges
bytes
etag
"193c1-5e3a295f4b1f7"
content-length
103361
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073acf500"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d761a00"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"c22-5de9c4c5f3471"
content-length
3106
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"6a71-5de9c4c5f3471"
content-length
27249
content-type
text/css
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"23809-5e093c3f1132e"
content-length
145417
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
6568199
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
6c27480193430d6ea3ddfc5c9cf7f881
cf-ray
73cc93626caa9101-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		18 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"4991-5e57184efbe91"
content-length
18833
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Thu, 04 Aug 2022 22:03:25 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5e57184c7d47c"
content-length
12591
content-type
text/css
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0de3c40"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073acf500"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"8583-5de9c4c5f53b0"
content-length
34179
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e402b540"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:8600:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 15 Aug 2022 21:46:07 GMT
content-encoding
gzip
vary
Accept-Encoding
age
245938
x-cache
Hit from cloudfront
content-length
12778
server
nginx/1.20.1
etag
W/"62bdf23a-c590"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
FRA2-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
4P8d45g_U152uBHXKo6cuJm6V7y9L_zp4YBAt0lyEnCr4jIJWR1vwA==
expires
Thu, 18 Aug 2022 21:46:07 GMT
sharethis.js
platform-api.sharethis.com/js/ 		190 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-11.fra2.r.cloudfront.net
Software
/
Resource Hash
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:58:34 GMT
content-encoding
gzip
vary
Accept-Encoding
age
392
etag
W/"2f749-jZtDoLQECLv0cAmOiJJ6B61Kdic"
x-frame-options
SAMEORIGIN
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
FRA2-C1
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
Coz6QzpzWveX3y8HBBQBAZgi6iqV4cW_6xZqH9DOhFSWGlFQmis3cg==
dmedianet.js
contextual.media.net/ 		368 B
557 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-mnt-h
21-vj42
date
Thu, 18 Aug 2022 18:05:07 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
expires
Thu, 18 Aug 2022 18:10:07 GMT
cache-control
max-age=300
strict-transport-security
max-age=31536000
content-length
368
x-cache-hits
0
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Sat, 20 Aug 2022 18:05:07 GMT
apt29-phishing-trello1.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/05/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/05/apt29-phishing-trello1.png?resize=768%2C399&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
42d27bc43c8852c16cf2928a42c023c506f35a2060c99c4de0a7e5ede6ff3765
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jul 2022 15:31:08 GMT
server
nginx
etag
"03a6e71a5f6c3df8"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/05/apt29-phishing-trello1.png>; rel="canonical"
content-length
44440
expires
Sun, 28 Jul 2024 03:31:08 GMT
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		32 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 25 May 2022 22:59:02 GMT
server
Apache
accept-ranges
bytes
etag
"7e90-5dfde04f437ff"
content-length
32400
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e60748e80"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
DDoS-Attack-Graphic_-_pretty.max-2200x2200-1.png
securityaffairs.co/wordpress/wp-content/uploads/2022/08/ 		262 KB
263 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/08/DDoS-Attack-Graphic_-_pretty.max-2200x2200-1.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
08116ebf19913d160077f6fbb9d3ed595b9507f3d1f6d65373e2fd0459d757d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Thu, 18 Aug 2022 17:22:21 GMT
server
Apache
accept-ranges
bytes
etag
"4191c-5e68739624063"
content-length
268572
content-type
image/png
BlackByte-ransomware-2.png.jpg
securityaffairs.co/wordpress/wp-content/uploads/2022/08/ 		79 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/08/BlackByte-ransomware-2.png.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c888e4efde780e5e5b542d3c0c45c7b5ec7fa0dc96a3de03cbe955581a26c50b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Thu, 18 Aug 2022 14:56:19 GMT
server
Apache
accept-ranges
bytes
etag
"13c7b-5e6852f20b6e6"
content-length
81019
content-type
image/jpeg
Synology-Logo.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/08/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/08/Synology-Logo.png?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
8d95a4e2bef19ae6d438a2c9bd73f685b9395f9d9c595f380d7968d1c80e37a2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 May 2022 19:56:27 GMT
server
nginx
etag
"1f24b490500a5e43"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2021/08/Synology-Logo.png>; rel="canonical"
content-length
5996
expires
Wed, 01 May 2024 07:56:27 GMT
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5e57184ec6340"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Wed, 20 Jul 2022 22:10:23 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5e443de11a895"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:06 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"7c3-5e093c3f23c09"
content-length
1987
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"45a7-5e57184efbe91"
content-length
17831
content-type
application/javascript
e-202233.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202233.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn
date
Thu, 18 Aug 2022 18:05:07 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 06 Aug 2023 22:14:19 GMT
pview
l.sharethis.com/ 		0
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1660845907465.37140&hostname=securityaffairs.co&location=%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&title=Russia-linked%20APT29%20targets%20diplomatic%20and%20government%20organizationsSecurity%20Affairs&sop=false&description=Russia-linked%20APT29%20(Cozy%20Bear%20or%20Nobelium)%20launched%20a%20spear-phishing%20campaign%20targeting%20diplomats%20and%20government%20entities.%20In%20mid-January%202022%2C%20security%20researchers%20from%20Mandiant%20have%20spotted%20a%20spear-phishing%20campaign%2C%20launched%20by%20the%20Russia-linked%20APT29%C2%A0group%2C%20on%20targeting%20diplomats%20and%20government%20entities.%20The%20Russia-linked%20APT29%20group%20(aka%20SVR%2C%20Cozy%20Bear%2C%20and%C2%A0The%20Dukes)%20has%20been%20active%20since%20at%20least%202014%2C%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.119.23.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-119-23-78.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:08 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
442 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:9a00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:08 GMT
via
1.1 c2756f406c0dc2bb176f6e2181d7607e.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C1
etag
"e6e1643313740711175f51662a65b42f"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
30
x-amz-cf-id
ici24YFNJKq-Gi2W3y6mtJJWnmx-L73lPK7DW0M7ObAhx1vm_cA9Mw==
analytics.js
google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
3304
date
Thu, 18 Aug 2022 17:10:03 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 18 Aug 2022 19:10:03 GMT
gtm.js
www.googletagmanager.com/ 		96 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0798e1d912b07d5ef220bc62ebdfa20ca58e10894b9c1c9f079f097f11745fb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37901
x-xss-protection
0
expires
Thu, 18 Aug 2022 18:05:07 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Thu, 18 Aug 2022 18:05:07 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Thu, 18 Aug 2022 18:10:07 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 22 Jun 2022 21:28:00 GMT
server
nginx
etag
"89e5fea0740da8de"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Sat, 22 Jun 2024 09:28:00 GMT
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A11.2&blog=29506073&post=130787&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=0&rand=0.7300820634231864
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 18 Aug 2022 18:05:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
collect
www.google-analytics.com/j/ 		2 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=998627509&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&ul=en-us&de=UTF-8&dt=Russia-linked%20APT29%20targets%20diplomatic%20and%20government%20organizationsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=449051079&gjid=216884827&cid=761025951.1660845908&tid=UA-59069958-1&_gid=1279805856.1660845908&_r=1&_slc=1&z=511616458
Requested by
Host: google-analytics.com
URL: https://google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.212.25 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-212-25.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Thu, 18 Aug 2022 18:05:07 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=28715
Connection
keep-alive
Content-Length
15
js
www.googletagmanager.com/gtag/ 		197 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
451b057b0a1eb5f896d2cfd517c2007547a02a4cee511c1236def2d465f8f6f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
72199
x-xss-protection
0
expires
Thu, 18 Aug 2022 18:05:08 GMT
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:08 GMT
cf-cache-status
HIT
last-modified
Wed, 10 Aug 2022 15:56:37 GMT
server
cloudflare
age
7699
etag
W/"62f3d535-84bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucOieyBtPpz%2BVxQ%2FK08uvScnenHPumy0ISJBc%2FZeHb%2FU%2BdlxZ5KUVUiQmIEyT4C1i2D4MQdLar4AZhfY1T5gsNIqf80gIPhWDkEaCKBUuqYD5XcrxZoF4MvQlojeEYW%2B9cF6Rz4EvaoV2esI9VOt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Sat, 20 Aug 2022 15:56:48 GMT
cache-control
public, max-age=172800, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
73cc936db82e9191-FRA
cf-bgj
minify
collect
region1.google-analytics.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe8h0&_p=998627509&cid=761025951.1660845908&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1660845908&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&dt=Russia-linked%20APT29%20targets%20diplomatic%20and%20government%20organizationsSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1660845907465.37140&hostname=securityaffairs.co&location=%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&title=Russia-linked%20APT29%20targets%20diplomatic%20and%20government%20organizationsSecurity%20Affairs&sop=false&description=Russia-linked%20APT29%20(Cozy%20Bear%20or%20Nobelium)%20launched%20a%20spear-phishing%20campaign%20targeting%20diplomats%20and%20government%20entities.%20In%20mid-January%202022%2C%20security%20researchers%20from%20Mandiant%20have%20spotted%20a%20spear-phishing%20campaign%2C%20launched%20by%20the%20Russia-linked%20APT29%C2%A0group%2C%20on%20targeting%20diplomats%20and%20government%20entities.%20The%20Russia-linked%20APT29%20group%20(aka%20SVR%2C%20Cozy%20Bear%2C%20and%C2%A0The%20Dukes)%20has%20been%20active%20since%20at%20least%202014%2C%20%5B%E2%80%A6%5D&description=Russia-linked%20APT29%20(Cozy%20Bear%20or%20Nobelium)%20launched%20a%20spear-phishing%20campaign%20targeting%20diplomats%20and%20government%20entities.%20In%20mid-January%202022%2C%20security%20researchers%20from%20Mandiant%20have%20spotted%20a%20spear-phishing%20campaign%2C%20launched%20by%20the%20Russia-linked%20APT29%C2%A0group%2C%20on%20targeting%20diplomats%20and%20government%20entities.%20The%20Russia-linked%20APT29%20group%20(aka%20SVR%2C%20Cozy%20Bear%2C%20and%C2%A0The%20Dukes)%20has%20been%20active%20since%20at%20least%202014%2C%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.119.23.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-119-23-78.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:08 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
pbix.js
cdn.pixfuture.com/ 		401 KB
402 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
108810
cf-polished
origSize=410578
cf-bgj
minify
last-modified
Wed, 18 May 2022 15:53:44 GMT
server
cloudflare
etag
W/"62851688-643d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FpkTUMpV8fy1lEUAlauteKJgD6%2Bu%2BTEjAjHmI4tl7KomjObKy64mMnaPoN66CwBYR%2BIZi3bA3%2FxRy7Kne8TLmecWXPIQJs0T2O3sZztxvqSVDqvOsh8xHJ63Z6LIOFoC3ZrsGJYQXVVFXm6fIg7U"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=172800, no-transform
cf-ray
73cc936e28e39191-FRA
expires
Fri, 19 Aug 2022 11:51:25 GMT
r.js
aa.agkn.com/adscores/ 		0
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.108.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-108-197.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=iso-8859-1
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=russialinked,apt29,targets,diplomatic,government,organizationssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
45c7bb8bbadc5a262bd120b8fed70b0e3f454b06a10f96e29e1087fdb6274878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:08 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=russialinked,apt29,targets,diplomatic,government,organizationssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d2d10605af0cadc77940b2153cc14a5e6f7f5272c0e5a8692ccddb344632efc8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:08 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=russialinked,apt29,targets,diplomatic,government,organizationssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
6243f0074dd7845c475a565de937bdf2a936fed1bf9ec2d99983c041bc094227

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:08 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=russialinked,apt29,targets,diplomatic,government,organizationssecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d2d10605af0cadc77940b2153cc14a5e6f7f5272c0e5a8692ccddb344632efc8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:08 GMT
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.212.25 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-212-25.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Thu, 18 Aug 2022 18:05:08 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=28714
Connection
keep-alive
Content-Length
15
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 18 Aug 2022 18:05:08 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1178
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
d10cd723-f7f7-4239-b5a6-f0607290c00f
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
4101d0ca-72d8-48b6-a50f-b69d33f69265
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
9fa35714-c808-4e6d-9cb6-d651a12501ee
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
94ae54f4-e95d-4fd4-844a-bc0bff525aa9
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=boCBaHxJY2UyZTNiOHM0YTJRY3FVVVc1NmhDQVkvQjhwUDdPem5PNy9iL1BkUUExSUU0S1Frb3NmQUU4ciswaU5YWkN2TGdIdDkxSWRRZ0Q2MnVCWndtOGoxYm5ZUGoraXg4Q29HeHphQ3lNTkpwdjc5SmlXR0t1VHczaG...
347 B
613 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=boCBaHxJY2UyZTNiOHM0YTJRY3FVVVc1NmhDQVkvQjhwUDdPem5PNy9iL1BkUUExSUU0S1Frb3NmQUU4ciswaU5YWkN2TGdIdDkxSWRRZ0Q2MnVCWndtOGoxYm5ZUGoraXg4Q29HeHphQ3lNTkpwdjc5SmlXR0t1VHczaGZvRk1td0ZpdTUvRXlPVllKa3RUU1hNNXVlaVJBMkNGbUlWb1k0Mnh0bkpYQ3p0LzZnQStuQjNhK2VNMUVIYkRzeldCZXlVRHVaWEZSam9LakpIM2Fxald3LytzdG5KVHBQZGNETlRJVUF1UkZsM1VIYUVFPXw&cppv=2
Protocol
H2
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
3d8f077f8b76e65e58d31247dc478d99aafd92b2fe70dd16745ca5708701f2d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2950
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
location
https://mug.criteo.com/sid?cpp=boCBaHxJY2UyZTNiOHM0YTJRY3FVVVc1NmhDQVkvQjhwUDdPem5PNy9iL1BkUUExSUU0S1Frb3NmQUU4ciswaU5YWkN2TGdIdDkxSWRRZ0Q2MnVCWndtOGoxYm5ZUGoraXg4Q29HeHphQ3lNTkpwdjc5SmlXR0t1VHczaGZvRk1td0ZpdTUvRXlPVllKa3RUU1hNNXVlaVJBMkNGbUlWb1k0Mnh0bkpYQ3p0LzZnQStuQjNhK2VNMUVIYkRzeldCZXlVRHVaWEZSam9LakpIM2Fxald3LytzdG5KVHBQZGNETlRJVUF1UkZsM1VIYUVFPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1406
content-length
482
expires
0
529.json
id5-sync.com/g/v2/ 		213 B
625 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.70 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216620.ip-141-95-98.eu
Software
/
Resource Hash
eef8f9ebf2b664a8406c8dd20b5db1a9275a5ecd28e41f6f119c88d355dda110
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		63 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
7a4bbdda765eb196856a72e3e2b96275eb13cca6acb2896f1a36a0a4111d2528

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Aug 2022 18:05:08 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sat, 17 Sep 2022 18:05:08 GMT
cookie_sync
prebidserver.pixfuture.com/ 		281 B
598 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
281
expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
8001ee09dc384ab72cfea0383270f7333b59ac6510037e6cc4c8f89fdc264c02

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=2b089b3f-617a-4445-b891-8c442bcf71c6&nocache=1660845908723&pubcid=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPXJ1c3NpYWxpbmtlZCxhcHQyOSx0YXJnZXRzLGRpcGxvbWF0aWMsZ292ZXJubWVudCxvcmdhbml6YXRpb25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1ydXNzaWFsaW5rZWQsYXB0MjksdGFyZ2V0cyxkaXBsb21hdGljLGdvdmVybm1lbnQsb3JnYW5pemF0aW9uc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
92b07fb4006925aa9e6bbf7fc2cf4d671a87f1b302b5a3f94f635713ce9b9208

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
18b676f82875754ee19750bc808e7a1aaa3536f9657586bff56c1367ccb3a2f7

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 18 Aug 2022 18:05:08 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.92.156.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-156-8.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
ca8cf4665bcb36d5cb15f708fbd0edbaba6cd14afc3d1c4231463e483bbdb66f

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
prebid
ib.adnxs.com/ut/v3/ 		139 B
831 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
49307e5d960c937ee2db2cc40da98377e08da5567df4d7485519c6b35a1000ad
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
332aef44-9408-49de-9136-c1e963108d1e
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/ 		0
0
prebid
prebid.media.net/rtb/ 		1 KB
915 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
f37b633163160a193075aa9263fef8d44504c2006c6e2702de244a8aba1933d6

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
trinity.json
apex.go.sonobi.com/ 		95 B
847 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2218dfc6525ab708e%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&s=ed1e636a-2f36-4f34-8e3a-eab00c5b93cf&pv=fbcc3b97-e107-410a-885c-971e35a465d4&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=russialinked%2Capt29%2Ctargets%2Cdiplomatic%2Cgovernment%2Corganizationssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
d2bec0abb5ffb683afd89667d8c3f3cf64502bf1cae75215f813f8a04d2f2e28
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:09 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-91
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
/
hb.emxdgt.com/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1660845908733&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.251.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-251-124.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
fastlane.json
fastlane.rubiconproject.com/a/api/ 		283 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=2b089b3f-617a-4445-b891-8c442bcf71c6&l_pb_bid_id=22cbe962257ad18&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6977956719299883
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
44aa5fc7f75bb2efd6b3bdd1a855e83d56eaa5cda830fe9c46585492252d62fc

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
81.17.55.112 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
auction
prebidserver.pixfuture.com/openrtb2/ 		155 B
483 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a5edfa92ea10a68d81e5f2d50366262370d04e84d8c64fbe33c71399302719bb

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
155
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=5e551ae1-7ddc-49be-a2ca-47cbef43f82b&l_pb_bid_id=2914a9527be8bf7&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.029225954106566476
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
9a31a8ad135fd6ce19c7140cb733d948b9cca5bdfcbba9e2c5b7d3c8a8adc356

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
trinity.json
apex.go.sonobi.com/ 		95 B
847 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2231415eec1917938%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&s=242a4977-78ea-465e-8484-d6b250ebd02e&pv=fbcc3b97-e107-410a-885c-971e35a465d4&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=russialinked%2Capt29%2Ctargets%2Cdiplomatic%2Cgovernment%2Corganizationssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
1dd01018648dff43f3c4c2c8734074f1f2ba24fd4c0cc546f33ed102bb2e738c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:09 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-45
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1660845908743&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.251.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-251-124.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
prebid
prebid.media.net/rtb/ 		1 KB
774 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
8a2933da42d7be2d22c7c404cbe04d575fbce80452899f07c31d675bb2bdc75a

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
v1
btlr.sharethrough.com/universal/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.145.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-145-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
f78d3e6b183810f7eebeafb4a45e860c178f6f60602eb5fb930154c2e7c9142f

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 18 Aug 2022 18:05:08 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
prebid
ib.adnxs.com/ut/v3/ 		19 B
710 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
20faa938-a0c2-41f1-beeb-8fde71b75dbe
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
81.17.55.112 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
hb
ssc.33across.com/api/v1/ 		0
0
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5e551ae1-7ddc-49be-a2ca-47cbef43f82b&nocache=1660845908747&pubcid=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXJ1c3NpYWxpbmtlZCxhcHQyOSx0YXJnZXRzLGRpcGxvbWF0aWMsZ292ZXJubWVudCxvcmdhbml6YXRpb25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1ydXNzaWFsaW5rZWQsYXB0MjksdGFyZ2V0cyxkaXBsb21hdGljLGdvdmVybm1lbnQsb3JnYW5pemF0aW9uc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
270e03378783bee91fa0572eadb8292b3122da2fbd8a4d7f2f6fad9bdd0f7caf

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1876bce18e2fc1c894feeac71539b5291eb4f76df2e0c78c272715d2ef7b1e47

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
hb
ssc.33across.com/api/v1/ 		0
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
865 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
f05c387d-d3b5-4c7f-abd9-6f446520f233
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trinity.json
apex.go.sonobi.com/ 		94 B
846 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2258c7252ddc46e1%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&s=8dfa3a20-fcd5-4a54-86d3-5d94b14f6f44&pv=fbcc3b97-e107-410a-885c-971e35a465d4&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=russialinked%2Capt29%2Ctargets%2Cdiplomatic%2Cgovernment%2Corganizationssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
7dadda4636ad843b7cdf1e0874fa2b4d944d9b3b67c6b26692333637f4486d56
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:09 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-86
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
119
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7aec8549-6063-4731-9262-65856907f5c0&nocache=1660845908843&id5id=0&pubcid=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPXJ1c3NpYWxpbmtlZCxhcHQyOSx0YXJnZXRzLGRpcGxvbWF0aWMsZ292ZXJubWVudCxvcmdhbml6YXRpb25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1ydXNzaWFsaW5rZWQsYXB0MjksdGFyZ2V0cyxkaXBsb21hdGljLGdvdmVybm1lbnQsb3JnYW5pemF0aW9uc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
15f03863555fddf5ceb304e1deae0fcf6459900e8ac15c8ffae4b5494925a961

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
89329d4bab822d07ce8a5e06677e6c646cdf73efbac43ac13d17671ef4b500a0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 18 Aug 2022 18:05:08 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
prebid
prebid.media.net/rtb/ 		1 KB
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
2b0c188a2120992cc3bd21c6c44197a542d3db1818f811bcba2b25673d6f719e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
v1
btlr.sharethrough.com/universal/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.145.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-145-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1660845908846&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.251.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-251-124.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
81.17.55.112 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=7aec8549-6063-4731-9262-65856907f5c0&l_pb_bid_id=745eb71fd40df62&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5610068036832854
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
0753934edf1c1fe52eef83e8c3fd463c4566f1d949c7245cf88aa977a58e3a4e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
067711c3c33185eb643c6fb94d0dcf0db7565677e1e65bb649e9a9bdc37d5b1b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/ 		0
0
v1
btlr.sharethrough.com/universal/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.145.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-145-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
81.17.55.112 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
prebid
prebid.media.net/rtb/ 		1 KB
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
1b4e159992ea2ccd1c48c89f42bd05f280670e313c7bdc2a2e8ee7d8ff7adaef

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1660845908852&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.251.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-251-124.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Thu, 18 Aug 2022 18:05:08 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7e3894e5-3ae3-4818-96c9-79010c19b601&nocache=1660845908853&id5id=0&pubcid=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPXJ1c3NpYWxpbmtlZCxhcHQyOSx0YXJnZXRzLGRpcGxvbWF0aWMsZ292ZXJubWVudCxvcmdhbml6YXRpb25zc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1ydXNzaWFsaW5rZWQsYXB0MjksdGFyZ2V0cyxkaXBsb21hdGljLGdvdmVybm1lbnQsb3JnYW5pemF0aW9uc3NlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
360510d19e75fb7aeda5a352592a8276b5a6ee0255b642f050bee4934a9ca6b2

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:08 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		25 B
651 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
7a28d4c666017420e32bbeffa285b196931663181c7bb07887adbe4e116cde05

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 18 Aug 2022 18:05:08 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
25
trinity.json
apex.go.sonobi.com/ 		30 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2295d1e3ff32c86e9%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&s=c95a1943-94ad-4ed4-8da5-175006191113&pv=fbcc3b97-e107-410a-885c-971e35a465d4&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2242a17ad3-ce08-48b9-ad3b-c0dce536cfd0%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=russialinked%2Capt29%2Ctargets%2Cdiplomatic%2Cgovernment%2Corganizationssecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:09 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-88
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
30
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
865 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
f0b3e307-24cf-4ee4-a9d4-faa486616336
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.92.156.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-156-8.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
26277f2366e12fadb45f17ef465cdccfead0cf2a5967195f0d4c25fb3ef86a95

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=42a17ad3-ce08-48b9-ad3b-c0dce536cfd0%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=7e3894e5-3ae3-4818-96c9-79010c19b601&l_pb_bid_id=101506d2122f4b38&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.27161064931412504
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
820e74818fb6a53e28641dbf24933329825ef9490f718a2106ca1b99c842f5b3

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:08 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=boCBaHxJY2UyZTNiOHM0YTJRY3FVVVc1NmhDQVkvQjhwUDdPem5PNy9iL1BkUUExSUU0S1Frb3NmQUU4ciswaU5YWkN2TGdIdDkxSWRRZ0Q2MnVCWndtOGoxYm5ZUGoraXg4Q29HeHphQ3lNTkpwdjc5SmlXR0t1VHczaGZvRk1td0ZpdTUvRXlPVllKa3RUU1hNNXVlaVJBMkNGbUlWb1k0Mnh0bkpYQ3p0LzZnQStuQjNhK2VNMUVIYkRzeldCZXlVRHVaWEZSam9LakpIM2Fxald3LytzdG5KVHBQZGNETlRJVUF1UkZsM1VIYUVFPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 18 Aug 2022 18:05:08 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1231
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
ads.us.e-planning.net/uspd/1/ Frame 5489
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.245 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
0c048716b18dca085395d5d32b2e68d7b7998edb65da151cc4e5c454cb078ab9

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
expires
Thu, 18 Aug 2022 18:05:09 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-605

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Thu, 18 Aug 2022 18:05:09 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-605
ptag
a.audrte.com/ Frame 5489 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.210.173.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-173-147.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ee7c6e3107295bf873159faa0b6299380d482b2882de4772f9f659e5bedea277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1680
um
u-ams02.e-planning.net/ Frame 5489
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Db64e3ac329225617%26uid%3D%24UID
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=b64e3ac329225617&uid=3119965975177955759
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=b64e3ac329225617&uid=3119965975177955759
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
5.178.65.246 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:09 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
2e475a49-a106-4125-b519-40dd2de0a169
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=b64e3ac329225617&uid=3119965975177955759
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
um
u-ams02.e-planning.net/ Frame 5489
Redirect Chain
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3Db64e3ac329225617%26uid%3D%24UID&partner=eplanning
  • https://u-ams02.e-planning.net/um?dc=e64f73568d2b3c34&fi=b64e3ac329225617&uid=69a8caf6-c865-5113-a9ef-ead0c728d842
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=e64f73568d2b3c34&fi=b64e3ac329225617&uid=69a8caf6-c865-5113-a9ef-ead0c728d842
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
5.178.65.246 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://u-ams02.e-planning.net/um?dc=e64f73568d2b3c34&fi=b64e3ac329225617&uid=69a8caf6-c865-5113-a9ef-ead0c728d842
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
no-store
content-length
0
vary
origin
expires
0
usync.html
eus.rubiconproject.com/ Frame 2A9E
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 18 Aug 2022 18:05:09 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 18 Aug 2022 18:05:09 GMT
location
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
server
AkamaiGHost
usermatch
r.casalemedia.com/ Frame 7A7C
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b949706a2b8d73b21ba7ead787999f0f2c1696a63191d69166a4cb00efe4eb7c

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73cc93771aed9b5d-FRA
content-encoding
br
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
dropped-udsids
241|230|39|45|73|31|4|64
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bo9ZbM15jji1q6qt%2BjttJNi%2B4TROpDZ7YDpyT3Q0ADKAuzB1giVtTWroUEKCyVGUeVgZKLenW%2F9VD49RY4poX83FhzwK6nTgVCXpRypAaVcsRIUPWDTVEvaRZdAOt2Sh%2BHBp"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73cc9375ec4fbb8b-FRA
content-type
text/html; charset=iso-8859-1
date
Thu, 18 Aug 2022 18:05:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
location
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXWLo3FxjGTdROoI0tdZerFvJ%2BlNa0bnlI24ZOLctWJVXgTtsDwEckSvbnV%2BnUoU6A%2B5zF5wEv433g%2BdccfOdT2z%2FTu%2BXF3sXNJFdEfgZ%2FNOd1zjTODRbjeSNmX7UicqDL%2FNTUEv"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame D487 		1 KB
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
136949
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
etag
W/"61ddbb71-5f5"
expires
Tue, 18 May 2027 11:39:16 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-reqid
a85004b7dbad72ee935894cb33ca0edb
x-cf-tsc
1653097306
x-cf1
29080:fA.cdg1:co:1585621119:cacheB.cdg1-01:H
x-cf2
H
x-cf3
H
x-cff
B
/
onetag-sys.com/usync/ Frame 421B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 62E0 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8201fdb8ea2519b8c32409a1c5c5c7298381863b4922ba403afc73529a462c07

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
73cc9375bbc0bb3d-FRA
content-encoding
br
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
getuid
ib.adnxs.com/ Frame 62E0 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame 62E0 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame 62E0
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3efb33c3-89a3-4069-9530-1128aeb28b5a%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253D3efb33c3-89a3-4069-9530...
70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3efb33c3-89a3-4069-9530-1128aeb28b5a%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253D3efb33c3-89a3-4069-9530-1128aeb28b5a%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253Df97a0bc7-b658-4e98-464a-68c939bef403%2526reqId%253De27267a9-377c-4edb-460a-e19440c41707%2526zdid%253D1361&gdpr=0&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3efb33c3-89a3-4069-9530-1128aeb28b5a%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253D3efb33c3-89a3-4069-9530-1128aeb28b5a%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253Df97a0bc7-b658-4e98-464a-68c939bef403%2526reqId%253De27267a9-377c-4edb-460a-e19440c41707%2526zdid%253D1361&gdpr=0&gdpr_consent=
date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 62E0 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 62E0 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cm
trc.taboola.com/sg/zeotap/1/ Frame 62E0 		0
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-vcl-time-ms
2
date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 varnish
server
nginx
x-timer
S1660845910.571782,VS0,VE2
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-ams21071-AMS
u
dmp.v.fwmrm.net/ad/ Frame 62E0 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:6593:f601:31be:eaee:1d8c:9fe8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 62E0 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97a0bc7-b658-4e98-464a-68c939bef403%26reqId%3De27267a9-377c-4edb-460a-e19440c41707%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:08 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=a5807187-9f46-4c06-8b73-cbabcd7ae2a0&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=a5807187-9f46-4c06-8b73-cbabcd7ae2a0&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc93781f66bb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=a5807187-9f46-4c06-8b73-cbabcd7ae2a0&zpartnerid=317&gdpr=1&gdpr_consent=
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f97a0bc7-b658-4e98-464a-68c939bef403&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f97a0bc7-b658-4e98-464a-68c939bef403&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=72957051754855332073767482814848401857&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=72957051754855332073767482814848401857&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc93788820bb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-2-v038-03d48035f.edge-irl1.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
YrXcu8MtRDI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=72957051754855332073767482814848401857&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame 62E0 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.69.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=f97a0bc7-b658-4e98-464a-68c939bef403&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022081903-14813-0.966000001660872412-c1d76d792a6ca1c859405ce1d90a2581&zdid=533&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022081903-14813-0.966000001660872412-c1d76d792a6ca1c859405ce1d90a2581&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc9377df0bbb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022081903-14813-0.966000001660872412-c1d76d792a6ca1c859405ce1d90a2581&zdid=533&env=mWeb
Date
Fri, 19 Aug 2022 01:26:52 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7133278862873000079&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7133278862873000079&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc9377ff3cbb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7133278862873000079&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Date
Thu, 18 Aug 2022 18:05:09 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
check
pixel.tapad.com/idsync/ex/receive/ Frame 62E0
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=f97a0bc7-b658-4e98-464a-68c939bef403
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=f97a0bc7-b658-4e98-464a-68c939bef403
95 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=f97a0bc7-b658-4e98-464a-68c939bef403
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H3
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=f97a0bc7-b658-4e98-464a-68c939bef403
date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f97a0bc7-b658-4e98-464a-68c939bef403&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f97a0bc7-b658-4e98-464a-68c939bef403&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=bFq65WSGt3bZWX6yWoTZ1u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4e...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=bFq65WSGt3bZWX6yWoTZ1u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc9378a84fbb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
last-modified
Thu, 18 Aug 2022 18:05:09 GMT
server
Weborama Collect Frontend
location
https://mwzeom.zeotap.com/mw?webouuid=bFq65WSGt3bZWX6yWoTZ1u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame 62E0 		0
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=f97a0bc7-b658-4e98-464a-68c939bef403&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.81 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f97a0bc7-b658-4e98-464a-68c939bef403?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventTyp...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f97a0bc7-b658-4e98-464a-68c939bef403?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eve...
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc937a5addbb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:10 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
expires
0
cache-control
no-cache
x-server
10.40.7.248
content-length
0
x-consent
absent
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-v4P05xVE2orsNNUwF4X1smKTMITHQ7TnUA--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-v4P05xVE2orsNNUwF4X1smKTMITHQ7TnUA--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc937acb63bb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

date
Thu, 18 Aug 2022 18:05:10 GMT
via
http/1.1 spdc0104.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-v4P05xVE2orsNNUwF4X1smKTMITHQ7TnUA--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=npaIhORq0nay6wNBQrjY2t8gmBfafWz9%2BS41iYitP1U%3D
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=npaIhORq0nay6wNBQrjY2t8gmBfafWz9%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc93769cf3bb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
AAWebServer
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=npaIhORq0nay6wNBQrjY2t8gmBfafWz9%2BS41iYitP1U%3D
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires
0
usermatch.gif
beacon.krxd.net/ Frame 62E0 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.210.248.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-248-158.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
cache-control
private, no-cache, no-store
x-request-time
D=36 t=1660845910
x-served-by
beacon-n014-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 62E0 		95 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.149.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yv5-VQAApjFLDABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19...
95 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yv5-VQAApjFLDABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&_test=Yv5-VQAApjFLDABN
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc937a1a88bb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:10 GMT
via
1.1 varnish
server
Varnish
x-timer
S1660845910.059055,VS0,VE0
x-served-by
cache-hhn4047-HHN
x-cache
HIT
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yv5-VQAApjFLDABN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&_test=Yv5-VQAApjFLDABN
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=d72462fe-7f56-4b00-805e-90b3a082be8f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=d72462fe-7f56-4b00-805e-90b3a082be8f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc937a8b1ebb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Thu, 18 Aug 2022 18:05:10 GMT
Server
MT3 4494 7cf1da7 master hkg-pixel-x4 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=d72462fe-7f56-4b00-805e-90b3a082be8f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Thu, 18 Aug 2022 18:05:09 GMT
usermatch.gif
beacon.krxd.net/ Frame 62E0
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c4...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
52.210.248.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-248-158.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
cache-control
private, no-cache, no-store
x-request-time
D=28 t=1660845910
x-served-by
beacon-n010-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
date
Thu, 18 Aug 2022 18:05:10 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a005-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame 62E0
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.95.118.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
XT9H15J8TNVKKS30TYAF
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8E519R0HQMBC42CZBASG
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 62E0
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c93...
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c93...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
0900AB11BFBKET233BRS
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
A2KFQHQ2ND5HNB46HGQT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=f97a0bc7-b658-4e98-464a-68c939bef403&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame 62E0 		0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=f97a0bc7-b658-4e98-464a-68c939bef403&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
content-length
0
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame 62E0
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df97...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73cc937bdce1bb3d-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
date
Thu, 18 Aug 2022 18:05:10 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame 62E0 		557 B
469 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdc118b6790fb14bd5d215b9bd236b020faff893184c75ea2bd895c5ae8c9306

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73cc93763c62bb3d-FRA
date
Thu, 18 Aug 2022 18:05:09 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
cmp
spl.zeotap.com/ Frame 62E0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
73cc93769cfcbb3d-FRA
date
Thu, 18 Aug 2022 18:05:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
usync.js
eus.rubiconproject.com/ Frame 2A9E 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
8483c42b394ea1a70d9710d63b392d314e34562ad27480ed8504ff6351865173

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:33 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10731
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9440
Expires
Thu, 18 Aug 2022 21:04:00 GMT
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 2A9E 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=eplanning_eu&khaos=L6ZCRT2T-25-A2O1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4b510f0cc5fcbc9800016ef543086418
Content-Type
image/gif
dcm
s.amazon-adsystem.com/ Frame 7A7C
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB&dcc=t
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
F13QMM3XMAWHA12G40XC
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
HQ6HWQX06KHBZN6EJDKQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7A7C 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 7A7C 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 7A7C
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yv5-VWyp9gVgaoaHO63G4AAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1&gdpr=1
43 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73cc93793f4c994e-FRA
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5nT07ZHC4PJGGLIB8kIl2ty80CnqENuKVqLEABqrGOm%2Fr2KP9zlk6V6VSksIBG5gaWRixd87QaFVIwwfOjO3ltMAWoR3PxV6fxPh4FGLDmDNpwscQu4252DV9uNQ3KxfRTYS1RW9MY3I%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 7A7C 		43 B
989 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yv5_VWyp9gVgaoaHO63G4AAABGQAAAAB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:d584:42d3:abd8:529d Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
noop
px.owneriq.net/ Frame 7A7C
Redirect Chain
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7141323091131754848&uid=Q7141323091131754848&ref=%2Feucm%2Fp%2Fcc
  • https://px.owneriq.net/noop?ct=image%2Fgif
0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/noop?ct=image%2Fgif
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
23.75.246.168 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-75-246-168.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:10 GMT
Server
Apache/2.4.6 (CentOS)
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By
PHP/7.3.33
Content-Length
0
Content-Type
image/gif

Redirect headers

Location
https://px.owneriq.net/noop?ct=image%2Fgif
Date
Thu, 18 Aug 2022 18:05:09 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
rum
dsum-sec.casalemedia.com/ Frame 7A7C
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3665776813737101766
43 B
428 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3665776813737101766
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73cc937899c59bf2-FRA
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPmLQ3lTY3kWO3dw%2Fee8gntMQVGgLIk897IE3BxwZSjmzaMb50F%2FDwVt4iGjtQNVeS3rIdmDKsZi2EgsFi8OU%2Fxzlg35OEZTFi8pkJsmZiY1xgD6NiEk5fmYSVi09mcmzG3jQp5pnrtEaA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3665776813737101766
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 7A7C 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
um
u-ams02.e-planning.net/ Frame 7A7C 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=b64e3ac329225617&uid=Yv5-VWyp9gVgaoaHO63G4AAA%261124
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db64e3ac329225617%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.246 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
server
openresty
content-type
image/gif
rubicon
match.adsrvr.org/track/cmf/ Frame 2A9E 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 2A9E
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZaQ1JUMlQtMjUtQTJPMQ==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZaQ1JUMlQtMjUtQTJPMQ==
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZaQ1JUMlQtMjUtQTJPMQ==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame 2A9E
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=0fBMZPWNTOyMTX7JsuerQw&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=0fBMZPWNTOyMTX7JsuerQw
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=0fBMZPWNTOyMTX7JsuerQw
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
VYA6TTKA6QXE5YA10DD3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=0fBMZPWNTOyMTX7JsuerQw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 2A9E
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6ZCRT2T-25-A2O1
0
708 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6ZCRT2T-25-A2O1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:09 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 697353AD808D463CB1F3623DD32AB5DA Ref B: VIEEDGE3108 Ref C: 2022-08-18T18:05:10Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXmh9KBHAOEYQE9VdMY8g==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6ZCRT2T-25-A2O1
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 2A9E
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=OmuFcvwuR1Wl5nFcF1OGxw&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=OmuFcvwuR1Wl5nFcF1OGxw
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=OmuFcvwuR1Wl5nFcF1OGxw
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
52.95.118.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TM8JDY7X0E6407WV30JN
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=OmuFcvwuR1Wl5nFcF1OGxw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 2A9E
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 2A9E
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6ZCRT2T-25-A2O1&sigv=1&esig=2~2b40f69054004cb8491d08293de1ba3d2108f541
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6ZCRT2T-25-A2O1&sigv=1&esig=2~2b40f69054004cb8491d08293de1ba3d2108f541
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:10 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6ZCRT2T-25-A2O1&sigv=1&esig=2~2b40f69054004cb8491d08293de1ba3d2108f541
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 2A9E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJ4idZEMOwQWE-g1u-CK4Ic&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJ4idZEMOwQWE-g1u-CK4Ic&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:09 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJ4idZEMOwQWE-g1u-CK4Ic&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
lotame20220804.html
s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/ Frame 7525 		627 B
544 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
etag
W/"62ec189b-273"
expires
Tue, 17 Aug 2027 18:05:09 GMT
last-modified
Thu, 04 Aug 2022 19:06:03 GMT
server
openresty
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 246C 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.121 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
etag
W/"601b131c-27c"
expires
Tue, 17 Aug 2027 18:05:09 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
sync
vid.vidoomy.com/ Frame B5AB 		49 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3Db64e3ac329225617%26uid%3D%7B%7BVID%7D%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
br
content-type
text/html
date
Thu, 18 Aug 2022 18:05:10 GMT
etag
W/"61c991db-c5bc"
last-modified
Mon, 27 Dec 2021 10:13:47 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
AcO1rgXngUHB
x-77-nzt-ray
lUDfAUTfFus
x-77-pop
frankfurtDE
x-accel-expires
@1661882710
x-cache
MISS
setuid
prebidserver.pixfuture.com/ Frame 3F5D 		0
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AP3fqtLErQGn8k-G
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html
date
Thu, 18 Aug 2022 18:05:09 GMT
expires
0
pragma
no-cache
vary
Origin
lt.min.js
tags.crwdcntrl.net/lt/c/15238/ Frame 7525 		49 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 18 Aug 2022 01:21:11 GMT
content-encoding
gzip
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
age
60240
etag
W/"fdcd13007d5be3c218bd461a6aad998b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 6c9a2d99a25484f38efa27d58a726b2c.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
khyIZCt-3z16HRFdGAYeGZHnCGB-t4cYgrQg-NRqueNd139GTia4yA==
GS.d
js.cookieless-data.com/ Frame 246C 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1660845910291
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.129.3.112 , France, ASN12876 (Online SAS, FR),
Reverse DNS
212-129-3-112.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:10 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
optimus_rules.json
tags.crwdcntrl.net/lt/c/15238/ Frame 7525 		155 B
640 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Aug 2022 15:47:11 GMT
via
1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
age
8280
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
155
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
etag
"1a1722e9cedbdc8af0dcd3345e46c73a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age: 86400
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
5eKRz3Sl6CFb8AUOS9lKX4nwo7-5nn6CdBPHz2jzdiUesMZleNb1ow==
data
bcp.crwdcntrl.net/6/ Frame 7525 		20 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.181.84 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-181-84.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:10 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://s.e-planning.net
expires
0
cache-control
no-cache
x-server
10.40.5.130
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
20
x-consent
absent
ptrack
a.audrte.com/ Frame 5489 		368 B
878 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptrack?arlocation=80.255.7.109&p=M1353665098&artime=2022-08-18T18:05:10.683Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lMkZzZXR1aWQlM0ZiaWRkZXIlM0RlcGxhbm5pbmclMjZnZHByJTNEJTI2Z2Rwcl9jb25zZW50JTNEJTI2ZiUzRGIlMjZ1aWQlM0QlMjRVSUQ=&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.210.173.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-173-147.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
8d54d4af9d75c62702f641889e0e18de6db13ea60095715758d33b34d241da33

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:10 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
261
p
a.audrte.com/ Frame 5489
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://dmp.adform.net/serving/cookie/match/?CC=1&party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=7256229306290514967
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
54.210.173.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-173-147.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:11 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Thu, 18 Aug 2022 18:05:11 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame 5489 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=eg1kxWMmLkoSFmp0jV2bFBYtQ&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.184.216.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-184-216-10.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:10 GMT
Content-Length
1241
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
p
a.audrte.com/ Frame 5489
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=eg1kxWMmLkoSFmp0jV2bFBYtQ&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=eg1kxWMmLkoSFmp0jV2bFBYtQ&gdpr=0&gdpr_consent=&google_gid=CAESEMeNrxSdgsTyW6YqYWPLCCU&google_cver=1
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
54.210.173.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-173-147.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:11 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Thu, 18 Aug 2022 18:05:10 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 3053 		120 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aaad7fdb013da8f651a7ddccfd11fd980df3710d933278c8c109053053c0bc4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40385
x-xss-protection
0
server
cafe
etag
16386300698468116340
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 18 Aug 2022 18:05:11 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:11 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:11 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame F19B 		0
0
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:11 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:11 GMT
um
u-ams02.e-planning.net/ Frame B5AB 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-ams02.e-planning.net/um?dc=3ab023ac29ea5990&fi=b64e3ac329225617&uid=a6f37f0123013099a595be2217fc435a
Requested by
Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3Db64e3ac329225617%26uid%3D%7B%7BVID%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.246 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://vid.vidoomy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Thu, 18 Aug 2022 18:05:11 GMT
server
openresty
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame EEE5 		120 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a82b29e09a2eaaa7d4286506924ab8b65528a8f441a68fb2ed5a72765e58effb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40390
x-xss-protection
0
server
cafe
etag
8687292122070491609
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 18 Aug 2022 18:05:11 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:11 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:11 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 2838 		120 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f94256f0b6f73508a1c40877ff1e1ac19a8fd0514f5249845de28b5d6c6722fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40389
x-xss-protection
0
server
cafe
etag
9557234187883971225
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 18 Aug 2022 18:05:11 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:11 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:11 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/ Frame 3053 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
496b90abe82dfb9f2d3e1344929a29d62b52a89939386dba06b39d2669adc3ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122626
x-xss-protection
0
server
cafe
etag
6614228717884189875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 18 Aug 2022 18:05:12 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/ Frame 2838 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
765f3dc1ea4b8fb71d4313c31663bd488c427fbde87b351a81b3a2481ba31e91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122736
x-xss-protection
0
server
cafe
etag
10915863662720545121
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 18 Aug 2022 18:05:12 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/ Frame EEE5 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2a3e68d809ea03479c1ee1e20b99c213305a2c9c191d970dfd9f742a11e7b9e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122625
x-xss-protection
0
server
cafe
etag
5506896693571351207
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 18 Aug 2022 18:05:12 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3053 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=abg_host&host=securityaffairs.co&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3053 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=afc_etu&etus=4&sig=1&tms=200&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 3053 		222 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
981650eafffe4e20b30b17de37f423313b5c4d1e2b2a33f3f8e182ec7f442ae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
207
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 3053 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 3053 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 83BA 		17 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9275315160d6372f8e0f3b4121c5ec2bd10d07ff1dd6889d3e37e148f7bcc7a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9596
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 2838 		222 B
276 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
f0f86d9c74b39cac465ee1a52a1d84d2167f7dd78bf5f48cfb6c744053b6cd8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
208
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 2838 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 2838 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame 2392
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696132&pi=t.ma~as.Internal_300x250_0._&w=300&ur...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
expires
Sat, 20 Aug 2022 18:05:12 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:12 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame EEE5 		222 B
272 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
17d1417af7785c9512f56b14a53a5000ddba3d703880c10ab30e7d1adf437363
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
207
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame EEE5 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame EEE5 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame BFA3 		17 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
17dbe006e4c2817f41ca47af24b9184cd962af1ad2feb95c8d65db04d126c799
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9684
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 83BA 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AHcorPw-HK4SwB3d0WY737d40HWs7hfYiVFfD0yULoqJMjP8_5VaWY4Sujay7IKD5z2JexW2h1IFHxp-T9nTsmh8tBZTY3iPzn6S_JpnNTmsfLV90
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/ Frame 83BA 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:59:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
358
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 17:59:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 83BA 		140 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44050
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1660737283953252"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:12 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/ Frame 83BA 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:02:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 18:02:01 GMT
l
www.google.com/ads/measurement/ Frame 83BA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8keW9tVt-vjReRuoMgBCVRpsUTq5tToSIZRycEMGtme0F5INKh_JJe3qAdGCmlgtHQ8IFqhTOqe2XBSn2ou4V4o-wWA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
checksync.php
contextual.media.net/ Frame 020A 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
expires
Sat, 20 Aug 2022 18:05:12 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame CD6C 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=25914
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Fri, 19 Aug 2022 01:17:06 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 22B7 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 18 Aug 2022 18:05:12 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame CB27 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
48213
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 716314
X-Served-By
cache-lga21945-LGA, cache-hhn4023-HHN
X-Timer
S1660845913.853811,VS0,VE0
pd
u.openx.net/w/1.0/ Frame 0D67 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 18 Aug 2022 18:05:12 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
checksync.php
contextual.media.net/ Frame 1BA8 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
expires
Sat, 20 Aug 2022 18:05:12 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame B9E4 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
48213
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 717017
X-Served-By
cache-lga21945-LGA, cache-hhn4083-HHN
X-Timer
S1660845913.854956,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 85E1 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=25914
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Fri, 19 Aug 2022 01:17:06 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 09EE 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
48213
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 718894
X-Served-By
cache-lga21945-LGA, cache-hhn4082-HHN
X-Timer
S1660845913.854851,VS0,VE0
checksync.php
contextual.media.net/ Frame 19A9 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
expires
Sat, 20 Aug 2022 18:05:12 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame 8FD5 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
48213
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2, 715925
X-Served-By
cache-lga21945-LGA, cache-hhn4074-HHN
X-Timer
S1660845913.856445,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F869 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=25914
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Fri, 19 Aug 2022 01:17:06 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 4A03 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
2106
CF-Cache-Status
HIT
CF-RAY
73cc938b6f2a91cf-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 18 Aug 2022 19:05:12 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
ozLLefD0knKZ2yMzZ7EA3qLK8cSPeKdEpQT28HMOVUE2s5XW77p+1QkMqhU1tUmLZbb1zAjl4MU=
x-amz-request-id
GNVBWB8PQV5H0AVC
pd
u.openx.net/w/1.0/ Frame E555 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 18 Aug 2022 18:05:12 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
check.html
biddr.brealtime.com/ Frame 8CFE 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
5708
CF-Cache-Status
HIT
CF-RAY
73cc938b6d6b9076-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 18 Aug 2022 19:05:12 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
TZDfxO4uwORNUA/4irnRs9qqp9lI3eH+ruz8qqqAX5jBwgQ1rzgBbhsPKs2FgAnYzrbwWSW5JnM=
x-amz-request-id
15DYQDFYDGXZWWWF
pd
u.openx.net/w/1.0/ Frame AA6F 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 18 Aug 2022 18:05:12 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
/
ssc-cms.33across.com/ps/ Frame F49A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP004 /
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
server
33XP004
x-33x-status
2000208
checksync.php
contextual.media.net/ Frame 9C64 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
expires
Sat, 20 Aug 2022 18:05:12 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0E5B 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=25914
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 18 Aug 2022 18:05:12 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Fri, 19 Aug 2022 01:17:06 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame C77A 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 18 Aug 2022 18:05:12 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 1E7C 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
5137
CF-Cache-Status
HIT
CF-RAY
73cc938b6819911f-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 18 Aug 2022 19:05:12 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id
15DG7FS62Q387667
check.html
biddr.brealtime.com/ Frame 450D 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
522
CF-Cache-Status
HIT
CF-RAY
73cc938b68d5995d-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 18 Aug 2022 18:05:12 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Thu, 18 Aug 2022 19:05:12 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4FE2 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-eD4xgEwAQ&v=APEucNUdvzUkr0vaUE8eztA2iMniLYygavjgep_eRYpOKYEArZX_zMRrpE7XzqtnGAIBFZC6HZOJqRLBiDZUILE09-yKkXRAYNOfS7EoLysNvJdU8PZsrLqpS0erWIOSRdzgjtNbFAHRfxn8Jb-jZDTNb3zdEJ-1PArMKT-meWFL0rULM5wXgHCxlw346W_I39WeuSWbNLpkm4-17qTENEnEn2tJkCXpFw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 83BA 		84 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwBPbYW17Exi6t4B2uK4zQAWdi3K7IDi4bUS6IjjvjyQZ5j3JuYKJh-IBPHrM1L39eC7rJcs6fGo5kmqEjYtU4g1D6J3zRxspUTzQ9P3KQ0GoH3w28Ey6QY0vBNquJ5ueCX0kCJgCnnERFwOoGit7G7f4TnA&dbm_d=AKAmf-CYshbTWakvXWDS7fOXAy4cvs7_j8bBetMTprI1HJhwmxdOz1hnEi8VH_j-_0cVZ3f8MG6g_W39mLKAfSewUWtEDM4uac_9fomvpDJlPebs1fXshtoShtJDwfhGRH-r9SvgueGx73Bp_IKfz-PDCs1P9BuTQQTMiLuz3QDSIdTwnk4T_UpoHzRIXDXaEMPDtTKE8fTR-FobKiUMetw1QVaEIfVObdR85YF7ZPCtUpaHwVlw1NcnLrf-ypEakjKw3idLt9WbEnJ28i0Ons4qkhzkj257vmcmDrrLsw0uAg7iv1_7TrOBvINH_rX_wBCRLvHTVUnfFyMn1aUMSqh0w4Naxs6lrMC04ttZSWutCLLuvfMntFXAx5QeM3NQbJlgvBDKUcNq5eCmlsCZNmO4-GNhNcPiKasCwJ7NHt4cIUVNsH-VjNZ5e8eoc90-k92_t2xwSxMlom6bxANXu5aIsK6NXgW_OFSvwT1cfAoXdJJE4OpRKyDd50oJTJ_xhm3pw4hhCF3TQ_0LVX9BNhDH7s2lA7craVBhF7286_Jv8r-nzc9Cr8QzZ9-kCvB2kGL8j7WT7E6hYWltePeuV0mamJpar1K0STl0Bc6ROJK5j06cl8Bx9vW-nWCfdw47Fwg0z-U7joN-eh_Y2e4ckWaa2tTjbMo3y7blXFNFglTIZDeDNwRtAyY8fBaBKdR3zR3qu6NIl5yBJS1iSfMeZYFcYWlxGMIkVMS2-W4Rq3ozUhfL16GZKbYalRVlM5EU5jN24_LNE2_UTHDFcuhV5aTz0SZ6VPEB8YiOOv_ttuQTaaX_R97pCaUVBlfbbDVyfyf9pSy43SantFTfmU80iojwrsyGDUewf4C2GCat4Fcpo_ZRKPsQoZD987IIsT9aXdK70GFxhImzoQi0spKi7f54ZGPpoB_Jx39hgpbO2MNbKfvVDyKTc0vnJJQYJLe-e_NCat2WkSmKQ1wMbENiWOsBcoFcTLejDEb6lz1rXkmaHBEfXCyr5V-1BdvDdZNE-SuVPI7D5uCBUD0JzeO60npFvbdHN5TJz7_BHzNciODqkWoYRrCoWqMnOb9QWjtixOy9tpkW9mN566Dj73E9n_PC269uGv-KXAhEuTgONG0JKbOneHKbw9KDXTkgcy-O5-AL3vlF9aYUFyDo8X2uGkaYITkyFts7vo7wBxoCZfjAvp3US-3OfZnjToP73dQufaEavoWqhCVmhmwFcXa6MiT5ZDlXhOcpITyJNuivzhl-Ff9mdIjpLI3OKHEYp5V4pWcMVjM3TsRmR0-M6ufbZPez-_4UtmCd0bMPfkG0tjjwbzrIzaSIaniZgdqXT1yP9gdP3WaqfBz35lLOG9FN5YqIF6G3P9TphjpWvgPWFgpeeJi3hxxja7TABIWwr9U0xuMt3jQ_6vbMoiRCN5wMN0dVgQopMleyC5OHkiukaMO8Avls0-ZWYBU0XFK8QjIkghrBTWJlZB0nPL1MarFtmsgtQUwCmT3pnTHjwKIC3G3dYi7Zan2dJ8Au52tG2GJjsQgSTQzz4aOMmTRBNS_7Apg-xNyMlJh3xDfkzV-lFGPMCZqURxZjqNN5RxlNZ3BiPNLs6pT-vnAv8jR2tHZhkHU9TwGuu4pDdeaCj1GMNMhI9f3eMTu_cU9kRLL14tzskSgCr12RWbjguGOGtKbuoIqKuyF2q0t1HFaZVxfwccPPNy_38G5zyxr89L7J4WS89ZWob6PHgqJmgjKlewvASpoZUb7n4SfCTm9HJjPrNNSDk3Xq7aG3mDXXZdj5uNMoqzHKDFyJnwu8IkJkgSazUWgSpRrHIorQzhLr7dPqdYeh-L24k8gZ8h41PTSfbAc9hR1rqv2Ib5R5B6JNiAuLE96iH4qhjZwwL56RP2pzplYkWDN0nPrdHbxq0NKer6bhR4pl93Zc6aCj_WXY9r5QbxLEusGrtZUXPn388joH3MGJ4308NFixnAYihaGODbox71jSaOcHG3QLAjk0rSYDVjhHfAKkHDtF3cSViaHEPehhONz_s947wjvsK_CGQgxw-yekt0TLIqh-CS_ChPVDvkb8EBldVVdapHlwVwEHE6JOxeRw61KWmZaP8QKdz4WByRGZfyL76OR1zOCAwa_vVH6BHgtjhh6Bong2CEhygZ1w2cYk86q64-vgsO5Gt4jGpqhba5ZpRImrPhvhZHuwJClKzfrfuXdpxyRtr1R_OykgtgqWYVUFypbbhAOnob3c7dOoC_B-QkKS1eEvL9T-jOrx1jL6q4oQPjdokduYs7FXRn3U_ow6NimORP84h8DJm6Nxejhb3m7haT2JzVPXz05FM1qtD0X6ETNPspEvZaZQWjgDwq8jkSP8TCx0Rs6RJkKEhqMbPB9xf3UluhPN9CSm2ZMQBWUEKdmmiRD9aoQ3I0JbihHxCo034Uq4SxGBwITQx8iwpKEEMQ_SkRcXR1oZi1KUlE1eLI_OWKyHq42xvFDj90pGFPH4huXG0_Net5HSiEIeEM1AJukAk-vI6tf-XLw5r70hW9Zn9KhhWCxCi9nW2Jn-JfHVO-H0AKRWzP5b5JwPZO5RfqOV6yYIPIOf0AeWIX1T-dD99jmSyOmuRywkkPiHEPakAJFN7KjrkizhGsPHFrfTBoE8KxbMU_Ui2H2l9AjY5rDDcPrYExG6pA2uNzL5P6DJ7jo6Kqq_Rk91HLFMpI62Fv-6oWAbgkXXo4TqKMJQyTWyIp8Y2cryWY62n53DSNwKMJ1DWDLafiQ19NrUYUgieCaQzsnAuP2LEv-k1Yt-x0soVJBj6JcMLfEKP81Wb3W34kqRKKn0PnFJXs1wmcl9pb-c-wNq9EjOSAdpwB-0XVTI2E5z1va_ZsW2biY_GQOj4cg0GF38BL62GvAJeySo3lu_-45SKzX56o7EFKqRVV62kbdl3e27HTvE6zf21iPdSuZA2aoMV3mx1TVAlFIQZzGLDKPSj1gcO0MEekZecd-eGznxjEVmN8dTvVkURU7KLal3_sLgdbWApg2GWZm9ak027uAVaOSBtFiNHaZKgvH6ogDw3XyXCspYX-yDNMozjnzmCNfrJDi_S3xL70pA2iYpeDtoT_p3UL7eud40I5bTDdJmDg9Vti-KjvmW07i96O2_U2lWqCoBJtDU5zFcjFIj6QVCgZiMxzzXzgo7XXhim_fo-2uDbQ6iADWx68EQwbpf1ivbI6qiPdsS3ZuzCiGone-09sM_ZVCbV-kFjnr5Y4l60b53DDU8z2PVYcAny5crFE8GWJxEM0JAxKdzeNgvOoyvzZNl8GTK0IG0Dcc09SgtWnY_sW3gdIsn_oWGfuujtruYaNN4eXbtJGtWN-OF7X6JolUauoHb-U4Pt7L06vejxgYi1IMNd_OVRYHX2AiP366-16loRX5o1vGuFQQqlSVKVHjaQACX4zpgaK9wC3RCfC3v0i5cYleWheXj8kQMagiU0cr9pBmPUduWabtYZ8brnVeewkBog0E4lg&cid=CAASEuRoSQuFOlHFR99DynEXPlBzOA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
668a5e300760780c543324b12a806288c291a45b955ba07e59ee2c2537186934
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35093
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:12 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:12 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame BFA3 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BQbAdjRgqd3IpufMpade_2LeSmKEMHPeu0DPWjSzqjrpcwFSL3LTr5NMIpGdDYjK35JF5aErwvIZYenkvzi5eqgBYaOkS3ccEutdclbNHLOywOlN0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/ Frame BFA3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:59:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
358
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 17:59:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame BFA3 		140 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44050
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1660737283953252"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:12 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/ Frame BFA3 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220816/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:02:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 18:02:01 GMT
l
www.google.com/ads/measurement/ Frame BFA3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRNClwDMIbC2lzT6p4rwwPn-faGYb_CzVla-CovBWktoDb5iNXJRe_1m9yX9x22cnGnQDr-TyyN7BnWOKAYUPcFSqbrZQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame 6340 		640 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYidrjwAEwAQ&v=APEucNU8sXXhgtDyx-G7dpBfspv0qoTtYhVOZCOAb6dxKo_kj4mgQzsPZDFsMyYPfIIAmYYN9Mr3vxp60el7jDdyYcxBxh1IrEnRLrlGM54MSLOVlf4VQNeBVqcSdudG8o-Nz16r47pK7WEUBa8Xr4AuONhba2-KSjTiYZs1eysLWeMeUL95RvyKOcTwEXGk6j92sbD8g1JCVagW4SYmX5Ttwvyk2gf4eA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame BFA3 		83 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DfIqEckHX_p2Rk3YwRfpj4HqtWCX26MXqU_023gWXFZMDfLChZQjJRf5WfxN9m1BzrWWtx0tCt1Ay_ODwtHttuyy5B3d68j_zG27INaYeabTDDYrgEVk0JcfLMXsFI4IDiJj2u3Fom4ZUOH7FBf7pHs3TZBQ&dbm_d=AKAmf-DpwSbhmAoha9__CGbHp-HvZHqDccWy1WlT7Ar4QVMUFTP7PGAaf7tGT_EGS10S2Qg30Dx8NZRNUgrZyobw6WYVp1Lw6_7ZRSBkAh8H8hUS8Lk01ao7miSU3ll0FC9VRKaeq3d9jc2e7dVCS6q9i7mIuLr0rPKlXs1K_jgb0O1EswIX--f0-zGhyBVgR_jqWr78vQxlXhZFLNsFuSe1KHlp6vT1kYYde-CcdXsOh5GkbxV-9KpE9X1Dvle1L8y_5d6TPqop73PpfXKyG4g6fHnv61v4Y6hrLVHNsIyoo84xWRhzWVtPMK8qIfUERQ6a8ySPFRcSAoEKbe77SN_a6ORY636ALbCU6xTSk_xcp0jeF4uzyCODQP7pTpgAjKouVJEjPwVbK2lCO0uMqZ4KGMYoetuGNsh0mVn9oINhRSzCHkurfQuZAczdTVFOOpTEdBvGOvFn8kw1QjWSIbZF1UTPCg30bcciH3U6DK88VOFxgXYfSskJxm96-S2rZYh5dYfyX9anZ-piLbNbLB-dPwG6GnzONF4OS8nkrG2RN7Wu-3Q7ssqrjEc2Di_X0oqkzXnn1v3gr86dGHwv330h0vKSHdnjEYbrMX7nTmnN-pPPN9L8mCiDcb6uAfDoPUYt1DORdUybNSfs90N28WgamT22GuVJd13EbEUJkRd6f_jd2kQcUTuwYOt3QAVwJwXlZE6x8TPCptArWCbwiQlgnKPM3ogVpLjsVceAeCIGnur0R3Lh5Sdm9M1tNm1pPs2SO7_zdHUpDZYrWCQ4oqJKmUvWQgQPQh2aWI_mhW1D1X_B-r1_ZET5j4Fr5Dt3tKY5Cj9DLCyO0HPzYW3Sjch9xZULMlLvc8qvhjfgM0N4j6yXpYkbtEpOFVjh3mTPMX373lrhf9KXtaZK2nl3IWd5-X1v1X_jGI8RcOAPNnEwB-yldxbxhrsnhcTL7vxz32Ch50gyi2qCkOEULHZkAapT_6JlhVKxSaXJqM6xdoXQZfgYOrMFpRBqGGBhaDIX2j_Cd6_lPN_U_iGAH0ggrsHfBuiQaZFcFex9g-Ytawngbc7W6xSgTDISXKkisyE6XXeG0Lgp5mtqygEP7EJ8t4k96VjLXJ668HgDvG72qK-j0KJxhaWBXGtBMRnZ33m54-WaaLYtB5E1SvQSywsxVZ6TWXIOnt-OE8qeLREt0AQ-s5eiHwdYkHm3Q84j3CCuDbZbKJzwcNvijAW-ODQGWJKw2EPCOioSUpsyJSsiy0deATIGd3dX7_L1Ej41yuExBW8KwDtFdRQxvS46kUDULEMfjakbj-zndsnONaG1E7ExISr7WlrlviGcrEruCRxcUu0fKDsDJVMuxo5gtlOQ_5moz-wb2dqCUlZilmBKNhHDoR04GxamNdWuc3drOvRMkrsfGww3J2CBTDxEfsKEDGbdKmsXGe-o5xOh8r8C95_4oisE2El2C-b3nTK03dVtolZt-tCqXcI6srFHVo4YIOfU7YWHxuE_fIO9RDFwlQGRum7kzTJNlIcaXozD6P0PneDr0bUu8h50wSkCbfRgblJYg_I3Z-UR3EyLBWXzdXIwIqzSOXVVu29Y2z3adRPI1J98ovy2sT_m5K_NYRze0BQ4OQjR6L4-66s73cnd4Gcd9WZvT4Sbro50FW0bLoGbwdlOhVcUNGKvFe9L0cGMpr7yt_mHmC3s-0Mx32aYQZTs_Nyhepcysrf9ukJsUxidwh_HovL6S07o8A4CFmvIPD4-ByK3fujatBbjzba2wwT3emV_xmv3CxsJJ87YZ35f8u9K7U2fqnjtljjNyvwHJBltsjYMXhWnxKoB8gi0QdI80OxS3516yl3sRkVOjwGfAJfxHDITZCzbUJrAAKuChiaEvtcPqfQgkAgaV8EM-APFzny78PKBVvIVPtusrZOTe0CuqX8lpomLmKBNEJTbCge7l7wy9Kk16PqwUEKm2g1gAjXJwyLV4NF3wjwtKP4wBxLG0kb6DtlMg8_s5dDhlTcPegItFStW3ABsjgijnfnmOanaP9ww6omDpUsIj2bDlGSlTqUlTY1Fs-_f9I2138MYgoXbsffKa9k8tf_tPlBJmMDtLR6iW7TYJYULTGrj8PyhEN04AcxM0U6mI4X_p5Z8DbYRb2-cn0Rf1AsZpkactJFEvcRYzmo0pGWBg_0vv8d5Q0tBZbPUxMApfntKMBxdcCp6IxFFJpIwmFb5YE_JviZT5QoKH20xmldwDGjXpda4YOeG8Am-a3i0QT7TatO2ArGDRfZYsFrWUQOX6EasZMQvYfVadaFI7va9zMdCH610Ue5PVI6vVeCdGEXRYoOLn9s8AwnRT6Xp6ljUv5JQ2-SF6MN9ZYNZns8do9vRmYpOEJn62udnXgluj1R5-3sFPWkamz6oKvCl84W-THVpyX9cw2vssl7DDuZUbf7q34wTC3wPAayihcUEIsmd1secgjjgdGPFW_eWWdLWSD8ZqfEo_TqqSoVPG8UYsF9r0vxDuJ0UmpLUy-1tPZ2trPVjDUs0ReLylHorbo5tBvZ5LDvPz2v37V1HB1p0jyxXN7M61uUH1cJceH2jPc9A220JMyR_7_DvnA-iuqKHIJrufv-X3SCIxDBlApKLX5Qm1htK52A6UELa2rnNvhohCeSNC8sIyuIYfHGHghDDMPXJ6yZHCIODvbRNwHcz3spwkmWBGGDrdNpNDFUy-86uQl9DvVVXfArvsfOxiV2adgBhKVHzH6cgJJZv-x1WdNXUH_Mr3XYxHrFXC2CxnFaYpCgw4FEtDnA5qWXLHZeoYRLgehPDS_uqXdEnMuBd1zmm0KG42rzYnsPp9A-sYCOBrUx5W168GWdVILoX6GgxtAkR7elH_qqGYwYhLu4jT5l1r_AE-qqzmnZb1XRXRiUeQu7JY_jhbmfIbjyZwZswRL2vsrSOLodUxu2ezX_85-NEkkh5xpgjBmv4Qtob9PiZW-YblP8rr1UQN_wldGDwtpcZ1SrWVcsEpqTJ66ldrDzua5Nl01p8pCeugm8k0DeWeJyBbzSrlITGKX8Uxu7FM4W7LjRIZVgH9bLikgZrNtkUsLlSSJnrDkDSBhGcr2sHfr2JpKotFNjTC1H-vcrX4f9YWGSQnnLyEGT77E9xFYkY1EyZ1hPF3DeHYgoCLs8XR9LrnRCgTIUOP18yGLXWkyIpKSCQRgbQjQsX65NWEIDYhLHMHU84F05jf79I_wo5YT9VtCe0wbSJUY4UQ-PsAkdpc0N1bYQ5Tx1hsePg7S3sFKl3ZTVsC-mmL4vo9htunBostmZYABtrxCuifjbmfCWvA-gx_buBcv1RZ3qGxs6bTbYVTo4hHRBSPUdin5SNKUirpHDLxjby1S6AERql7icVPHwD6HoJy7OnoKQNkFA-Rblys_WHkr-DpzDy33atOyVHrsYuRGCKFab0l2dku5fSZP_TkjNAT-nMIyLpRih9b8-ZPuXJsnEsxbOmJTFK5dQUUTxgWsAvCQ&cid=CAASEuRoFUZbHR39NO5s_6OiN-Wgfw&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d24c0ffe6a55f4557b4c84138421d58ec2f8da826269f7a720e2416270907c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:12 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35048
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame C77A 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
8483c42b394ea1a70d9710d63b392d314e34562ad27480ed8504ff6351865173

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Thu, 18 Aug 2022 18:05:12 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:33 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=10728
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9440
Expires
Thu, 18 Aug 2022 21:04:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4FE2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
43 B
909 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-eD4xgEwAQ&v=APEucNUdvzUkr0vaUE8eztA2iMniLYygavjgep_eRYpOKYEArZX_zMRrpE7XzqtnGAIBFZC6HZOJqRLBiDZUILE09-yKkXRAYNOfS7EoLysNvJdU8PZsrLqpS0erWIOSRdzgjtNbFAHRfxn8Jb-jZDTNb3zdEJ-1PArMKT-meWFL0rULM5wXgHCxlw346W_I39WeuSWbNLpkm4-17qTENEnEn2tJkCXpFw
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73cc938cce7f994e-FRA
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIgC9UEW4znUa%2BqYOFOkKsnjGJu503L7Gr0NYCV5bNknCzN7MtBr1YVCvyQzN%2Bgg1DyGpOAmUeaxvMAMUkmmnErLho62kVZQTNXjM2wkfxvkkkhpICUVXXHXEdz8yNDqpjvPU1Gj7DI3rg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4FE2
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yv5-VWyp9gVgaoaHO63G4AAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
43 B
912 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-eD4xgEwAQ&v=APEucNUdvzUkr0vaUE8eztA2iMniLYygavjgep_eRYpOKYEArZX_zMRrpE7XzqtnGAIBFZC6HZOJqRLBiDZUILE09-yKkXRAYNOfS7EoLysNvJdU8PZsrLqpS0erWIOSRdzgjtNbFAHRfxn8Jb-jZDTNb3zdEJ-1PArMKT-meWFL0rULM5wXgHCxlw346W_I39WeuSWbNLpkm4-17qTENEnEn2tJkCXpFw
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73cc938d4f8f994e-FRA
pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OB07ZfSkReTPIxWHJJLktEN0zx%2FAIa%2BRLOZ%2FJXR658DEtY0MvTsVUitbHCRNI%2Bdys7usXFUKVps1dIbf2vrJZWMmuQxbPCdtY%2FZm6c7mVflsEECiJAcd4PXGQ4ESF6gHCgdVNjdcr0SGIw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECzeKOxwoYsXaSXWrW408p4&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 4FE2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENPeySoHSI9_kX4BveOHLHM&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESENPeySoHSI9_kX4BveOHLHM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-eD4xgEwAQ&v=APEucNUdvzUkr0vaUE8eztA2iMniLYygavjgep_eRYpOKYEArZX_zMRrpE7XzqtnGAIBFZC6HZOJqRLBiDZUILE09-yKkXRAYNOfS7EoLysNvJdU8PZsrLqpS0erWIOSRdzgjtNbFAHRfxn8Jb-jZDTNb3zdEJ-1PArMKT-meWFL0rULM5wXgHCxlw346W_I39WeuSWbNLpkm4-17qTENEnEn2tJkCXpFw
Protocol
HTTP/1.1
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
2fa0f759-61be-4f1a-993f-fcdc49547b92
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESENPeySoHSI9_kX4BveOHLHM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4FE2
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExOTk2NTk3NTE3Nzk1NTc1OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExOTk2NTk3NTE3Nzk1NTc1OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-eD4xgEwAQ&v=APEucNUdvzUkr0vaUE8eztA2iMniLYygavjgep_eRYpOKYEArZX_zMRrpE7XzqtnGAIBFZC6HZOJqRLBiDZUILE09-yKkXRAYNOfS7EoLysNvJdU8PZsrLqpS0erWIOSRdzgjtNbFAHRfxn8Jb-jZDTNb3zdEJ-1PArMKT-meWFL0rULM5wXgHCxlw346W_I39WeuSWbNLpkm4-17qTENEnEn2tJkCXpFw
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
e0c9f160-7842-4b7f-83d0-2148c0959b7c
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExOTk2NTk3NTE3Nzk1NTc1OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame CB27 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
02c61833-d269-45ed-a8c9-912d0bd03ac9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame B9E4 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
26f108f7-16e4-4005-b0f6-4bd796918578
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 6340
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnTF3Bx5ksNCYCVc1TRE9w&google_cver=1
43 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnTF3Bx5ksNCYCVc1TRE9w&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYidrjwAEwAQ&v=APEucNU8sXXhgtDyx-G7dpBfspv0qoTtYhVOZCOAb6dxKo_kj4mgQzsPZDFsMyYPfIIAmYYN9Mr3vxp60el7jDdyYcxBxh1IrEnRLrlGM54MSLOVlf4VQNeBVqcSdudG8o-Nz16r47pK7WEUBa8Xr4AuONhba2-KSjTiYZs1eysLWeMeUL95RvyKOcTwEXGk6j92sbD8g1JCVagW4SYmX5Ttwvyk2gf4eA
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnTF3Bx5ksNCYCVc1TRE9w&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 6340 		43 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYidrjwAEwAQ&v=APEucNU8sXXhgtDyx-G7dpBfspv0qoTtYhVOZCOAb6dxKo_kj4mgQzsPZDFsMyYPfIIAmYYN9Mr3vxp60el7jDdyYcxBxh1IrEnRLrlGM54MSLOVlf4VQNeBVqcSdudG8o-Nz16r47pK7WEUBa8Xr4AuONhba2-KSjTiYZs1eysLWeMeUL95RvyKOcTwEXGk6j92sbD8g1JCVagW4SYmX5Ttwvyk2gf4eA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 6340
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEC0SRts-9rdpQwBxVY9LH70&google_cver=1
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEC0SRts-9rdpQwBxVY9LH70&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYidrjwAEwAQ&v=APEucNU8sXXhgtDyx-G7dpBfspv0qoTtYhVOZCOAb6dxKo_kj4mgQzsPZDFsMyYPfIIAmYYN9Mr3vxp60el7jDdyYcxBxh1IrEnRLrlGM54MSLOVlf4VQNeBVqcSdudG8o-Nz16r47pK7WEUBa8Xr4AuONhba2-KSjTiYZs1eysLWeMeUL95RvyKOcTwEXGk6j92sbD8g1JCVagW4SYmX5Ttwvyk2gf4eA
Protocol
H2
Server
23.47.209.72 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-72.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.8 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 18 Aug 2022 18:05:13 GMT
server
akka-http/10.2.8
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEC0SRts-9rdpQwBxVY9LH70&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 6340 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYidrjwAEwAQ&v=APEucNU8sXXhgtDyx-G7dpBfspv0qoTtYhVOZCOAb6dxKo_kj4mgQzsPZDFsMyYPfIIAmYYN9Mr3vxp60el7jDdyYcxBxh1IrEnRLrlGM54MSLOVlf4VQNeBVqcSdudG8o-Nz16r47pK7WEUBa8Xr4AuONhba2-KSjTiYZs1eysLWeMeUL95RvyKOcTwEXGk6j92sbD8g1JCVagW4SYmX5Ttwvyk2gf4eA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.72 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-72.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.8 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 18 Aug 2022 18:05:13 GMT
server
akka-http/10.2.8
content-length
23
content-type
image/gif
async_usersync
ib.adnxs.com/ Frame 09EE 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
a552e5af-f242-4281-8f9d-fc55077b248b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 8FD5 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
d810d240-85a0-43f0-a74d-1a0dc5962361
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 83BA 		170 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:52:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
758
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 17:52:35 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/elements/html/ Frame 83BA 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwBPbYW17Exi6t4B2uK4zQAWdi3K7IDi4bUS6IjjvjyQZ5j3JuYKJh-IBPHrM1L39eC7rJcs6fGo5kmqEjYtU4g1D6J3zRxspUTzQ9P3KQ0GoH3w28Ey6QY0vBNquJ5ueCX0kCJgCnnERFwOoGit7G7f4TnA&dbm_d=AKAmf-CYshbTWakvXWDS7fOXAy4cvs7_j8bBetMTprI1HJhwmxdOz1hnEi8VH_j-_0cVZ3f8MG6g_W39mLKAfSewUWtEDM4uac_9fomvpDJlPebs1fXshtoShtJDwfhGRH-r9SvgueGx73Bp_IKfz-PDCs1P9BuTQQTMiLuz3QDSIdTwnk4T_UpoHzRIXDXaEMPDtTKE8fTR-FobKiUMetw1QVaEIfVObdR85YF7ZPCtUpaHwVlw1NcnLrf-ypEakjKw3idLt9WbEnJ28i0Ons4qkhzkj257vmcmDrrLsw0uAg7iv1_7TrOBvINH_rX_wBCRLvHTVUnfFyMn1aUMSqh0w4Naxs6lrMC04ttZSWutCLLuvfMntFXAx5QeM3NQbJlgvBDKUcNq5eCmlsCZNmO4-GNhNcPiKasCwJ7NHt4cIUVNsH-VjNZ5e8eoc90-k92_t2xwSxMlom6bxANXu5aIsK6NXgW_OFSvwT1cfAoXdJJE4OpRKyDd50oJTJ_xhm3pw4hhCF3TQ_0LVX9BNhDH7s2lA7craVBhF7286_Jv8r-nzc9Cr8QzZ9-kCvB2kGL8j7WT7E6hYWltePeuV0mamJpar1K0STl0Bc6ROJK5j06cl8Bx9vW-nWCfdw47Fwg0z-U7joN-eh_Y2e4ckWaa2tTjbMo3y7blXFNFglTIZDeDNwRtAyY8fBaBKdR3zR3qu6NIl5yBJS1iSfMeZYFcYWlxGMIkVMS2-W4Rq3ozUhfL16GZKbYalRVlM5EU5jN24_LNE2_UTHDFcuhV5aTz0SZ6VPEB8YiOOv_ttuQTaaX_R97pCaUVBlfbbDVyfyf9pSy43SantFTfmU80iojwrsyGDUewf4C2GCat4Fcpo_ZRKPsQoZD987IIsT9aXdK70GFxhImzoQi0spKi7f54ZGPpoB_Jx39hgpbO2MNbKfvVDyKTc0vnJJQYJLe-e_NCat2WkSmKQ1wMbENiWOsBcoFcTLejDEb6lz1rXkmaHBEfXCyr5V-1BdvDdZNE-SuVPI7D5uCBUD0JzeO60npFvbdHN5TJz7_BHzNciODqkWoYRrCoWqMnOb9QWjtixOy9tpkW9mN566Dj73E9n_PC269uGv-KXAhEuTgONG0JKbOneHKbw9KDXTkgcy-O5-AL3vlF9aYUFyDo8X2uGkaYITkyFts7vo7wBxoCZfjAvp3US-3OfZnjToP73dQufaEavoWqhCVmhmwFcXa6MiT5ZDlXhOcpITyJNuivzhl-Ff9mdIjpLI3OKHEYp5V4pWcMVjM3TsRmR0-M6ufbZPez-_4UtmCd0bMPfkG0tjjwbzrIzaSIaniZgdqXT1yP9gdP3WaqfBz35lLOG9FN5YqIF6G3P9TphjpWvgPWFgpeeJi3hxxja7TABIWwr9U0xuMt3jQ_6vbMoiRCN5wMN0dVgQopMleyC5OHkiukaMO8Avls0-ZWYBU0XFK8QjIkghrBTWJlZB0nPL1MarFtmsgtQUwCmT3pnTHjwKIC3G3dYi7Zan2dJ8Au52tG2GJjsQgSTQzz4aOMmTRBNS_7Apg-xNyMlJh3xDfkzV-lFGPMCZqURxZjqNN5RxlNZ3BiPNLs6pT-vnAv8jR2tHZhkHU9TwGuu4pDdeaCj1GMNMhI9f3eMTu_cU9kRLL14tzskSgCr12RWbjguGOGtKbuoIqKuyF2q0t1HFaZVxfwccPPNy_38G5zyxr89L7J4WS89ZWob6PHgqJmgjKlewvASpoZUb7n4SfCTm9HJjPrNNSDk3Xq7aG3mDXXZdj5uNMoqzHKDFyJnwu8IkJkgSazUWgSpRrHIorQzhLr7dPqdYeh-L24k8gZ8h41PTSfbAc9hR1rqv2Ib5R5B6JNiAuLE96iH4qhjZwwL56RP2pzplYkWDN0nPrdHbxq0NKer6bhR4pl93Zc6aCj_WXY9r5QbxLEusGrtZUXPn388joH3MGJ4308NFixnAYihaGODbox71jSaOcHG3QLAjk0rSYDVjhHfAKkHDtF3cSViaHEPehhONz_s947wjvsK_CGQgxw-yekt0TLIqh-CS_ChPVDvkb8EBldVVdapHlwVwEHE6JOxeRw61KWmZaP8QKdz4WByRGZfyL76OR1zOCAwa_vVH6BHgtjhh6Bong2CEhygZ1w2cYk86q64-vgsO5Gt4jGpqhba5ZpRImrPhvhZHuwJClKzfrfuXdpxyRtr1R_OykgtgqWYVUFypbbhAOnob3c7dOoC_B-QkKS1eEvL9T-jOrx1jL6q4oQPjdokduYs7FXRn3U_ow6NimORP84h8DJm6Nxejhb3m7haT2JzVPXz05FM1qtD0X6ETNPspEvZaZQWjgDwq8jkSP8TCx0Rs6RJkKEhqMbPB9xf3UluhPN9CSm2ZMQBWUEKdmmiRD9aoQ3I0JbihHxCo034Uq4SxGBwITQx8iwpKEEMQ_SkRcXR1oZi1KUlE1eLI_OWKyHq42xvFDj90pGFPH4huXG0_Net5HSiEIeEM1AJukAk-vI6tf-XLw5r70hW9Zn9KhhWCxCi9nW2Jn-JfHVO-H0AKRWzP5b5JwPZO5RfqOV6yYIPIOf0AeWIX1T-dD99jmSyOmuRywkkPiHEPakAJFN7KjrkizhGsPHFrfTBoE8KxbMU_Ui2H2l9AjY5rDDcPrYExG6pA2uNzL5P6DJ7jo6Kqq_Rk91HLFMpI62Fv-6oWAbgkXXo4TqKMJQyTWyIp8Y2cryWY62n53DSNwKMJ1DWDLafiQ19NrUYUgieCaQzsnAuP2LEv-k1Yt-x0soVJBj6JcMLfEKP81Wb3W34kqRKKn0PnFJXs1wmcl9pb-c-wNq9EjOSAdpwB-0XVTI2E5z1va_ZsW2biY_GQOj4cg0GF38BL62GvAJeySo3lu_-45SKzX56o7EFKqRVV62kbdl3e27HTvE6zf21iPdSuZA2aoMV3mx1TVAlFIQZzGLDKPSj1gcO0MEekZecd-eGznxjEVmN8dTvVkURU7KLal3_sLgdbWApg2GWZm9ak027uAVaOSBtFiNHaZKgvH6ogDw3XyXCspYX-yDNMozjnzmCNfrJDi_S3xL70pA2iYpeDtoT_p3UL7eud40I5bTDdJmDg9Vti-KjvmW07i96O2_U2lWqCoBJtDU5zFcjFIj6QVCgZiMxzzXzgo7XXhim_fo-2uDbQ6iADWx68EQwbpf1ivbI6qiPdsS3ZuzCiGone-09sM_ZVCbV-kFjnr5Y4l60b53DDU8z2PVYcAny5crFE8GWJxEM0JAxKdzeNgvOoyvzZNl8GTK0IG0Dcc09SgtWnY_sW3gdIsn_oWGfuujtruYaNN4eXbtJGtWN-OF7X6JolUauoHb-U4Pt7L06vejxgYi1IMNd_OVRYHX2AiP366-16loRX5o1vGuFQQqlSVKVHjaQACX4zpgaK9wC3RCfC3v0i5cYleWheXj8kQMagiU0cr9pBmPUduWabtYZ8brnVeewkBog0E4lg&cid=CAASEuRoSQuFOlHFR99DynEXPlBzOA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:04:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
18418590997839133011
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 18:04:56 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/ Frame 83BA 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BwBPbYW17Exi6t4B2uK4zQAWdi3K7IDi4bUS6IjjvjyQZ5j3JuYKJh-IBPHrM1L39eC7rJcs6fGo5kmqEjYtU4g1D6J3zRxspUTzQ9P3KQ0GoH3w28Ey6QY0vBNquJ5ueCX0kCJgCnnERFwOoGit7G7f4TnA&dbm_d=AKAmf-CYshbTWakvXWDS7fOXAy4cvs7_j8bBetMTprI1HJhwmxdOz1hnEi8VH_j-_0cVZ3f8MG6g_W39mLKAfSewUWtEDM4uac_9fomvpDJlPebs1fXshtoShtJDwfhGRH-r9SvgueGx73Bp_IKfz-PDCs1P9BuTQQTMiLuz3QDSIdTwnk4T_UpoHzRIXDXaEMPDtTKE8fTR-FobKiUMetw1QVaEIfVObdR85YF7ZPCtUpaHwVlw1NcnLrf-ypEakjKw3idLt9WbEnJ28i0Ons4qkhzkj257vmcmDrrLsw0uAg7iv1_7TrOBvINH_rX_wBCRLvHTVUnfFyMn1aUMSqh0w4Naxs6lrMC04ttZSWutCLLuvfMntFXAx5QeM3NQbJlgvBDKUcNq5eCmlsCZNmO4-GNhNcPiKasCwJ7NHt4cIUVNsH-VjNZ5e8eoc90-k92_t2xwSxMlom6bxANXu5aIsK6NXgW_OFSvwT1cfAoXdJJE4OpRKyDd50oJTJ_xhm3pw4hhCF3TQ_0LVX9BNhDH7s2lA7craVBhF7286_Jv8r-nzc9Cr8QzZ9-kCvB2kGL8j7WT7E6hYWltePeuV0mamJpar1K0STl0Bc6ROJK5j06cl8Bx9vW-nWCfdw47Fwg0z-U7joN-eh_Y2e4ckWaa2tTjbMo3y7blXFNFglTIZDeDNwRtAyY8fBaBKdR3zR3qu6NIl5yBJS1iSfMeZYFcYWlxGMIkVMS2-W4Rq3ozUhfL16GZKbYalRVlM5EU5jN24_LNE2_UTHDFcuhV5aTz0SZ6VPEB8YiOOv_ttuQTaaX_R97pCaUVBlfbbDVyfyf9pSy43SantFTfmU80iojwrsyGDUewf4C2GCat4Fcpo_ZRKPsQoZD987IIsT9aXdK70GFxhImzoQi0spKi7f54ZGPpoB_Jx39hgpbO2MNbKfvVDyKTc0vnJJQYJLe-e_NCat2WkSmKQ1wMbENiWOsBcoFcTLejDEb6lz1rXkmaHBEfXCyr5V-1BdvDdZNE-SuVPI7D5uCBUD0JzeO60npFvbdHN5TJz7_BHzNciODqkWoYRrCoWqMnOb9QWjtixOy9tpkW9mN566Dj73E9n_PC269uGv-KXAhEuTgONG0JKbOneHKbw9KDXTkgcy-O5-AL3vlF9aYUFyDo8X2uGkaYITkyFts7vo7wBxoCZfjAvp3US-3OfZnjToP73dQufaEavoWqhCVmhmwFcXa6MiT5ZDlXhOcpITyJNuivzhl-Ff9mdIjpLI3OKHEYp5V4pWcMVjM3TsRmR0-M6ufbZPez-_4UtmCd0bMPfkG0tjjwbzrIzaSIaniZgdqXT1yP9gdP3WaqfBz35lLOG9FN5YqIF6G3P9TphjpWvgPWFgpeeJi3hxxja7TABIWwr9U0xuMt3jQ_6vbMoiRCN5wMN0dVgQopMleyC5OHkiukaMO8Avls0-ZWYBU0XFK8QjIkghrBTWJlZB0nPL1MarFtmsgtQUwCmT3pnTHjwKIC3G3dYi7Zan2dJ8Au52tG2GJjsQgSTQzz4aOMmTRBNS_7Apg-xNyMlJh3xDfkzV-lFGPMCZqURxZjqNN5RxlNZ3BiPNLs6pT-vnAv8jR2tHZhkHU9TwGuu4pDdeaCj1GMNMhI9f3eMTu_cU9kRLL14tzskSgCr12RWbjguGOGtKbuoIqKuyF2q0t1HFaZVxfwccPPNy_38G5zyxr89L7J4WS89ZWob6PHgqJmgjKlewvASpoZUb7n4SfCTm9HJjPrNNSDk3Xq7aG3mDXXZdj5uNMoqzHKDFyJnwu8IkJkgSazUWgSpRrHIorQzhLr7dPqdYeh-L24k8gZ8h41PTSfbAc9hR1rqv2Ib5R5B6JNiAuLE96iH4qhjZwwL56RP2pzplYkWDN0nPrdHbxq0NKer6bhR4pl93Zc6aCj_WXY9r5QbxLEusGrtZUXPn388joH3MGJ4308NFixnAYihaGODbox71jSaOcHG3QLAjk0rSYDVjhHfAKkHDtF3cSViaHEPehhONz_s947wjvsK_CGQgxw-yekt0TLIqh-CS_ChPVDvkb8EBldVVdapHlwVwEHE6JOxeRw61KWmZaP8QKdz4WByRGZfyL76OR1zOCAwa_vVH6BHgtjhh6Bong2CEhygZ1w2cYk86q64-vgsO5Gt4jGpqhba5ZpRImrPhvhZHuwJClKzfrfuXdpxyRtr1R_OykgtgqWYVUFypbbhAOnob3c7dOoC_B-QkKS1eEvL9T-jOrx1jL6q4oQPjdokduYs7FXRn3U_ow6NimORP84h8DJm6Nxejhb3m7haT2JzVPXz05FM1qtD0X6ETNPspEvZaZQWjgDwq8jkSP8TCx0Rs6RJkKEhqMbPB9xf3UluhPN9CSm2ZMQBWUEKdmmiRD9aoQ3I0JbihHxCo034Uq4SxGBwITQx8iwpKEEMQ_SkRcXR1oZi1KUlE1eLI_OWKyHq42xvFDj90pGFPH4huXG0_Net5HSiEIeEM1AJukAk-vI6tf-XLw5r70hW9Zn9KhhWCxCi9nW2Jn-JfHVO-H0AKRWzP5b5JwPZO5RfqOV6yYIPIOf0AeWIX1T-dD99jmSyOmuRywkkPiHEPakAJFN7KjrkizhGsPHFrfTBoE8KxbMU_Ui2H2l9AjY5rDDcPrYExG6pA2uNzL5P6DJ7jo6Kqq_Rk91HLFMpI62Fv-6oWAbgkXXo4TqKMJQyTWyIp8Y2cryWY62n53DSNwKMJ1DWDLafiQ19NrUYUgieCaQzsnAuP2LEv-k1Yt-x0soVJBj6JcMLfEKP81Wb3W34kqRKKn0PnFJXs1wmcl9pb-c-wNq9EjOSAdpwB-0XVTI2E5z1va_ZsW2biY_GQOj4cg0GF38BL62GvAJeySo3lu_-45SKzX56o7EFKqRVV62kbdl3e27HTvE6zf21iPdSuZA2aoMV3mx1TVAlFIQZzGLDKPSj1gcO0MEekZecd-eGznxjEVmN8dTvVkURU7KLal3_sLgdbWApg2GWZm9ak027uAVaOSBtFiNHaZKgvH6ogDw3XyXCspYX-yDNMozjnzmCNfrJDi_S3xL70pA2iYpeDtoT_p3UL7eud40I5bTDdJmDg9Vti-KjvmW07i96O2_U2lWqCoBJtDU5zFcjFIj6QVCgZiMxzzXzgo7XXhim_fo-2uDbQ6iADWx68EQwbpf1ivbI6qiPdsS3ZuzCiGone-09sM_ZVCbV-kFjnr5Y4l60b53DDU8z2PVYcAny5crFE8GWJxEM0JAxKdzeNgvOoyvzZNl8GTK0IG0Dcc09SgtWnY_sW3gdIsn_oWGfuujtruYaNN4eXbtJGtWN-OF7X6JolUauoHb-U4Pt7L06vejxgYi1IMNd_OVRYHX2AiP366-16loRX5o1vGuFQQqlSVKVHjaQACX4zpgaK9wC3RCfC3v0i5cYleWheXj8kQMagiU0cr9pBmPUduWabtYZ8brnVeewkBog0E4lg&cid=CAASEuRoSQuFOlHFR99DynEXPlBzOA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:03:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
100
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11819
x-xss-protection
0
server
cafe
etag
10563440404697844360
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 18:03:33 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 2838 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220816&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
50c76a75b7566cb5587975dccb659810f5ce9297327b12bf40268ef49925dc9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10847
x-xss-protection
0
PugMaster
image6.pubmatic.com/AdServer/ Frame CD6C 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=4610761&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:12 GMT
content-length
0
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame BFA3 		170 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:52:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
758
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 17:52:35 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/elements/html/ Frame BFA3 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DfIqEckHX_p2Rk3YwRfpj4HqtWCX26MXqU_023gWXFZMDfLChZQjJRf5WfxN9m1BzrWWtx0tCt1Ay_ODwtHttuyy5B3d68j_zG27INaYeabTDDYrgEVk0JcfLMXsFI4IDiJj2u3Fom4ZUOH7FBf7pHs3TZBQ&dbm_d=AKAmf-DpwSbhmAoha9__CGbHp-HvZHqDccWy1WlT7Ar4QVMUFTP7PGAaf7tGT_EGS10S2Qg30Dx8NZRNUgrZyobw6WYVp1Lw6_7ZRSBkAh8H8hUS8Lk01ao7miSU3ll0FC9VRKaeq3d9jc2e7dVCS6q9i7mIuLr0rPKlXs1K_jgb0O1EswIX--f0-zGhyBVgR_jqWr78vQxlXhZFLNsFuSe1KHlp6vT1kYYde-CcdXsOh5GkbxV-9KpE9X1Dvle1L8y_5d6TPqop73PpfXKyG4g6fHnv61v4Y6hrLVHNsIyoo84xWRhzWVtPMK8qIfUERQ6a8ySPFRcSAoEKbe77SN_a6ORY636ALbCU6xTSk_xcp0jeF4uzyCODQP7pTpgAjKouVJEjPwVbK2lCO0uMqZ4KGMYoetuGNsh0mVn9oINhRSzCHkurfQuZAczdTVFOOpTEdBvGOvFn8kw1QjWSIbZF1UTPCg30bcciH3U6DK88VOFxgXYfSskJxm96-S2rZYh5dYfyX9anZ-piLbNbLB-dPwG6GnzONF4OS8nkrG2RN7Wu-3Q7ssqrjEc2Di_X0oqkzXnn1v3gr86dGHwv330h0vKSHdnjEYbrMX7nTmnN-pPPN9L8mCiDcb6uAfDoPUYt1DORdUybNSfs90N28WgamT22GuVJd13EbEUJkRd6f_jd2kQcUTuwYOt3QAVwJwXlZE6x8TPCptArWCbwiQlgnKPM3ogVpLjsVceAeCIGnur0R3Lh5Sdm9M1tNm1pPs2SO7_zdHUpDZYrWCQ4oqJKmUvWQgQPQh2aWI_mhW1D1X_B-r1_ZET5j4Fr5Dt3tKY5Cj9DLCyO0HPzYW3Sjch9xZULMlLvc8qvhjfgM0N4j6yXpYkbtEpOFVjh3mTPMX373lrhf9KXtaZK2nl3IWd5-X1v1X_jGI8RcOAPNnEwB-yldxbxhrsnhcTL7vxz32Ch50gyi2qCkOEULHZkAapT_6JlhVKxSaXJqM6xdoXQZfgYOrMFpRBqGGBhaDIX2j_Cd6_lPN_U_iGAH0ggrsHfBuiQaZFcFex9g-Ytawngbc7W6xSgTDISXKkisyE6XXeG0Lgp5mtqygEP7EJ8t4k96VjLXJ668HgDvG72qK-j0KJxhaWBXGtBMRnZ33m54-WaaLYtB5E1SvQSywsxVZ6TWXIOnt-OE8qeLREt0AQ-s5eiHwdYkHm3Q84j3CCuDbZbKJzwcNvijAW-ODQGWJKw2EPCOioSUpsyJSsiy0deATIGd3dX7_L1Ej41yuExBW8KwDtFdRQxvS46kUDULEMfjakbj-zndsnONaG1E7ExISr7WlrlviGcrEruCRxcUu0fKDsDJVMuxo5gtlOQ_5moz-wb2dqCUlZilmBKNhHDoR04GxamNdWuc3drOvRMkrsfGww3J2CBTDxEfsKEDGbdKmsXGe-o5xOh8r8C95_4oisE2El2C-b3nTK03dVtolZt-tCqXcI6srFHVo4YIOfU7YWHxuE_fIO9RDFwlQGRum7kzTJNlIcaXozD6P0PneDr0bUu8h50wSkCbfRgblJYg_I3Z-UR3EyLBWXzdXIwIqzSOXVVu29Y2z3adRPI1J98ovy2sT_m5K_NYRze0BQ4OQjR6L4-66s73cnd4Gcd9WZvT4Sbro50FW0bLoGbwdlOhVcUNGKvFe9L0cGMpr7yt_mHmC3s-0Mx32aYQZTs_Nyhepcysrf9ukJsUxidwh_HovL6S07o8A4CFmvIPD4-ByK3fujatBbjzba2wwT3emV_xmv3CxsJJ87YZ35f8u9K7U2fqnjtljjNyvwHJBltsjYMXhWnxKoB8gi0QdI80OxS3516yl3sRkVOjwGfAJfxHDITZCzbUJrAAKuChiaEvtcPqfQgkAgaV8EM-APFzny78PKBVvIVPtusrZOTe0CuqX8lpomLmKBNEJTbCge7l7wy9Kk16PqwUEKm2g1gAjXJwyLV4NF3wjwtKP4wBxLG0kb6DtlMg8_s5dDhlTcPegItFStW3ABsjgijnfnmOanaP9ww6omDpUsIj2bDlGSlTqUlTY1Fs-_f9I2138MYgoXbsffKa9k8tf_tPlBJmMDtLR6iW7TYJYULTGrj8PyhEN04AcxM0U6mI4X_p5Z8DbYRb2-cn0Rf1AsZpkactJFEvcRYzmo0pGWBg_0vv8d5Q0tBZbPUxMApfntKMBxdcCp6IxFFJpIwmFb5YE_JviZT5QoKH20xmldwDGjXpda4YOeG8Am-a3i0QT7TatO2ArGDRfZYsFrWUQOX6EasZMQvYfVadaFI7va9zMdCH610Ue5PVI6vVeCdGEXRYoOLn9s8AwnRT6Xp6ljUv5JQ2-SF6MN9ZYNZns8do9vRmYpOEJn62udnXgluj1R5-3sFPWkamz6oKvCl84W-THVpyX9cw2vssl7DDuZUbf7q34wTC3wPAayihcUEIsmd1secgjjgdGPFW_eWWdLWSD8ZqfEo_TqqSoVPG8UYsF9r0vxDuJ0UmpLUy-1tPZ2trPVjDUs0ReLylHorbo5tBvZ5LDvPz2v37V1HB1p0jyxXN7M61uUH1cJceH2jPc9A220JMyR_7_DvnA-iuqKHIJrufv-X3SCIxDBlApKLX5Qm1htK52A6UELa2rnNvhohCeSNC8sIyuIYfHGHghDDMPXJ6yZHCIODvbRNwHcz3spwkmWBGGDrdNpNDFUy-86uQl9DvVVXfArvsfOxiV2adgBhKVHzH6cgJJZv-x1WdNXUH_Mr3XYxHrFXC2CxnFaYpCgw4FEtDnA5qWXLHZeoYRLgehPDS_uqXdEnMuBd1zmm0KG42rzYnsPp9A-sYCOBrUx5W168GWdVILoX6GgxtAkR7elH_qqGYwYhLu4jT5l1r_AE-qqzmnZb1XRXRiUeQu7JY_jhbmfIbjyZwZswRL2vsrSOLodUxu2ezX_85-NEkkh5xpgjBmv4Qtob9PiZW-YblP8rr1UQN_wldGDwtpcZ1SrWVcsEpqTJ66ldrDzua5Nl01p8pCeugm8k0DeWeJyBbzSrlITGKX8Uxu7FM4W7LjRIZVgH9bLikgZrNtkUsLlSSJnrDkDSBhGcr2sHfr2JpKotFNjTC1H-vcrX4f9YWGSQnnLyEGT77E9xFYkY1EyZ1hPF3DeHYgoCLs8XR9LrnRCgTIUOP18yGLXWkyIpKSCQRgbQjQsX65NWEIDYhLHMHU84F05jf79I_wo5YT9VtCe0wbSJUY4UQ-PsAkdpc0N1bYQ5Tx1hsePg7S3sFKl3ZTVsC-mmL4vo9htunBostmZYABtrxCuifjbmfCWvA-gx_buBcv1RZ3qGxs6bTbYVTo4hHRBSPUdin5SNKUirpHDLxjby1S6AERql7icVPHwD6HoJy7OnoKQNkFA-Rblys_WHkr-DpzDy33atOyVHrsYuRGCKFab0l2dku5fSZP_TkjNAT-nMIyLpRih9b8-ZPuXJsnEsxbOmJTFK5dQUUTxgWsAvCQ&cid=CAASEuRoFUZbHR39NO5s_6OiN-Wgfw&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:04:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
18418590997839133011
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 18:04:56 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/ Frame BFA3 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220816/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DfIqEckHX_p2Rk3YwRfpj4HqtWCX26MXqU_023gWXFZMDfLChZQjJRf5WfxN9m1BzrWWtx0tCt1Ay_ODwtHttuyy5B3d68j_zG27INaYeabTDDYrgEVk0JcfLMXsFI4IDiJj2u3Fom4ZUOH7FBf7pHs3TZBQ&dbm_d=AKAmf-DpwSbhmAoha9__CGbHp-HvZHqDccWy1WlT7Ar4QVMUFTP7PGAaf7tGT_EGS10S2Qg30Dx8NZRNUgrZyobw6WYVp1Lw6_7ZRSBkAh8H8hUS8Lk01ao7miSU3ll0FC9VRKaeq3d9jc2e7dVCS6q9i7mIuLr0rPKlXs1K_jgb0O1EswIX--f0-zGhyBVgR_jqWr78vQxlXhZFLNsFuSe1KHlp6vT1kYYde-CcdXsOh5GkbxV-9KpE9X1Dvle1L8y_5d6TPqop73PpfXKyG4g6fHnv61v4Y6hrLVHNsIyoo84xWRhzWVtPMK8qIfUERQ6a8ySPFRcSAoEKbe77SN_a6ORY636ALbCU6xTSk_xcp0jeF4uzyCODQP7pTpgAjKouVJEjPwVbK2lCO0uMqZ4KGMYoetuGNsh0mVn9oINhRSzCHkurfQuZAczdTVFOOpTEdBvGOvFn8kw1QjWSIbZF1UTPCg30bcciH3U6DK88VOFxgXYfSskJxm96-S2rZYh5dYfyX9anZ-piLbNbLB-dPwG6GnzONF4OS8nkrG2RN7Wu-3Q7ssqrjEc2Di_X0oqkzXnn1v3gr86dGHwv330h0vKSHdnjEYbrMX7nTmnN-pPPN9L8mCiDcb6uAfDoPUYt1DORdUybNSfs90N28WgamT22GuVJd13EbEUJkRd6f_jd2kQcUTuwYOt3QAVwJwXlZE6x8TPCptArWCbwiQlgnKPM3ogVpLjsVceAeCIGnur0R3Lh5Sdm9M1tNm1pPs2SO7_zdHUpDZYrWCQ4oqJKmUvWQgQPQh2aWI_mhW1D1X_B-r1_ZET5j4Fr5Dt3tKY5Cj9DLCyO0HPzYW3Sjch9xZULMlLvc8qvhjfgM0N4j6yXpYkbtEpOFVjh3mTPMX373lrhf9KXtaZK2nl3IWd5-X1v1X_jGI8RcOAPNnEwB-yldxbxhrsnhcTL7vxz32Ch50gyi2qCkOEULHZkAapT_6JlhVKxSaXJqM6xdoXQZfgYOrMFpRBqGGBhaDIX2j_Cd6_lPN_U_iGAH0ggrsHfBuiQaZFcFex9g-Ytawngbc7W6xSgTDISXKkisyE6XXeG0Lgp5mtqygEP7EJ8t4k96VjLXJ668HgDvG72qK-j0KJxhaWBXGtBMRnZ33m54-WaaLYtB5E1SvQSywsxVZ6TWXIOnt-OE8qeLREt0AQ-s5eiHwdYkHm3Q84j3CCuDbZbKJzwcNvijAW-ODQGWJKw2EPCOioSUpsyJSsiy0deATIGd3dX7_L1Ej41yuExBW8KwDtFdRQxvS46kUDULEMfjakbj-zndsnONaG1E7ExISr7WlrlviGcrEruCRxcUu0fKDsDJVMuxo5gtlOQ_5moz-wb2dqCUlZilmBKNhHDoR04GxamNdWuc3drOvRMkrsfGww3J2CBTDxEfsKEDGbdKmsXGe-o5xOh8r8C95_4oisE2El2C-b3nTK03dVtolZt-tCqXcI6srFHVo4YIOfU7YWHxuE_fIO9RDFwlQGRum7kzTJNlIcaXozD6P0PneDr0bUu8h50wSkCbfRgblJYg_I3Z-UR3EyLBWXzdXIwIqzSOXVVu29Y2z3adRPI1J98ovy2sT_m5K_NYRze0BQ4OQjR6L4-66s73cnd4Gcd9WZvT4Sbro50FW0bLoGbwdlOhVcUNGKvFe9L0cGMpr7yt_mHmC3s-0Mx32aYQZTs_Nyhepcysrf9ukJsUxidwh_HovL6S07o8A4CFmvIPD4-ByK3fujatBbjzba2wwT3emV_xmv3CxsJJ87YZ35f8u9K7U2fqnjtljjNyvwHJBltsjYMXhWnxKoB8gi0QdI80OxS3516yl3sRkVOjwGfAJfxHDITZCzbUJrAAKuChiaEvtcPqfQgkAgaV8EM-APFzny78PKBVvIVPtusrZOTe0CuqX8lpomLmKBNEJTbCge7l7wy9Kk16PqwUEKm2g1gAjXJwyLV4NF3wjwtKP4wBxLG0kb6DtlMg8_s5dDhlTcPegItFStW3ABsjgijnfnmOanaP9ww6omDpUsIj2bDlGSlTqUlTY1Fs-_f9I2138MYgoXbsffKa9k8tf_tPlBJmMDtLR6iW7TYJYULTGrj8PyhEN04AcxM0U6mI4X_p5Z8DbYRb2-cn0Rf1AsZpkactJFEvcRYzmo0pGWBg_0vv8d5Q0tBZbPUxMApfntKMBxdcCp6IxFFJpIwmFb5YE_JviZT5QoKH20xmldwDGjXpda4YOeG8Am-a3i0QT7TatO2ArGDRfZYsFrWUQOX6EasZMQvYfVadaFI7va9zMdCH610Ue5PVI6vVeCdGEXRYoOLn9s8AwnRT6Xp6ljUv5JQ2-SF6MN9ZYNZns8do9vRmYpOEJn62udnXgluj1R5-3sFPWkamz6oKvCl84W-THVpyX9cw2vssl7DDuZUbf7q34wTC3wPAayihcUEIsmd1secgjjgdGPFW_eWWdLWSD8ZqfEo_TqqSoVPG8UYsF9r0vxDuJ0UmpLUy-1tPZ2trPVjDUs0ReLylHorbo5tBvZ5LDvPz2v37V1HB1p0jyxXN7M61uUH1cJceH2jPc9A220JMyR_7_DvnA-iuqKHIJrufv-X3SCIxDBlApKLX5Qm1htK52A6UELa2rnNvhohCeSNC8sIyuIYfHGHghDDMPXJ6yZHCIODvbRNwHcz3spwkmWBGGDrdNpNDFUy-86uQl9DvVVXfArvsfOxiV2adgBhKVHzH6cgJJZv-x1WdNXUH_Mr3XYxHrFXC2CxnFaYpCgw4FEtDnA5qWXLHZeoYRLgehPDS_uqXdEnMuBd1zmm0KG42rzYnsPp9A-sYCOBrUx5W168GWdVILoX6GgxtAkR7elH_qqGYwYhLu4jT5l1r_AE-qqzmnZb1XRXRiUeQu7JY_jhbmfIbjyZwZswRL2vsrSOLodUxu2ezX_85-NEkkh5xpgjBmv4Qtob9PiZW-YblP8rr1UQN_wldGDwtpcZ1SrWVcsEpqTJ66ldrDzua5Nl01p8pCeugm8k0DeWeJyBbzSrlITGKX8Uxu7FM4W7LjRIZVgH9bLikgZrNtkUsLlSSJnrDkDSBhGcr2sHfr2JpKotFNjTC1H-vcrX4f9YWGSQnnLyEGT77E9xFYkY1EyZ1hPF3DeHYgoCLs8XR9LrnRCgTIUOP18yGLXWkyIpKSCQRgbQjQsX65NWEIDYhLHMHU84F05jf79I_wo5YT9VtCe0wbSJUY4UQ-PsAkdpc0N1bYQ5Tx1hsePg7S3sFKl3ZTVsC-mmL4vo9htunBostmZYABtrxCuifjbmfCWvA-gx_buBcv1RZ3qGxs6bTbYVTo4hHRBSPUdin5SNKUirpHDLxjby1S6AERql7icVPHwD6HoJy7OnoKQNkFA-Rblys_WHkr-DpzDy33atOyVHrsYuRGCKFab0l2dku5fSZP_TkjNAT-nMIyLpRih9b8-ZPuXJsnEsxbOmJTFK5dQUUTxgWsAvCQ&cid=CAASEuRoFUZbHR39NO5s_6OiN-Wgfw&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:03:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
100
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11819
x-xss-protection
0
server
cafe
etag
10563440404697844360
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 01 Sep 2022 18:03:33 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 83BA 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 14:07:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
100670
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 17 Aug 2023 14:07:23 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame E7F7 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
12520
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 14:36:33 GMT
etag
48472445140208031
expires
Fri, 19 Aug 2022 14:36:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 83BA 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31da0e07675320f1e726da00ef0192d7e63873496538f236dfb58f970bd04dab

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame BFA3 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 14:07:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
100670
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 17 Aug 2023 14:07:23 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 62C6 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
12520
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 14:36:33 GMT
etag
48472445140208031
expires
Fri, 19 Aug 2022 14:36:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame BFA3 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98bcb906392d785020c8304523edbd356c95ff2f706e47672a59e4ed2d7258ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png
dot.gif
s0.2mdn.net/ Frame E7F7 		43 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEGKciQRFcGIkPQba998DMTs&google_cver=1&google_push=AehlK4CKfS5X65Bh_niM3T_P3z53ZOeTYIXCU0hW7KxkHPKgZ4ddrBtfBywqdR1QdDgT7snkR11WfZJDIuIc_rpoFTdop0h1aMwy
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 18:05:13 GMT
pixel
cm.g.doubleclick.net/ Frame E7F7
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELrEJITBFhanCYOBxaej-dk&google_cver=1&google_push=AehlK4ACwq1YM_rKV-V8eO-YtRtCL9kDgddDbFCPUs2nm3ZAGwiIYlkXM77_TDS8tR_zzgl4RVvpVZ3C...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1NjIyOTMwNjI5MDUxNDk2Nw&google_push=AehlK4ACwq1YM_rKV-V8eO-YtRtCL9kDgddDbFCPUs2nm3ZAGwiIYlkXM77_TDS8tR_zzgl4RVvpVZ...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1NjIyOTMwNjI5MDUxNDk2Nw&google_push=AehlK4ACwq1YM_rKV-V8eO-YtRtCL9kDgddDbFCPUs2nm3ZAGwiIYlkXM77_TDS8tR_zzgl4RVvpVZ3CfC84D5LLO8rOQVk7aoQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1NjIyOTMwNjI5MDUxNDk2Nw&google_push=AehlK4ACwq1YM_rKV-V8eO-YtRtCL9kDgddDbFCPUs2nm3ZAGwiIYlkXM77_TDS8tR_zzgl4RVvpVZ3CfC84D5LLO8rOQVk7aoQ
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame E7F7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&google_gid=CAESEOHvWR-pPz5C3vIHAA54z_E&google_cver=1&google_push=AehlK4B8DLNF3hcIceCMhQSqr8ue6knb-Kz2X9LUoD5Lx3uGuewqoy5ugnWOn7yOhMsHXtOGYqJphaQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTI2ZTJkNDhlZDYxNTEyZDRmY2Y3ZGI0ZDI5OWUzMzc1OWQ3MjNmNg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
sync
dsp.adkernel.com/ Frame E7F7 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEFzY9kYo6uVCvD0ajyeIR84&google_cver=1&google_push=AehlK4BwvTHh1fdTE4Em8NSn1y7bsEw2veuIwQdUbyJPdEg1sbyMBKXGBqqgzNRGi3IuHraEm0AJr5JmrxhyYZMxGI6-1vRRDLDQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
pixel
cm.g.doubleclick.net/ Frame E7F7
Redirect Chain
  • https://match.360yield.com/match/ebda?google_gid=CAESEPyaPu3unbkQ8IQflpDiYKs&google_cver=1&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge3sHNQT...
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEPyaPu3unbkQ8IQflpDiYKs&google_cver=1&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=X3VdaKu9St2AXM-8ugsbcQ&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1G...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=X3VdaKu9St2AXM-8ugsbcQ&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge3sHNQTfD8Xjc
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=X3VdaKu9St2AXM-8ugsbcQ&google_push=AehlK4ATIxGj05C-AQUCmtUKLouFf4j2VTdn_Rl7kLDcHKjTBzVCeZnSv3o6crtDdRpxiGsFYM-zarbw5Twgl1Ge3sHNQTfD8Xjc
date
Thu, 18 Aug 2022 18:05:13 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
/
cc.adingo.jp/adx/push/ Frame E7F7 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cc.adingo.jp/adx/push/?google_gid=CAESEEEpseYqdig7ZrX-ohx-QkY&google_cver=1&google_push=AehlK4BJw4RsUW-Wff9j9pGJhSJu5N3mjPnFKYlnA43ELmGJvquVEec_2myypypBhWqDtUuIMR7bvv8zLCgZeDL8LSpV_QOm_kJd
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.64.135.73 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-64-135-73.ap-northeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
server
awselb/2.0
dot.gif
s0.2mdn.net/ Frame E7F7 		43 B
586 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEAPHnV_yPabTQne8L_1VKDs&google_cver=1&google_push=AehlK4CxzSzf21otke72jLTZx_4hv2yOByzvXcQSqB3-_bdWgaZFZzGRwIbHfAAZk9n_GKfZpl5CuEs_AH7GbNiGBI-sYEPQ9Sg1dw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 18:05:13 GMT
attr
cm.g.doubleclick.net/pixel/ Frame E7F7 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K2Xi60pVQK5LJE4JTy5jX5zutq5xiv0wjTc3ZAl_8utma76kWKGvYsneOH2L-NjQL6D1q15Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
current
dclk-match.dotomi.com/match/bounce/ Frame 62C6 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOB_7bbf_vrXDbVPmDr2_ww&google_cver=1&google_push=AehlK4BHOLBlu_eC_fHKIIVGSJxk8tO9IblTfun7NDmqvALcxQVaD9ZIsDUvgfoNHCOdVCLi5WK87-W8_3_Kvn4ONRjTD4XMgz2f
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 62C6
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJueZdwJttBIGw1_hGqwxoQ&google_cver=1&google_push=AehlK4B5ga5BriElSiXXYCTpic6XoL1kijjw9jAMK1hv_BbCIhc0zgngxM6vfZJI7tFk3-X1bJfo4ahQ1QDw5odu...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=1yRi_n9WSwCAXpCzoIK-jw&google_push=AehlK4B5ga5BriElSiXXYCTpic6XoL1kijjw9jAMK1hv_BbCIhc0zgngxM6vfZJI7tFk3-X1bJfo4ahQ1QDw5oduqBimDVXISQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=1yRi_n9WSwCAXpCzoIK-jw&google_push=AehlK4B5ga5BriElSiXXYCTpic6XoL1kijjw9jAMK1hv_BbCIhc0zgngxM6vfZJI7tFk3-X1bJfo4ahQ1QDw5oduqBimDVXISQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 18 Aug 2022 18:05:13 GMT
Server
MT3 4494 7cf1da7 master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=1yRi_n9WSwCAXpCzoIK-jw&google_push=AehlK4B5ga5BriElSiXXYCTpic6XoL1kijjw9jAMK1hv_BbCIhc0zgngxM6vfZJI7tFk3-X1bJfo4ahQ1QDw5oduqBimDVXISQ
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 18 Aug 2022 18:05:12 GMT
pixel
cm.g.doubleclick.net/ Frame 62C6
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKIO7pgnlXKKAzf3fWv3MvI&google_cver=1&google_push=AehlK4CtGO_4bctNLEu2oJlseS6oxzOjOJhJRJC1M2h_c7cwhqObbMa4R05-b-Bu8QnJbEKfdG_i4_GPgmW0im...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEzMzI3ODg2Mjg3MzAwMDA3OQ%3D%3D&google_push=AehlK4CtGO_4bctNLEu2oJlseS6oxzOjOJhJRJC1M2h_c7cwhqObbMa4R05-b-Bu8QnJbEKfdG_i4_GPgmW0imngLk...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEzMzI3ODg2Mjg3MzAwMDA3OQ%3D%3D&google_push=AehlK4CtGO_4bctNLEu2oJlseS6oxzOjOJhJRJC1M2h_c7cwhqObbMa4R05-b-Bu8QnJbEKfdG_i4_GPgmW0imngLkh8yS0PnsH2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEzMzI3ODg2Mjg3MzAwMDA3OQ%3D%3D&google_push=AehlK4CtGO_4bctNLEu2oJlseS6oxzOjOJhJRJC1M2h_c7cwhqObbMa4R05-b-Bu8QnJbEKfdG_i4_GPgmW0imngLkh8yS0PnsH2
Date
Thu, 18 Aug 2022 18:05:13 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
pixel
cm.g.doubleclick.net/ Frame 62C6
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECKU5J5fn5_dX_ZqOqmPXS0&google_cver=1&google_push=AehlK4AlFedqJep-mptLMWw9Ny8INVqTplBfkQnwl60AlCrvoL4N19Fk7oqDhoNVxHPUSJS6AjhyGLHU0wgdCtuXReTiSbQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AlFedqJep-mptLMWw9Ny8INVqTplBfkQnwl60AlCrvoL4N19Fk7oqDhoNVxHPUSJS6AjhyGLHU0wgdCtuXReTiSbQ78Wpp&google_hm=NTc5OTc3NjE4OTc5NDgyMz...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AlFedqJep-mptLMWw9Ny8INVqTplBfkQnwl60AlCrvoL4N19Fk7oqDhoNVxHPUSJS6AjhyGLHU0wgdCtuXReTiSbQ78Wpp&google_hm=NTc5OTc3NjE4OTc5NDgyMzcwOA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 18 Aug 2022 18:05:13 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AlFedqJep-mptLMWw9Ny8INVqTplBfkQnwl60AlCrvoL4N19Fk7oqDhoNVxHPUSJS6AjhyGLHU0wgdCtuXReTiSbQ78Wpp&google_hm=NTc5OTc3NjE4OTc5NDgyMzcwOA%3D%3D
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame 62C6
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJjtWnS3r98Re3Amiyjndbg&google_cver=1&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEJjtWnS3r98Re3Amiyjndbg&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK7uoNde8dNHwrVSE&google_hm=cExNeU9PY1FDN2R1b09s...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK7uoNde8dNHwrVSE&google_hm=cExNeU9PY1FDN2R1b09sY1ZtdXE=
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:13 GMT
P3p
CP="We do not support P3P header."
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AehlK4CEuLM1Vk7XVuJXR5Hc7T-bSVcCnMpdhwBdCghCpeFtDz9yWFN3gukY_PyzXrvAXYtWSohQsC7TVfRwK7uoNde8dNHwrVSE&google_hm=cExNeU9PY1FDN2R1b09sY1ZtdXE=
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
236
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 62C6
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHyueEQzgjK2B1RvfF5N8i8&google_cver=1&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7e
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MjIyNjQ4ODEyMjIyNzQ5OTQ2&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ft...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MjIyNjQ4ODEyMjIyNzQ5OTQ2&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7e
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTE0MjIyNjQ4ODEyMjIyNzQ5OTQ2&google_push=AehlK4A_pcsbv9hJkzU97koD01zOZPHVDp0fg9C2nVzpTdlpTqGbb0zSuIwNG3ftwu0y6Xah7hx0Jbw3CJuxhXeca4R_zXkuUK7e
date
Thu, 18 Aug 2022 18:05:13 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
um
sync.teads.tv/ Frame 62C6 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEEb5XwmL0C-u8aQ3rNocRpE&google_cver=1&google_push=AehlK4BcIY94jyqEbaYW6GvFVM7rUxeHXO2JRom-t8I5PXknxpsPnXJu4VyKtpF6-Ae8O8MyKueIIRlFzxNadLWcwC9p0MS4lZ1d6Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.72 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-72.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.8 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 18 Aug 2022 18:05:13 GMT
server
akka-http/10.2.8
content-length
23
content-type
image/gif
attr
cm.g.doubleclick.net/pixel/ Frame 62C6 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JsSlXaOwdP0FBzXLiIxX2W6aiL-bmO-BD2I02S4Kw03H9qUdcq-dISZjoInls4IJvTsr7ZSg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 2838 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069029
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:13 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 17BC 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
100669
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 17 Aug 2022 14:07:24 GMT
expires
Thu, 17 Aug 2023 14:07:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 785F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
100669
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 17 Aug 2022 14:07:24 GMT
expires
Thu, 17 Aug 2023 14:07:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 17BC 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
index.html
s0.2mdn.net/sadbundle/12276200816478547214/ Frame 0E91 		15 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73e92096e61cc5ea7df6db98368b62ff1f624918e8cdea8ec8c51022426dbe8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2285
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:13 GMT
expires
Fri, 18 Aug 2023 18:05:13 GMT
last-modified
Thu, 21 Jul 2022 07:09:01 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 83BA 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxDfgRyJv5mkjcNb9qubKYPvE9jrBeRSwghMca6uSIr0HGMPY920ui3bQB6Y6uja69V6aCzShJ0PZduL-_2EMCyuHzG_qY4zl-t96W2nFW2M123GcRsmAxfkiY859CYKnGGy_BUXCgR08a_bhPQxisFD1MoqEaT-5ZVZr2DI0xWAQZbEOaI0bE7TsrVfJgErFwpTOHwlLh8pWVGWmb2QDCU3_z9LadJBB34i-0fPCIxPuNoEQYl4xHLcLNEsoJ1V5dDo2xvHCVfqByXw8i4Fjsk-Ubqw89BIhjd5M7md1IcblXgbIP_oF9KFxR7GxlTUQlqmKJi--koa_mYh2cZ_K48UeXxwW3N9VWcF4zrGmm4Wwgo-Ys3O705Sf5kqWUgWiJRNJodfBuJ8LVN5jyruiUV3eVtGznjSBvRNqBULHV3UoesUosSEk1rwnu_no5hpgkCvD287RNkDzTKgwIpMXI5I2Taziclqfwgtw-7IwiHByBSFJ0XjfW2N6yCLOTyv6vB6FBORLRF5JfbZgxVqpgKsTuDaFNK7xJ64KVty6yg_J9KO7woOh7SpeAxG27sO5Tr66aKxPQzaBpVIgBSWNzYDu5137Ofcd24Z-0PXttZ7tWemIhm7zc3fDVd6811To1LVG-c8BH-OgDIN0wVRT23LNSc3zGBh9sK8PggCXRJjhhUEuIvl2xSP3DaLhbwncB7yT0Tnq3BbX3xqWgxHSkzpx-kMOKWY9p3VgtD_1bxUh8f9uXE8iltXXntoXBxcANizcyvhxwwZoxETWTIquirzVmCzR9Dy5H07hXyGdHcQ1EUZmYs61IWcZagy00USuqSm1h0dfghxPEvuF3wDEsCxZ2sUuTI-MVFTO51l7Eg6KZrcQUa_jPHs-3KS3C50dqzkkfH-xFvSQnIWroDacRNJwLfpMt-_KepQattibAaMdpexLpAFQzQR8yT3aCxJ_3TfO-RmGQcWt1so-jlFGZRuw4jTX-_NjCTHmnkDGKyP_nh5j16b7JaF2o-9v-QmitVY-TbpLil1MO2jlwQ8FKmmYS1UN3ufV3M9a5mOx4pREIB55UrB0vCxk183mjuPbVpRwuUdlHwqP_FXz44ia2ScYuZXZZsdviQz70Lb5LxAF2hUgavhUOeY7yladq8H9KLA2w9nY_WOEBMiIPuds2L7-oh9hwjwjftXTlYL7cWBJeeswGQO5EhONSdGUqjyUvM9_750cCpzC0vJ_S73_yP3kZd0zglT8pwHV56NSA4FBU_tb69CWiQ6se7MLvEk4dcIiWT-EG7_PH0fKxU0sCVXrHVh2nOb9y6BZc_-zTddQ&sai=AMfl-YQ4o7HITrGUUpvuhpUPmWtBQdeKmb9ZDEfARksb5qMbS4cWoApfmQX5PjdpghS302wZ2wkw3kteqEILLJC1YghGhHr_NguUqbPycfX7V8YGm3XklXFwHa2br6i7VYoyU6-Z0cPyfLQapj5FpbIcgDb7xg2aAA&sig=Cg0ArKJSzM7dybbr_mRMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=255&cbvp=1&cstd=249&cisv=r20220816.14732&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Thu, 18 Aug 2022 18:05:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 785F 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
index.html
s0.2mdn.net/sadbundle/2052028618641845167/ Frame 831A 		15 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435008bea8d4d41f9508fe804a63161e39a668eb85bfbdfe044ab7f5019340d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2285
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:13 GMT
expires
Fri, 18 Aug 2023 18:05:13 GMT
last-modified
Thu, 21 Jul 2022 07:07:53 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame BFA3 		0
64 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv5ZEJ7xyReg-k9LCRiZ6J2hbyHbPQ45rc-KthBwEe1P2dGV-QCbOCN1Ou0XrngSP1INf6wqX7p-Cp00SsVDFPlj5pn9W9oVNVzvlv6EbHX6_BsK7HzTRxUy5KK4_oGo9IPU-eEGrFW-Pshx_CNzStZEnTXtJv3p0cQJ4dit1Xd80wImNpchzwJQHWTpL_-vLkpXwBhSLoXNmUEzljlhrl_-l4MkYJHrUyPMN_gpqeHE0KFOklM0WK6zy84Mc6XQTKRToBTFKvN4uV39iSPqrLowbet8gYCdJRkae-OmVdC9dgQAxun6SXNphs_CQpxW6_gaep5tgNxQ0mmuGwcHN16UwfbBMXqN2RWOzKLCkRhhjYxalkg1d4Muwz9e9Ysry6Zq5n-WsiaiwqKuds3Y39CxopJQ3jbrzDsvL-yMpyjOGoPc9HRQhke1AvgUk35vodqvMxBQxJvU1DZJc4x1u3wPSgUWUHzmwFwN3zo4OuDeQt5O4QX2Q9TewNN41bvjEWUwnTm7A8FCZAoAFKz_MyNnFBfHbW-OUMlMu1WdGuyJAQKr74Fn0WRGc9Y-VblR3OsmYnfeBkLt5KWeiNFqt2ccrQ49-qaMTmPgxYbkePDfdBLZMbLxOksCwEVrnkS9npYpZD4puHkBMniivtFLt2ycL7J2fXnQcF5hT8f5VOktvHO-xRK5jCPafpCBhg1R5PG3NsbB8LUPJf5WrE87-9yE0nGECiFd2lV7l4_EcT_vevH1MJO83cCJZW7sERczZcKVPyd4szfhZD_AIWYD9t92ajm5DQCOVgwIMO7w_KeAsrv8YnXRAsgHbPhntgEnMGKr1tjU12peiQsVapitlwl5sLYVmm5crYTapSTumoCHU5sB19kDm1EkRLyGw-mE7lSUNB24U9NA9MYKWnFWNG5iJhwcMvUmgWq6NwoHbIYBlnOYEk7ODZ_R8py663eQHjjeXQ7V2xFvCIXCrl24Sd-_Lfsk6WmyDxgwAzabeO1oSVByJOQfUI2LXdnm6o-YEl4jfXGojTBjWH1UB8YH1EYeXzg3QqBJpbJzqeC01cwPLoe4HI4qC2PRT5FVcS93uhMSltcm2OuFzZGWEuo6ZvX-2qHo1w6bI4PoBKbIB0Ua7Mlci2_A4doM0OEr_h4JSHfcSMexAOGE7G21GypfxSsp7vPeIcq5GYCQuD224jSmm6Hqd4R_yuX6m_PeMhfRqDZbJoW3Q6CIfAlgETrmDP0v4lTv08nF7_aeZqwdrmS0WBfJFF5JEnKTpFQ0uSh0j7KPUU1Wuj6S6-alrNvEvMpZ6bas9O5B0rZu_Mof5CDgFmko94&sai=AMfl-YR7C6r_lnrekaa8kaYeclmL7Kn67QmtgoAmwtmEnhDks2L3qefyNPJrzcuY4UHCXZItS_bYZLuX6qYmemGTOeEon9utV9xml8lJ-LDWv5xonQk1BC2_y370pAoH2xxsEjfASwb0w15xjZkLgC_yOCnstK1npg&sig=Cg0ArKJSzLGt3SOt_IFzEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=246&cbvp=1&cstd=243&cisv=r20220816.88497&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Thu, 18 Aug 2022 18:05:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E56E 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:00:41 GMT
expires
Fri, 18 Aug 2023 18:00:41 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame A590 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
02cd6392c447efaea376d963b3073e99f173ceec747c1daae02ea868d66675d3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-oukr-FxH_D4D-bCM0kQOQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-oukr-FxH_D4D-bCM0kQOQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:13 GMT
expires
Thu, 18 Aug 2022 18:05:13 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame E56E 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
1657637830060.css
s0.2mdn.net/sadbundle/2052028618641845167/ Frame 831A 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5cc5495b8f587276ad3e8de0e8ef0fd2734e8c244b613492f6ad0cc698b61b9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 07:08:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39412
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2525
x-xss-protection
0
last-modified
Thu, 21 Jul 2022 07:07:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 18 Aug 2023 07:08:21 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 831A 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 07:12:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39145
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 07:12:48 GMT
1657637830060.js
s0.2mdn.net/sadbundle/2052028618641845167/ Frame 831A 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a48498f5db8ae8a7624a0150932e184eb1de17b6e2407d237aba929a60102ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 07:08:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39412
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11484
x-xss-protection
0
last-modified
Thu, 21 Jul 2022 07:07:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 18 Aug 2023 07:08:21 GMT
1657637830060.css
s0.2mdn.net/sadbundle/12276200816478547214/ Frame 0E91 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d656f49ac878039d3910fd7c6e03b2c56998038a48acc6a57fb83b2eaceef50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 07:09:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39345
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2417
x-xss-protection
0
last-modified
Thu, 21 Jul 2022 07:09:01 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 18 Aug 2023 07:09:28 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 0E91 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 07:12:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39145
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 07:12:48 GMT
1657637830060.js
s0.2mdn.net/sadbundle/12276200816478547214/ Frame 0E91 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a48498f5db8ae8a7624a0150932e184eb1de17b6e2407d237aba929a60102ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 07:09:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39345
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11484
x-xss-protection
0
last-modified
Thu, 21 Jul 2022 07:09:01 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 18 Aug 2023 07:09:28 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame A590 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220816&jk=1550525686931058&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 17BC 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BViWhWH_-Ys2SNcmT3gPu76dwAAAAADgB4AQC&bg=!cHOlczfNAAYUOm8VNDo7ACkAdvg8Wi4LeIpxt-L-_Kk_KXyMVR4CRzAOvCRGb2JAnIZa4D_YqkbN5wIAAAClUgAAAAFoAQcKABUbpcqL5CxwHi0svqx6ezpSYHizIneZAy8BsscpUeUHy6KyeRDv2wO5xCw-Zjv8eNOUFawkk4XjogSfCQza-03RL1285Xsn4pmNq7NlaBQc-vZLrfRKuSSGGGsmTJGz5e2Q5Js2tgIsQWB6MFnR0iXAKbQ7ovZ9VYd63OftL6w4dNcpWTqrtNHv-tPw8pQUqwkiJVvSuhzK4RWa52QcgUMPMHXDb3UzXM-Wui8SHX6veRuonJxqm6ePnMkn2Ln_L8b6Xu7QtsLH2UXGham-olkx99D93rmlUWnIK3rAOqV3kYwCaBs-nrq28W0XopwoogF8hQXB88dajtuzqv30cQr7Z55xBU2S9XjbokPU5i4LedN2HleIwJvct8Ux8bHK6UWAOpKCqJDhw4OJjqf5HYWlq6242VV-Bn4Smfrk9GiWozleL-McPyeO0EJsv6Cv86Y63rwlgG0fxkejecABOHRcHaqbXKxkCTdE7hUyfB7Ce0Tr2ZxKcyizlahroZZNrs26nswribFaoXGeSimoTAm3EZlOJJc20ITg6dELt6L6uqje0633de09iJDx4LFWu5KI8JbgPrQU7Umv6p88NSZf3s18_Ne20J5Vvo-p9e6Mtu8GFuAEx8n_vsE4bGAQYxiw35gKu1w0q-oRi-ixmF72s0CLC3K0acjOmnePWm9i57OjEhpAea4UYsjHFKClLZiVwiro6hNB9-sPVGAwIcWkaweu7g9T73ZisjMY5ZjIZEOOOg1i_uXw4WC1XiSbqOjRVcz0R4RPGKXYfm4t3bN3Emxgl5vgREpEyIGGMCGBnPKc8Or1BqtijcV3eCfoO0wj2qBXqNEeMQWb7fwLn1blFa3d6W0MTWIby5rBUYAf45lCyPpq13-a_-tTUQlasqfB0HM9gt6p22Z_LfDIFjtyRhmnj0A2CJ5JhmK5j7X_GhavnULk4zWGYKhl_QPavSJ0KnaYVALkkTih7ILmjXvkb-RGNN1vPwl4i4f1UAzdUOTHLBTupNFWTBkmgv9WokB8eAy3iWdmwpfmlbEbmMbMeuKAPM_lRuc01F80dAsPUWGDYMSOj95OReSfDonp18F6DxIqzJwcQYgv607-GFUD40APB7pR2Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845912044&bpp=10&bdt=203&idt=334&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=1&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=1453836434&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=2201223313&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C31068737%2C31067826&oid=2&pvsid=3920205013571997&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.6oam7gy78mw9&fsb=1&xpc=mNCaIuTWYo&p=https%3A//securityaffairs.co&dtd=348
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo.svg
s0.2mdn.net/sadbundle/12276200816478547214/ Frame 0E91 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/12276200816478547214/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 13 Aug 2022 12:23:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
452528
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1365
x-xss-protection
0
last-modified
Thu, 21 Jul 2022 07:09:01 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 13 Aug 2023 12:23:05 GMT
logo.svg
s0.2mdn.net/sadbundle/2052028618641845167/ Frame 831A 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/2052028618641845167/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2001a471069a1835710b3e8881cd76cd26c74fc1ba09474f2e5d70e41517a539
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 15 Aug 2022 10:58:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
284830
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1628
x-xss-protection
0
last-modified
Thu, 21 Jul 2022 07:07:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 15 Aug 2023 10:58:03 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 785F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTOcPWH_-YtfvNJHV7_UPhJi10A0AAAAAOAHgBAI&bg=!4eKl4qbNAAYUOm8VNDo7ACkAdvg8Wj8ojAHdJsLMsM5LP351l2df9fwZtwXChVvmt8RZOrNRA6i5igIAAADGUgAAAAFoAQeZAyRJyodmn7_jURmXxtv50tDSbSnfjytSzlBllKKQbreg-JH2SNZefUy2Frj9M8BqAB_vJGET2GviczuKfQzxn-z-nnao4MsAASvZ-JgAXrvpgbIbiSboyMyEVcnUvXqraNsjnM47umafxdSZgGBNX99LkAofU4QWbXVMvr1mg6f9-JvIOAGHcKSDNbjQz5MDo78qWDQ7HTNj223hDnLM-QsFlpBE413bDwZRUkODrFbUsxinIgawfd8klmTFIh2mDpPdHIWQIW3-2pSdrg33d4Q6vj-DGGtq6zC2Hi35wmMtuD23ZlT4dRi8y0jQ8wk_UPghLVun13iN1cLxzdwhe3FnABI7BQ1DBfmjr0q-NQcgkqSiMElFjwA7AHyV4dSs1ZkXOHqj6jmn-UIHV0GXDSa9tT06R4z0ZMPfqDmiWdmuI_L4JTwuiauS7izzrAxP3J-8lQDExkPiuPRPTAOsz8OeEYrwJ8xwOLqUj3QpJXD-BF5tgw1EL-kQpd6t529pPRCVjpaPJSk-w2oOLCDMeQB4z13wg-Bvz7Wwz51JkPPhtcYS0pCMsYsZAwP8cOo_7Zv2bL5xOmUXg5mtLgFgqaMATQJpSftMOW6uesp9uz-7YoGnkli1XwDXRxEt8XQBVhbTtuW945JDMcXd7Wn2ur-_Vc0ty6zoF3o5uCCAsdGLGP-ZW2mCIkYWxFxznFL9LTfe6IRqzMPa8gP_HzVzsPWLhFI3fGsFxM_6EFqbGVolSHZxd5OdbloCUzF3aBd5ROKSG0xiVNOsta6AhURG_dkZkcKZbqGOctjWK2KM0iZUD9niZcIne3vSY6ZuEK6sDtQkL52AI4uQn1IeGoJaJ5CglH6bhm-g2bAvlKJ9TmYtRGG8cty-3E11_B34YfEhGS9vRvEKVMX4DnX8qdM5bdx0BFIDmTXy6wbCqlyqE_TZ0Gycfm1TIAiZBbV0W0numGHgRvfz1LWFgdGs8td2nAjacbiNqu6NAwhKk15qA0dzKG9vh3PP0GqczKdK2InJDtDGSS1zylvcObMm2WlK-B6UaeMZeV1ErS9oDdxjT-M8fqUrqjY
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1660845912&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F130787%2Fapt%2Fapt29-targets-diplomats.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660845911981&bpp=13&bdt=261&idt=319&shv=r20220816&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5074098485294&frm=21&ife=1&pv=2&ga_vid=761025951.1660845908&ga_sid=1660845912&ga_hid=787348438&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=2327457244&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068487%2C31068945%2C31067826%2C31062931&oid=2&pvsid=3368442980722969&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.lm8pvksr8bn4&fsb=1&xpc=dZmn8l7r5K&p=https%3A//securityaffairs.co&dtd=334
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame E56E 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?0O9ipA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
view
googleads4.g.doubleclick.net/pcs/ Frame 83BA 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxDfgRyJv5mkjcNb9qubKYPvE9jrBeRSwghMca6uSIr0HGMPY920ui3bQB6Y6uja69V6aCzShJ0PZduL-_2EMCyuHzG_qY4zl-t96W2nFW2M123GcRsmAxfkiY859CYKnGGy_BUXCgR08a_bhPQxisFD1MoqEaT-5ZVZr2DI0xWAQZbEOaI0bE7TsrVfJgErFwpTOHwlLh8pWVGWmb2QDCU3_z9LadJBB34i-0fPCIxPuNoEQYl4xHLcLNEsoJ1V5dDo2xvHCVfqByXw8i4Fjsk-Ubqw89BIhjd5M7md1IcblXgbIP_oF9KFxR7GxlTUQlqmKJi--koa_mYh2cZ_K48UeXxwW3N9VWcF4zrGmm4Wwgo-Ys3O705Sf5kqWUgWiJRNJodfBuJ8LVN5jyruiUV3eVtGznjSBvRNqBULHV3UoesUosSEk1rwnu_no5hpgkCvD287RNkDzTKgwIpMXI5I2Taziclqfwgtw-7IwiHByBSFJ0XjfW2N6yCLOTyv6vB6FBORLRF5JfbZgxVqpgKsTuDaFNK7xJ64KVty6yg_J9KO7woOh7SpeAxG27sO5Tr66aKxPQzaBpVIgBSWNzYDu5137Ofcd24Z-0PXttZ7tWemIhm7zc3fDVd6811To1LVG-c8BH-OgDIN0wVRT23LNSc3zGBh9sK8PggCXRJjhhUEuIvl2xSP3DaLhbwncB7yT0Tnq3BbX3xqWgxHSkzpx-kMOKWY9p3VgtD_1bxUh8f9uXE8iltXXntoXBxcANizcyvhxwwZoxETWTIquirzVmCzR9Dy5H07hXyGdHcQ1EUZmYs61IWcZagy00USuqSm1h0dfghxPEvuF3wDEsCxZ2sUuTI-MVFTO51l7Eg6KZrcQUa_jPHs-3KS3C50dqzkkfH-xFvSQnIWroDacRNJwLfpMt-_KepQattibAaMdpexLpAFQzQR8yT3aCxJ_3TfO-RmGQcWt1so-jlFGZRuw4jTX-_NjCTHmnkDGKyP_nh5j16b7JaF2o-9v-QmitVY-TbpLil1MO2jlwQ8FKmmYS1UN3ufV3M9a5mOx4pREIB55UrB0vCxk183mjuPbVpRwuUdlHwqP_FXz44ia2ScYuZXZZsdviQz70Lb5LxAF2hUgavhUOeY7yladq8H9KLA2w9nY_WOEBMiIPuds2L7-oh9hwjwjftXTlYL7cWBJeeswGQO5EhONSdGUqjyUvM9_750cCpzC0vJ_S73_yP3kZd0zglT8pwHV56NSA4FBU_tb69CWiQ6se7MLvEk4dcIiWT-EG7_PH0fKxU0sCVXrHVh2nOb9y6BZc_-zTddQ&sai=AMfl-YQ4o7HITrGUUpvuhpUPmWtBQdeKmb9ZDEfARksb5qMbS4cWoApfmQX5PjdpghS302wZ2wkw3kteqEILLJC1YghGhHr_NguUqbPycfX7V8YGm3XklXFwHa2br6i7VYoyU6-Z0cPyfLQapj5FpbIcgDb7xg2aAA&sig=Cg0ArKJSzM7dybbr_mRMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=577&vt=11&dtpt=322&dett=3&cstd=249&cisv=r20220816.14732&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame 3053 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220816&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
20420380c27aa07a8f6320b72c5ebfb595c83f77ce648cf9b52c1bb2479f1ae3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11081
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame BFA3 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv5ZEJ7xyReg-k9LCRiZ6J2hbyHbPQ45rc-KthBwEe1P2dGV-QCbOCN1Ou0XrngSP1INf6wqX7p-Cp00SsVDFPlj5pn9W9oVNVzvlv6EbHX6_BsK7HzTRxUy5KK4_oGo9IPU-eEGrFW-Pshx_CNzStZEnTXtJv3p0cQJ4dit1Xd80wImNpchzwJQHWTpL_-vLkpXwBhSLoXNmUEzljlhrl_-l4MkYJHrUyPMN_gpqeHE0KFOklM0WK6zy84Mc6XQTKRToBTFKvN4uV39iSPqrLowbet8gYCdJRkae-OmVdC9dgQAxun6SXNphs_CQpxW6_gaep5tgNxQ0mmuGwcHN16UwfbBMXqN2RWOzKLCkRhhjYxalkg1d4Muwz9e9Ysry6Zq5n-WsiaiwqKuds3Y39CxopJQ3jbrzDsvL-yMpyjOGoPc9HRQhke1AvgUk35vodqvMxBQxJvU1DZJc4x1u3wPSgUWUHzmwFwN3zo4OuDeQt5O4QX2Q9TewNN41bvjEWUwnTm7A8FCZAoAFKz_MyNnFBfHbW-OUMlMu1WdGuyJAQKr74Fn0WRGc9Y-VblR3OsmYnfeBkLt5KWeiNFqt2ccrQ49-qaMTmPgxYbkePDfdBLZMbLxOksCwEVrnkS9npYpZD4puHkBMniivtFLt2ycL7J2fXnQcF5hT8f5VOktvHO-xRK5jCPafpCBhg1R5PG3NsbB8LUPJf5WrE87-9yE0nGECiFd2lV7l4_EcT_vevH1MJO83cCJZW7sERczZcKVPyd4szfhZD_AIWYD9t92ajm5DQCOVgwIMO7w_KeAsrv8YnXRAsgHbPhntgEnMGKr1tjU12peiQsVapitlwl5sLYVmm5crYTapSTumoCHU5sB19kDm1EkRLyGw-mE7lSUNB24U9NA9MYKWnFWNG5iJhwcMvUmgWq6NwoHbIYBlnOYEk7ODZ_R8py663eQHjjeXQ7V2xFvCIXCrl24Sd-_Lfsk6WmyDxgwAzabeO1oSVByJOQfUI2LXdnm6o-YEl4jfXGojTBjWH1UB8YH1EYeXzg3QqBJpbJzqeC01cwPLoe4HI4qC2PRT5FVcS93uhMSltcm2OuFzZGWEuo6ZvX-2qHo1w6bI4PoBKbIB0Ua7Mlci2_A4doM0OEr_h4JSHfcSMexAOGE7G21GypfxSsp7vPeIcq5GYCQuD224jSmm6Hqd4R_yuX6m_PeMhfRqDZbJoW3Q6CIfAlgETrmDP0v4lTv08nF7_aeZqwdrmS0WBfJFF5JEnKTpFQ0uSh0j7KPUU1Wuj6S6-alrNvEvMpZ6bas9O5B0rZu_Mof5CDgFmko94&sai=AMfl-YR7C6r_lnrekaa8kaYeclmL7Kn67QmtgoAmwtmEnhDks2L3qefyNPJrzcuY4UHCXZItS_bYZLuX6qYmemGTOeEon9utV9xml8lJ-LDWv5xonQk1BC2_y370pAoH2xxsEjfASwb0w15xjZkLgC_yOCnstK1npg&sig=Cg0ArKJSzLGt3SOt_IFzEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=560&vt=11&dtpt=314&dett=3&cstd=243&cisv=r20220816.88497&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame EEE5 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220816&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1f7bbb8c0e6e80b49054b3b2a052c05e4d37b67f1b7eedde803df8b847ecbf0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11172
x-xss-protection
0
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 0E91 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:03:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
94
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 18 Aug 2023 18:03:39 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 0E91 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
64bc64dd1ed92b78730d044ad93617fcf853494e09227f0a65db43533efd37e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5524
x-xss-protection
0
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 831A 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:03:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
94
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 18 Aug 2023 18:03:39 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 831A 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae1d356e38a0b9d8ea6f45f9138d103980fae1ca1c37c74bbe8c0e4567b8b298
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5482
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 3053 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:13 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame EEE5 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:13 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 0E91 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:13 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 831A 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 18 Aug 2022 18:05:13 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 23F0 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:00:41 GMT
expires
Fri, 18 Aug 2023 18:00:41 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame D6F0 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ae310d434f568e17a279eaf03871b2929ba16e2431826b936a36cd6a302431ec
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce--8AXYwcEmWj8PnO3Hw6-SA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce--8AXYwcEmWj8PnO3Hw6-SA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:13 GMT
expires
Thu, 18 Aug 2022 18:05:13 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EF33 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:00:41 GMT
expires
Fri, 18 Aug 2023 18:00:41 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 5001 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
64e26d4ce236523a4bb52f809c7ef1c64fe539340e1c2a2e0e2b8d661d924c9e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7vusfRtJ9u0TCVSVeF5d2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-7vusfRtJ9u0TCVSVeF5d2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 18 Aug 2022 18:05:13 GMT
expires
Thu, 18 Aug 2022 18:05:13 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 0E91 		98 KB
98 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:52:12 GMT
x-content-type-options
nosniff
age
781
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100772
x-xss-protection
0
last-modified
Thu, 05 Aug 2021 09:13:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 18 Aug 2022 18:07:12 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 0E91 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/1657637830060.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:57:11 GMT
x-content-type-options
nosniff
age
482
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 18 Aug 2022 18:12:11 GMT
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 3ECB 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 831A 		98 KB
98 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:52:12 GMT
x-content-type-options
nosniff
age
781
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100772
x-xss-protection
0
last-modified
Thu, 05 Aug 2021 09:13:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 18 Aug 2022 18:07:12 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 831A 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/1657637830060.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 17:57:11 GMT
x-content-type-options
nosniff
age
482
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 18 Aug 2022 18:12:11 GMT
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 70C4 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D6F0 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220816&jk=3368442980722969&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 23F0 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame EF33 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:20:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
182687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 16 Aug 2023 15:20:26 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 5001 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220816&jk=3920205013571997&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
m18gb-tacho_fairflat9991d849-ba8e-45c7-82a1-eaa84a1b997b.png
s0.2mdn.net/4528404/ Frame 0E91 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/m18gb-tacho_fairflat9991d849-ba8e-45c7-82a1-eaa84a1b997b.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36c13e7d4ca5f849cc56ca5f3bfec462d21e7726759ed48ae54975a2a4f8c8a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 09:03:58 GMT
x-content-type-options
nosniff
age
32475
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12529
x-xss-protection
0
last-modified
Fri, 30 Jul 2021 07:14:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 09:03:58 GMT
m5gb-tacho_fairflat97069ca6-ba9a-458d-b518-e9e966091518.png
s0.2mdn.net/4528404/ Frame 0E91 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/m5gb-tacho_fairflat97069ca6-ba9a-458d-b518-e9e966091518.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4450ea25a2cd96ef28f12b921b645248e76d4fc7389dbed6c183cc91cadef186
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 22:02:10 GMT
x-content-type-options
nosniff
age
72183
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10927
x-xss-protection
0
last-modified
Fri, 30 Jul 2021 07:14:09 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 18 Aug 2022 22:02:10 GMT
sxiaomi-12-lite-lite-green-detail-0f698ed75-d5b0-46f8-92d1-8a47134f3c7b.png
s0.2mdn.net/4528404/ Frame 831A 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/sxiaomi-12-lite-lite-green-detail-0f698ed75-d5b0-46f8-92d1-8a47134f3c7b.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
366b9f662a8ade6c6fa3b70557d49bb37754224680bbba54e45e2f8685c2db05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 10:01:46 GMT
x-content-type-options
nosniff
age
29007
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26453
x-xss-protection
0
last-modified
Fri, 15 Jul 2022 20:00:08 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 10:01:46 GMT
m18gb-tacho_fairflat9991d849-ba8e-45c7-82a1-eaa84a1b997b.png
s0.2mdn.net/4528404/ Frame 0E91 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/m18gb-tacho_fairflat9991d849-ba8e-45c7-82a1-eaa84a1b997b.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36c13e7d4ca5f849cc56ca5f3bfec462d21e7726759ed48ae54975a2a4f8c8a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12276200816478547214/index.html?e=69&leftOffset=0&topOffset=0&c=zGNYTjHZXy&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 09:03:58 GMT
x-content-type-options
nosniff
age
32476
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12529
x-xss-protection
0
last-modified
Fri, 30 Jul 2021 07:14:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 09:03:58 GMT
async_usersync
ib.adnxs.com/ Frame CB27 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:14 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
66cde2c8-a82f-404c-b91f-7942809dea82
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sxiaomi-12-lite-lite-green-detail-0f698ed75-d5b0-46f8-92d1-8a47134f3c7b.png
s0.2mdn.net/4528404/ Frame 831A 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/sxiaomi-12-lite-lite-green-detail-0f698ed75-d5b0-46f8-92d1-8a47134f3c7b.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
366b9f662a8ade6c6fa3b70557d49bb37754224680bbba54e45e2f8685c2db05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 10:01:46 GMT
x-content-type-options
nosniff
age
29008
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26453
x-xss-protection
0
last-modified
Fri, 15 Jul 2022 20:00:08 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 19 Aug 2022 10:01:46 GMT
e91d4246-1605-4a87-9859-d3ceefaf6787
s0.2mdn.net/sadbundle/2052028618641845167/ Frame 831A 		43 B
67 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/2052028618641845167/e91d4246-1605-4a87-9859-d3ceefaf6787
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/2052028618641845167/index.html?e=69&leftOffset=0&topOffset=0&c=b5bDnOVAGS&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:14 GMT
x-content-type-options
nosniff
server
sffe
x-dns-prefetch-control
off
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=0
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Thu, 18 Aug 2022 18:05:14 GMT
async_usersync
ib.adnxs.com/ Frame B9E4 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:14 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
fad093ce-cb5d-4a57-951b-7d81e69a4bd2
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 09EE 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:14 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
f41c4b92-f675-4762-97bd-d4baab401987
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 8FD5 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 18 Aug 2022 18:05:14 GMT
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
975f8bb7-70ae-4194-a3cf-02f4f53ba497
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dc_oe=ChMIzZ6nlf3Q-QIVyYl3Ch3u9wkOEAAYACC63uxKQhMI_oSNlf3Q-QIVzFMVCB0kLg56;stragg=1;&timestamp=1660845914059;str=Show%20Slide%200;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame BFA3 		42 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzZ6nlf3Q-QIVyYl3Ch3u9wkOEAAYACC63uxKQhMI_oSNlf3Q-QIVzFMVCB0kLg56;stragg=1;&timestamp=1660845914059;str=Show%20Slide%200;strtype=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame EF33 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?6axzLw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:14 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame 23F0 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?LhUt5g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:14 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 2838 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220816&jk=1550525686931058&bg=!8POl87fNAAYUOm8VNDo7ACkAdvg8Wq_ELqrLozxteRmn4iepVguISTG21NC3JPRGdocWod61EtNYIAIAAAB4UgAAAAFoAQcKAE1Xp8sWT-YwH3mHXMWmnb9AqeNwiaXSewwxJIBW847fJqbp5cRzX1PtgiA3wLIY13TnVI9bKuHu4yOX2EfUfe6dO2NHaU0_rGM7qIHiEZkC9Ezed5iWXYTzxClHKk1Q6EFt5R0pM_kDLHDKFqlq8xm99oPleIcCPBeO0E2EAXbryWKVcVf6vtp4d6uh-Vjojyv_hVIN4nnbDCXRX8MbIMV4h0EQVn62_6OCivm-c9i7gcD0zi9rb7GIHOmj9wYUPRr5dCZzPneKNa2Bbmi5Ry-yIIvzgfG6dkOfgJ66MdXmTWbj3Mr5njRagX5RbRXHic-g62Lq0R7RbJ2o4_u1UTsiRc5cSqWJgVxXr0vbGGsT7Areqk8zzVyuuT0agyoY4e9ZnZIkqg6NclGVXxGEvKafQfyQV-92VkteVNrGg8j8QHhsijwNaV8FxqTExBFObtXKjdG9KN6gR0Y_DgrCa3Zxc5vPMD_pIclhXBf_XiGP04taVs5l2P91fl7DxVCerhmGOW2KAKvvHdGuj-NUT59b0pOwUHfzKGUwUCTV88HtztPTSMh-SLPE5Hwpy1R3IHOoDs2yAOOm6x_FLmgKSHH3ZG6jDyguIuzJQu5AonH_jHwKY-1y65BMTt4pltOfivirCayPrPNGaMeNOa_rXplGVtBAz8DUfaEc0P_9EL58y4ZELRVWVSCDQXaNPrMuhoUe1npQimbPYTe6UpUw5vF_qgcIzWxBFpcfYx4YRcw7vLtHmXysnp6DQL9Kvr4qkgUWKoCO_g7Rs-wjgj4xlQmNscGloI-zTyCjIhFHX3Uyn3NjlVEizQ9oIabDb4KqQjphJf6I8eGYUoqfrBIUKdBUL8bcnH_BK3cV62ZRh-CDRl4IjseBNjdqag6rdrJQidayG3dwwbQ4hHsbGVDMf8P-XH1sbS7koADTqmpW5zua33sAAL3bLwjiXoP3FMErPlSpU410nHyZYUeYEKwmaYC_Mg0zOzBFcO3xvraPkVDY90zn4crTHuIcTQPeuHReMpBYeZHNBnusApn5QzXDvY3rMGnJxzN8V9vbdvA08BZ7sge7AgQZhJ-h_kda1auV1nGXlslMqSxGZ-g7nJEwbPnm6OwVuA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame 83BA 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvpMYH9bZEoY3vQE-wA4ZmsmAQdpBqiB_bOyHJOxwDG5WtxkR-IZh4RYO3nTLQqQJ12d22q_BetitlH4fqRs02RHUC26VsqLZPMAhH9M-JCQB2Bfgz5sZdMmMGPQpV9CGQ5OJz2tfKMau_q&sai=AMfl-YTZAO89sBgp2bEAklCQOoYcMNytrDpdCL_SIMxc2ImPm_IQvqZFo8_YN8YgHOSIfR7U5g50bl3oXNH4nO1hifUjZoLDFAZW_jw&sig=Cg0ArKJSzIKBmxy0chmAEAE&cid=CAASEuRoSQuFOlHFR99DynEXPlBzOA&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220817&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660845912317&rpt=912&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame BFA3 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssyL5oE84xQXpVDtQcX45Zk--H6nSZmRhgY0Pf2eH4vQ7OfLmYr0RJbi4NnjmS6ic_gfoHdGm_NrhoSc65cFiK9JD14P2IULryw0MpF4YQX5ch13kvSsV0bIg2hbOdQFjWDkLGBVLgGG7sM&sai=AMfl-YTXigrDTxeGboTCs-LeUjpNT8RAs25WOJxypQFAo2DKqnl5hvTHwBQMZyVNxisnaxXkwh3ToQxRc9-caCkGHbOhcQBMwsy5PSY&sig=Cg0ArKJSzJuhtL4AdJ3VEAE&cid=CAASEuRoFUZbHR39NO5s_6OiN-Wgfw&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220817&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660845912394&rpt=940&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame EEE5 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220816&jk=3920205013571997&bg=!iIuli8_NAAYUOm8VNDo7ACkAdvg8WuUh0-NJiju6wp-Xe7NIre7EhpWG2e-1BGD2Fgq8vDLPHhCvCgIAAACJUgAAAAFoAQeZAwu514C7lPEbwp-ZeqNObgFEN4_C-0jovc3bnImdDG0CsAbisg30wvg4b2IQ8eoPCsQMRn9QmYB6iF21zAEqRLhVNrt0CwOiVDowC-SM0jxoASMuZItEzqWJIj_je03szq8ZYIXhpelte7KY32X4AgyFBE1Oc9fb-Oi3K9zWezBroBlTPPdHzH5Wc6UbmoZXMnLS-tiwtwu3VDvgmvdsiNBIPjX-b-imoCxPOzxJ5eehugAMW4rn0hhDYyV4LZBppNxc88A_WdDldl5W6-G0sO-hmYL7C4qx_NZFHkf-Uze_vxtDaaqv59yqTUn1XnLG0DmWvTd2qsjH-0CW8R3Rz91C0XXyPFqcudTXF6KKFNnWZz8N3fZgluYUolb6u4aXuyD8uITDHPRRI168cGLBOX7BiV2z7cZeVt59uVqaO4Fu8FktAmLQBUOrMZF7E3jgOKAherR7UBAKcWfHGaci_hzUWFQs0IOQALhwIqXsh7aftAkb-_Z6OetlmnFR2q8jdpW1ygs8c2VoJsNLNhvJuqaJtrXD87yezGwZxn8jCFhQcDtIayf7D3yv9LBDZKqgUQWBBHwRkbAu6A2lbixlspyHlbmGGVSzjyvNbnppAbPgyp1Vu7ZZu1LROiTpwQZhicULZl21LdolxLTZaPAbaCOHw8ILSAa6ExH9Q09URqGCxQssdqyza6pTdWCqvGpCVTbdSWjrNe60B4lc_83eNudP1mkbI6gdR1ZlGFRKVxRSAdRhwIePMi3xEsYYO4wMmjfU_bky3QDj7W_0dYsMu5nVLGc2H4iHPOAiyl8NtDuBZHuPfz3NOP27gKfoGrImqgDvE4SAQmQ3Pe46ze2VqYejTq7ynr1GqiVhXEmJkbo3pjpSvfwUghGbHyqr4Gd54ualbXhv5dQdFTxVm6QIACMHN0WYJwcbXAdZX64zWiQF7279vqqdKDC744rXkciBcfc4WJB_1LNNKeYetSlYV-7Sd81YS_ZGK1vZ9o67n1kgeYXmQg8faIr5fePDf2PkNX4OJ6MVqHTFqXygTA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 3053 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220816&jk=3368442980722969&bg=!4OOl46fNAAYUOm8VNDo7ACkAdvg8WjvIcOnIWWwXOZxZBCJExYqcVztK_vJCUJjXeNjJr7B0RnyzbgIAAACwUgAAAAJoAQeZAvGVQJ5tt6BhhIpl4sHRDI6M0jp6PrOZ9yQmWazD2TkwZurrUbzam5C40tkrjfnhrWEsmkTqFGW-n9Ut3vMb7nUSiB6OLddk6z2qRWW4wgKcnxGuyUgydpY8QF6Ox0f2cqkiXtzUOtpPgo8GoZYsvxwCYrGPmMXP0x73Rj-tf5kZG9g6NqyWqE7gPemwrrkf0gQrWfb94JKbzVY08OIRIspuZfQzSZd4X4vTEYRZ1awCuf9HC4v4hN8gZuITzn_7IUGbzS_2pGhAt2E_WD9E1MLVO9Q4QyfkgKzUlbkd0T6G_wApL9IXQ_wG-ITfqfy5cOSB_49MEKIUCxLJi-3SXDkKz8Szxpv2CPdVrRJZzlzBXzwLxWHIEOcAXH8SS13cjeCLRHsygidAD4YyAQun77ZbZwQTGZVpiJYRteDOO-tYJIglBTwn_W0Xauyeu-9cEMjqxTq-fMlyNsLPsJXwRtB41etzFJcym1gw6bB07VBgVWCLGsaFB3n_xRiJMuEXEosYQQk5plsia14dXZ2R1dHpKsn_b_BJOMP_Xt74TEoqKIZe8Vw_0e9awMv1Me4nOCYGvEtklMZtsMQY3muFHvONP0TJcrAlcOOLVOPB3QRlEcKOL_r3LAhuEiH_yYRuMZ2UI8g1usxGXBTarQsA153HazVo1MY6pd_5lh-jScwnlmO_vcWMnXEchJ9TFP3w681S83pu2Z8nqqxdFQTtfqIMRVpIxy-UFrJpMou0wQts8u6-3FDLqJ4r6vZxthTi4Y3ApfHM2RtIAnG7jsv9JcjH5jBE6ii-TQ-trujoN6kumvlKZe3djFbGpVy40BNWSirgToJrik5hWIjN5qMXMEr6skPsE8iiotS5Axz7BHw9gxN6Xwqdd_ZxOP8z6LjvHhitdPKb33Kd6kee6sYoumj1mcSuiXXVWYN9_fcaKUqe3UKAf2YSc_w8v8AmlwKW0zD6YKkM0ST0etFQEYxTDFXNYslNYeAtCUuuY2e2Bz990Ck
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 18 Aug 2022 18:05:14 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 20 Aug 2022 18:05:14 GMT
300x250.png
cdn.pixfuture.com/banners/ Frame F66D 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.pixfuture.com/banners/300x250.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 18:05:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
108700
content-length
45195
last-modified
Wed, 03 Feb 2021 20:39:58 GMT
server
cloudflare
etag
"601b0a1e-b08b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFbdjay83wva9IWIt1Q0SB9BXuyhZU%2F6IN0K4H645nxHk0uKwZUqYyW8zEXEX8SgHTRBJBoxiAGXV%2BHWCxTESwppAwJo1%2Blkf0H0qyt2p0hgAwTEo365QoBzdNMRSUS5230VDmaQPyRDQr3ofa78"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=172800, no-transform
accept-ranges
bytes
cf-ray
73cc939808579191-FRA
expires
Fri, 19 Aug 2022 11:51:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/show_ads.js

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ string| GoogleAnalyticsObject function| ga object| dataLayer object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| wp object| twemoji function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| _mN function| logFailoverPing object| google_tag_manager object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture function| onYouTubeIframeAPIReady boolean| isPending string| prebid_file function| findCMP_PixFuture object| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

74 Cookies

Domain/Path Name / Value
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _gid
Value: GA1.2.1279805856.1660845908
.securityaffairs.co/ Name: _gat
Value: 1
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1660845908.1.0.1660845908.0.0.0
.securityaffairs.co/ Name: _ga
Value: GA1.1.761025951.1660845908
.agkn.com/ Name: ab
Value: 0001%3APY2O8R461c%2FLZ3FAX8AvbHry4GFo0WXw
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.securityaffairs.co/ Name: _pubcid
Value: 42a17ad3-ce08-48b9-ad3b-c0dce536cfd0
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.adnxs.com/ Name: uuid2
Value: 3119965975177955759
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-08-18T18%3A05%3A08%22%7D
.rubiconproject.com/ Name: khaos
Value: L6ZCRT2T-25-A2O1
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB28jQLkSQYlGANb0fGVcfL/XWaA1sYWTLHCRi4Lg8bJK7GSOklf4u0K5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
ads.us.e-planning.net/ Name: CT
Value: 1
.go.sonobi.com/ Name: __uih
Value: 1
.e-planning.net/ Name: E
Value: AP3fqtLErQGn8k-G
.go.sonobi.com/ Name: HAPLB8A
Value: s8588|Yv583
.zeotap.com/ Name: zc
Value: f97a0bc7-b658-4e98-464a-68c939bef403
.zeotap.com/ Name: zsc
Value: q%A9l%1A%84%F6%A9%AB%1C.%AB%86%25%3B%94%DD%F8%E6%7FE%A3o%B2%F4%2F%FD%90c%DA%CD%A6r%09%924h%C4%EB%9E_%11%A8p%B6J%E1G%D3%2Cr%9D%29%EB%BC~%E9_c%E6%F6%D3%E32%C3%3Cr%A0S%F5%1A%25K%D2m%BF%DF%F4%7DZ%E3%88c%0E%3Ch%C0%9E%1F%DA%FC%88%8F%3D%E4%1EN%01%1D%CC%FC%E5%C9%2F%3B%EE%ACqP%A5-C%CE%CD%B0%E6%5E%BD%FB%7B%F7%3E%01mTK%23%18J%07%BD%F7%F3%9E%27%8F%C17%2F%2A%00%11%04R0%1D%A9c%98q%E0%D5%BD%13%C2j%9A%09%05i%08%AD%A6_%1Er%8A%CA%974
.casalemedia.com/ Name: CMID
Value: Yv5-VWyp9gVgaoaHO63G4AAA
.casalemedia.com/ Name: CMPS
Value: 1171
.casalemedia.com/ Name: CMPRO
Value: 1124
.casalemedia.com/ Name: CMST
Value: Yv5-VWL+f1UA
.casalemedia.com/ Name: CMRUM3
Value: 2762fe7f550b40&0462fe7f5505a0&1f62fe7f5505a00&e662fe7f552760&4962fe7f5505a0&f162fe7f5505a0&4062fe7f5505a0&2d62fe7f5505a0
.tidaltv.com/ Name: tidal_ttid
Value: a5807187-9f46-4c06-8b73-cbabcd7ae2a0
.disqus.com/ Name: zeta-ssp-user-id
Value: 69a8caf6-c865-5113-a9ef-ead0c728d842
.weborama.fr/ Name: AFFICHE_W
Value: YwW1SA3WbfRj97
.adfarm1.adition.com/ Name: UserID1
Value: 7133278862873000079
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NjI0tjK0MAIAnUwtpwkAAAA="
.demdex.net/ Name: demdex
Value: 72957051754855332073767482814848401857
.theadex.com/ Name: axd
Value: 4303068686346788218
.theadex.com/ Name: tis_4AL
Value: 4ALeAoQz
.securityaffairs.co/ Name: cto_bundle
Value: yCYyvV9kRmVIbENTSjRkOGxnMm9yN3QlMkZmYnR6SUxOcExiUHNCUU9xaEZ0UTdKMyUyRmZyYVZYMDNwM2RxdndtUFVDT0FkM1MlMkZmUjZneERpNmdJblVZYW5zUTIwa1NLaGN3Q1M5RnhoTUl3OEpaR1clMkZHV0VGSXc4enZkWHlodGZOdVpZQ0NU
.securityaffairs.co/ Name: cto_bidid
Value: 9delXl9ISzRnbjFrR3FqQ0tVdHVERWJvb2Nmejl1c0lLRnJmSnpvd3R5bHpsRXNiVzNCcDJ3T1N5ajZQJTJGSEg4MWQlMkZNQjhSUmc1QW1BdmpMVkRJYXRWZEg5MmclM0QlM0Q
.dpm.demdex.net/ Name: dpm
Value: 72957051754855332073767482814848401857
.turn.com/ Name: uid
Value: 3665776813737101766
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.tapad.com/ Name: TapAd_TS
Value: 1660845909664
.tapad.com/ Name: TapAd_DID
Value: 963c4555-9233-4cea-819e-afe72ee10ab7
.owneriq.net/ Name: si
Value: Q7141323091131754848
.owneriq.net/ Name: p2
Value: cc
.doubleclick.net/ Name: IDE
Value: AHWqTUmTRUS_44vNjJVYlY5Mw2ZIOgkKemVVpXiGPTUF1eyCG0THfp6RVwT7YQiqowM
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQVAzZnF0TEVyUUduOGstRyIsImV4cGlyZXMiOiIyMDIyLTA5LTAxVDE4OjA1OjA5Ljg0NDg1ODMxM1oifX0sImJkYXkiOiIyMDIyLTA4LTE4VDE4OjA1OjA5Ljg0NDg0NTIzMVoifQ==
.richaudience.com/ Name: avcid-zeo-uid
Value: f97a0bc7-b658-4e98-464a-68c939bef403
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yv5-VQAApjFLDABN
.mathtag.com/ Name: uuid
Value: d72462fe-7f56-4b00-805e-90b3a082be8f
.fwmrm.net/ Name: _uid
Value: "e3e2e_7133278867145473640"
.krxd.net/ Name: _kuid_
Value: PBqEkpgr
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&14356d0f-9c7b-4da7-8b25-b6321a2b564b"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjA4NDU5MTA7MjswMjFdH9PStPTPhpJ7UA8pRFO1H6j5N1AhnVrZXKVNEzCBQg==
.linkedin.com/ Name: lidc
Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2357:u=1:x=1:i=1660845910:t=1660932310:v=2:sig=AQHPPwJG7CygkI73Nm7yvipkR6ISV9Wg"
.amazon-adsystem.com/ Name: ad-id
Value: A7n5_iyoHkrxmis-PeeMhFs
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 7256229306290514967
.eyeota.net/ Name: SERVERID
Value: 17977~DM
.audrte.com/ Name: arcki2_ddp
Value: CAESEMeNrxSdgsTyW6YqYWPLCCU!20210804!1660845910940
.audrte.com/ Name: arcki2_adform
Value: 7256229306290514967!20210804!1660845911076
.audrte.com/ Name: arcki2_TTT
Value: 1660845911077!eg1kxWMmLkoSFmp0jV2bFBYtQ!H4sIAAAAAAAAAB1WS7IDIQg8zKypUkCF44DK/Y+QNlm8Sl45CE1/xtfxwcq0+p2kHkweq5G45tn72rnr23y8N3fqYydJnE15yyhkj7DemuT+ejauoZtYI0lvP+S3GumZJX3XyPKvl/Lgg5sigzSnkzHuzJnO16au7p/tCmEbdIWVVOakuNJpmtfdPftd7dvHLNuehCsv6TahtGLixCk5w3n6x3ds8820L27SvIOyW1IzTzujbtb4sl1Wc6MTMkg7anqkkGnI9JjXuL557wFMi4b5IR1p5PssMpF287bTAMEyY/SG/+IbDp0i57Gpi3odzi63fzJvLHehyQ04YVIys0Nr960dEx31L4oxZxyS2zopnySfqHS2zlaxR6HxuAB8yaKNDwGrRt7Homxa3qTwmd/F5g6XUoQAzBWDrONkNJRPdGvmn/PGQubBWrFA3TIxwgaibQ+1yLSsLyOcywdheCwQ9MCCM4kvmuTTFjf9QKdix3VLDq5rid0lLr592s0zvep8uOXuBpZE4zdd75R7JM3T+3Tfuq5/Z4eKqNDiCT5eccqTSiwibneVrPtlBnurpO0LiMcqHGqNxmze5+hRc36hK3fD81Mwk6YGxcR1vMfW0wEU+7dSxNZ49BeQVkMpfQcqHTRkLKfq4zIHE5SmQwjKuckK9DOoZR2TJlDLMVVw5pIndqPbseAEm1Em1qk5GqabJ3ysJ4RKkM4bUwwtaiWva6A08ss+is8B30oKknqkMwcYe7ThC4Jj+fZMC14YbIIFehgjrHS6dfSqSTW1j8WuHFCNJzYm2rGWWErnxFkr+PTYH8Ceo9oEn/hfCXyQhLh8sl0PyLi+8u5gDuh7JxY8E9cND+KlBj1Z4vN19NplCKEyIICJ4BC2eGNfx0oWRPbxAPsYpIPAcQgSITsNsM82LTGaLPm0jQEbKHhBAayGxtP6AB8gTLEAq/Y3/eyFn3TkwFXaXbCmhPigupNsmDRxaA9IL+kkWKINiLmPoLJtlVix6f3Cbt0GguzZMfgjOmozSet118wD/L4z5ID5uGRgd3IwYmBwgBX9Fhxx+KtksRmNTzeAmcApAoKPWe2E6rOgzw3bSdCfE0JR2CtkjjuDARS+AOj7AQ7QDhD7uv3xBd9e92ZzePUTi8/X7lhgl1L5AphLH/ZPMnB0yc5T4n5wRtAVfIKvv+sWmKnaYXz78beNPcYHS4EDCdSYQFSHwOyfWXfQ7K3Gs68PolNd7dDoU7BAuErqH7YNUOJBqp9q3TMCj65wEhngU/J83WNbe+2CRS9UvI9qDkKCmejJ5zSCMzedFncP+0D0NBSlXPtZjwACBZtn1wWyQziwHqwuN7ZN/FLsny2B2tSjsy2xMWV9z9taMUzsxjMMNAbxdBolSKDVR+N4TgfKWcGfNmID1IDMEWUXYShLQWDRb/a5mxXECWzBJ25gZkySWgKftOU4pEcDZgf39TNeJdTU2RFAMmwU/t77lWInr9LMhecHxBUThoBtwC8O+y77FCWnIwxWPWPlvzg7EEP6mPI2PfZBSBfO1Wn/A6jgOjng2MjVOwxY/WW+xxlzDWr9vrXgOBaLnuRqZyxtwVVwosaFZD2wZVg0sAcZ0X0HCyESWeMbhqmrg96mRoIEA8dhnC9XE2HrHZEvlxPDH+L+6PuC1g3JuHJuECMw2Aug0Rpc8jnli/zxr3QRQG7s8IvU9t0dM44xDX+6u/AvGxvMqVUQBGzzPFfpHAhpQiajscKcECBqbl6BdJRzG4SwED8FVznPMyFtBDXAQBYuv3tCLvDMhijR6IQV7CeEp0B0B2zjOc7k6hDn7XUwWOL9B1TQQ9ELrwmPn0fw+MMpV4fwxpvpQYCUiQ2fbR32tCEDuNcXCKz7lqH2EOWG+C1w1K86W5etY32xt9sUIViLP7U4/KkuwSSffBGYHdchOH0/tYA6CAvsNsFZOjcQpUj4yP6N/WIbQts70HggNuDqsIahF+MnaIvXkIgN52nI4PES4UX2uYyUQhLjVSCP9o9hWw1xhd1hgTrf7nQX9fPuny2g5I//FoPBoEP4E16XnhfgZZEX+rZ62/wB3Rc2KYwKAAA=
.audrte.com/ Name: arcki2
Value: eg1kxWMmLkoSFmp0jV2bFBYtQ!20210804!1660845911214
.securityaffairs.co/ Name: __gads
Value: ID=6ff954dbffe36354-228cd793f7cd0050:T=1660845912:RT=1660845912:S=ALNI_MZidPN3uqa0rqt3TDsej0VeVXDtag
.ads.pubmatic.com/ Name: KCCH
Value: YES
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2GVIs+xD.!]tc58i_iqf!oN/@E'zz<*Z0QcS]mZn0cWs>[wT#$W]/E@1BI$'uxr[x-icYTD._*PlZ[C[-kX-I9<z/
.casalemedia.com/ Name: CMTS
Value: 5171
.yahoo.com/ Name: A3
Value: d=AQABBFZ__mICEOzta_L-K6jB4DjSOt8YREMFEgEBAQHQ_2IIYwAAAAAA_eMAAA&S=AQAAApPdd4B-BbWGmo_lRCGKVPo
.3lift.com/ Name: tluid
Value: 914222648812222749946
.mathtag.com/ Name: mt_mop
Value: 4:1660845912
.360yield.com/ Name: tuuid
Value: 5f755d68-abbd-4add-805c-cfbcba0b1b71
.360yield.com/ Name: tuuid_lu
Value: 1660845913
.zemanta.com/ Name: zuid
Value: pLMyOOcQC7duoOlcVmuq

10 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html(Line 392)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html(Line 393)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html(Line 394)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html(Line 395)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
javascript error URL: https://securityaffairs.co/wordpress/130787/apt/apt29-targets-diplomats.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://tags.bluekai.com/site/87734?id=f97a0bc7-b658-4e98-464a-68c939bef403&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f97a0bc7-b658-4e98-464a-68c939bef403&reqId=e27267a9-377c-4edb-460a-e19440c41707&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://s0.2mdn.net/sadbundle/2052028618641845167/e91d4246-1605-4a87-9859-d3ceefaf6787
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ade.googlesyndication.com
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cc.adingo.jp
cdn.pixfuture.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
contextual.media.net
dclk-match.dotomi.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id5-sync.com
idsync.frontend.weborama.fr
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
match.360yield.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
ps.eyeota.net
px.ads.linkedin.com
px.owneriq.net
r.casalemedia.com
region1.google-analytics.com
s.amazon-adsystem.com
s.e-planning.net
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssp.disqus.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.mathtag.com
sync.richaudience.com
sync.teads.tv
sync.tidaltv.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
us-u.openx.net
usermatch.krxd.net
vid.vidoomy.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
api.rlcdn.com
fonts.googleapis.com
pagead2.googlesyndication.com
ssc.33across.com
104.111.215.191
104.17.120.107
104.18.18.126
104.18.19.126
107.178.246.49
107.20.181.84
13.224.189.11
13.225.78.37
137.184.242.150
141.95.98.70
142.250.185.130
142.250.186.130
142.250.186.66
151.1.205.165
151.101.129.108
151.101.2.49
168.119.149.178
172.217.16.130
172.98.26.121
174.137.133.49
18.119.23.78
18.184.216.10
18.195.145.239
18.198.69.109
18.202.164.188
184.51.8.30
185.15.245.81
185.29.132.241
185.64.189.112
185.83.142.19
185.89.210.180
192.0.76.3
192.0.77.2
198.47.127.19
2.18.233.201
2001:4860:4802:32::36
2001:4860:4802:36::178
2001:678:cb4:bbbb::11
2001:8d8:100f:f000::289
205.234.175.175
209.54.182.161
212.129.3.112
212.82.100.182
216.52.2.30
23.47.208.212
23.47.209.72
23.47.212.25
23.75.240.210
23.75.246.168
2600:1f18:6593:f601:31be:eaee:1d8c:9fe8
2600:9000:206e:9a00:c:abe:f440:93a1
2600:9000:20eb:8600:3:c04e:c780:93a1
2602:803:c004:200::141
2606:4700:10::6816:1857
2606:4700:20::681a:744
2606:4700::6812:acf
2620:1ec:22::14
2a00:1288:80:807::2
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:813::2008
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2006
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2002
2a00:1450:400e:800::200a
2a02:2638::1c
2a02:6ea0:c700::11
2a02:fa8:8806:13::1370
2a04:4e42:400::300
2a04:fa87:fffe::c000:4902
2a05:d018:24:b002:4b1d:b4d8:d7a1:7bd5
2a05:d018:d29:3602:d584:42d3:abd8:529d
3.121.251.124
3.64.108.197
3.92.156.8
34.107.148.139
34.111.131.239
34.98.64.218
35.173.74.115
35.71.131.137
37.157.2.234
5.178.65.245
5.178.65.246
51.75.86.98
52.210.248.158
52.211.22.81
52.22.123.234
52.31.1.81
52.95.118.179
54.210.173.147
54.64.135.73
64.74.236.159
66.155.71.149
67.202.105.21
68.183.31.14
69.166.1.15
69.173.144.138
69.173.144.139
69.173.144.165
74.119.119.139
76.223.111.18
81.17.55.112
85.114.159.118
92.123.9.160
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
02cd6392c447efaea376d963b3073e99f173ceec747c1daae02ea868d66675d3
067711c3c33185eb643c6fb94d0dcf0db7565677e1e65bb649e9a9bdc37d5b1b
0753934edf1c1fe52eef83e8c3fd463c4566f1d949c7245cf88aa977a58e3a4e
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0798e1d912b07d5ef220bc62ebdfa20ca58e10894b9c1c9f079f097f11745fb8
08116ebf19913d160077f6fbb9d3ed595b9507f3d1f6d65373e2fd0459d757d5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c048716b18dca085395d5d32b2e68d7b7998edb65da151cc4e5c454cb078ab9
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
15f03863555fddf5ceb304e1deae0fcf6459900e8ac15c8ffae4b5494925a961
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b
17d1417af7785c9512f56b14a53a5000ddba3d703880c10ab30e7d1adf437363
17dbe006e4c2817f41ca47af24b9184cd962af1ad2feb95c8d65db04d126c799
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1876bce18e2fc1c894feeac71539b5291eb4f76df2e0c78c272715d2ef7b1e47
18b676f82875754ee19750bc808e7a1aaa3536f9657586bff56c1367ccb3a2f7
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1b4e159992ea2ccd1c48c89f42bd05f280670e313c7bdc2a2e8ee7d8ff7adaef
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d24c0ffe6a55f4557b4c84138421d58ec2f8da826269f7a720e2416270907c6
1dd01018648dff43f3c4c2c8734074f1f2ba24fd4c0cc546f33ed102bb2e738c
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
1f7bbb8c0e6e80b49054b3b2a052c05e4d37b67f1b7eedde803df8b847ecbf0f
2001a471069a1835710b3e8881cd76cd26c74fc1ba09474f2e5d70e41517a539
20420380c27aa07a8f6320b72c5ebfb595c83f77ce648cf9b52c1bb2479f1ae3
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
26277f2366e12fadb45f17ef465cdccfead0cf2a5967195f0d4c25fb3ef86a95
270e03378783bee91fa0572eadb8292b3122da2fbd8a4d7f2f6fad9bdd0f7caf
2a3e68d809ea03479c1ee1e20b99c213305a2c9c191d970dfd9f742a11e7b9e6
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
2b0c188a2120992cc3bd21c6c44197a542d3db1818f811bcba2b25673d6f719e
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2ef1a575171191975846fa2b38e3b55449010f6fd6675a66ed974d618f8c6043
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6
31da0e07675320f1e726da00ef0192d7e63873496538f236dfb58f970bd04dab
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
360510d19e75fb7aeda5a352592a8276b5a6ee0255b642f050bee4934a9ca6b2
366b9f662a8ade6c6fa3b70557d49bb37754224680bbba54e45e2f8685c2db05
36c13e7d4ca5f849cc56ca5f3bfec462d21e7726759ed48ae54975a2a4f8c8a2
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d8f077f8b76e65e58d31247dc478d99aafd92b2fe70dd16745ca5708701f2d4
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
42d27bc43c8852c16cf2928a42c023c506f35a2060c99c4de0a7e5ede6ff3765
435008bea8d4d41f9508fe804a63161e39a668eb85bfbdfe044ab7f5019340d1
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9
4450ea25a2cd96ef28f12b921b645248e76d4fc7389dbed6c183cc91cadef186
44aa5fc7f75bb2efd6b3bdd1a855e83d56eaa5cda830fe9c46585492252d62fc
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
451b057b0a1eb5f896d2cfd517c2007547a02a4cee511c1236def2d465f8f6f1
45c7bb8bbadc5a262bd120b8fed70b0e3f454b06a10f96e29e1087fdb6274878
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49307e5d960c937ee2db2cc40da98377e08da5567df4d7485519c6b35a1000ad
496b90abe82dfb9f2d3e1344929a29d62b52a89939386dba06b39d2669adc3ba
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50c76a75b7566cb5587975dccb659810f5ce9297327b12bf40268ef49925dc9f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5cc5495b8f587276ad3e8de0e8ef0fd2734e8c244b613492f6ad0cc698b61b9e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6243f0074dd7845c475a565de937bdf2a936fed1bf9ec2d99983c041bc094227
6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301
64bc64dd1ed92b78730d044ad93617fcf853494e09227f0a65db43533efd37e3
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
64e26d4ce236523a4bb52f809c7ef1c64fe539340e1c2a2e0e2b8d661d924c9e
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
668a5e300760780c543324b12a806288c291a45b955ba07e59ee2c2537186934
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f
6d656f49ac878039d3910fd7c6e03b2c56998038a48acc6a57fb83b2eaceef50
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
73e92096e61cc5ea7df6db98368b62ff1f624918e8cdea8ec8c51022426dbe8c
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
765f3dc1ea4b8fb71d4313c31663bd488c427fbde87b351a81b3a2481ba31e91
7a28d4c666017420e32bbeffa285b196931663181c7bb07887adbe4e116cde05
7a48498f5db8ae8a7624a0150932e184eb1de17b6e2407d237aba929a60102ff
7a4bbdda765eb196856a72e3e2b96275eb13cca6acb2896f1a36a0a4111d2528
7dadda4636ad843b7cdf1e0874fa2b4d944d9b3b67c6b26692333637f4486d56
8001ee09dc384ab72cfea0383270f7333b59ac6510037e6cc4c8f89fdc264c02
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8201fdb8ea2519b8c32409a1c5c5c7298381863b4922ba403afc73529a462c07
820e74818fb6a53e28641dbf24933329825ef9490f718a2106ca1b99c842f5b3
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8483c42b394ea1a70d9710d63b392d314e34562ad27480ed8504ff6351865173
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
89329d4bab822d07ce8a5e06677e6c646cdf73efbac43ac13d17671ef4b500a0
8a2933da42d7be2d22c7c404cbe04d575fbce80452899f07c31d675bb2bdc75a
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d54d4af9d75c62702f641889e0e18de6db13ea60095715758d33b34d241da33
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8d95a4e2bef19ae6d438a2c9bd73f685b9395f9d9c595f380d7968d1c80e37a2
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
9275315160d6372f8e0f3b4121c5ec2bd10d07ff1dd6889d3e37e148f7bcc7a6
92b07fb4006925aa9e6bbf7fc2cf4d671a87f1b302b5a3f94f635713ce9b9208
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
981650eafffe4e20b30b17de37f423313b5c4d1e2b2a33f3f8e182ec7f442ae9
98bcb906392d785020c8304523edbd356c95ff2f706e47672a59e4ed2d7258ea
9a31a8ad135fd6ce19c7140cb733d948b9cca5bdfcbba9e2c5b7d3c8a8adc356
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5edfa92ea10a68d81e5f2d50366262370d04e84d8c64fbe33c71399302719bb
a82b29e09a2eaaa7d4286506924ab8b65528a8f441a68fb2ed5a72765e58effb
aaad7fdb013da8f651a7ddccfd11fd980df3710d933278c8c109053053c0bc4a
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09
ae1d356e38a0b9d8ea6f45f9138d103980fae1ca1c37c74bbe8c0e4567b8b298
ae310d434f568e17a279eaf03871b2929ba16e2431826b936a36cd6a302431ec
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b949706a2b8d73b21ba7ead787999f0f2c1696a63191d69166a4cb00efe4eb7c
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c888e4efde780e5e5b542d3c0c45c7b5ec7fa0dc96a3de03cbe955581a26c50b
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
ca8cf4665bcb36d5cb15f708fbd0edbaba6cd14afc3d1c4231463e483bbdb66f
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d2bec0abb5ffb683afd89667d8c3f3cf64502bf1cae75215f813f8a04d2f2e28
d2d10605af0cadc77940b2153cc14a5e6f7f5272c0e5a8692ccddb344632efc8
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ee7c6e3107295bf873159faa0b6299380d482b2882de4772f9f659e5bedea277
eef8f9ebf2b664a8406c8dd20b5db1a9275a5ecd28e41f6f119c88d355dda110
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
f0f86d9c74b39cac465ee1a52a1d84d2167f7dd78bf5f48cfb6c744053b6cd8d
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc
f37b633163160a193075aa9263fef8d44504c2006c6e2702de244a8aba1933d6
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f78d3e6b183810f7eebeafb4a45e860c178f6f60602eb5fb930154c2e7c9142f
f94256f0b6f73508a1c40877ff1e1ac19a8fd0514f5249845de28b5d6c6722fb
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0
fdc118b6790fb14bd5d215b9bd236b020faff893184c75ea2bd895c5ae8c9306