urlscan.io logo urlscan.io
SecurityTrails logo

www.aiupnow.com Open in urlscan Pro
2a00:1450:4001:82f::2013  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/IMBWIxzlWq
Effective URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Submission: On December 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 95 IPs in 8 countries across 84 domains to perform 504 HTTP transactions. The main IP is 2a00:1450:4001:82f::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is www.aiupnow.com.
TLS certificate: Issued by GTS CA 1D4 on December 2nd 2021. Valid for: 3 months.
This is the only time www.aiupnow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.69 13414 (TWITTER)
1 13 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2.18.235.93 16625 (AKAMAI-AS)
11 151.139.128.11 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
20 2a00:1450:400... 15169 (GOOGLE)
20 172.66.42.247 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f02... 32934 (FACEBOOK)
4 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 54.197.98.98 14618 (AMAZON-AES)
34 2a00:1450:400... 15169 (GOOGLE)
2 199.232.196.134 54113 (FASTLY)
20 2a00:1450:400... 15169 (GOOGLE)
3 13 2a02:6b8::1:119 208722 (YNDX)
3 188.65.124.90 41690 (DAILYMOTI...)
26 2a03:2880:f12... 32934 (FACEBOOK)
1 2 2600:1901:1:c... 15169 (GOOGLE)
46 2606:4700:303... 13335 (CLOUDFLAR...)
15 2a00:1450:400... 15169 (GOOGLE)
16 2600:9000:21f... 16509 (AMAZON-02)
8 151.101.0.134 54113 (FASTLY)
1 216.58.212.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 34.204.113.242 14618 (AMAZON-AES)
1 107.20.147.136 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
17 178.79.242.181 22822 (LLNW)
1 172.66.41.9 13335 (CLOUDFLAR...)
8 188.65.124.59 41690 (DAILYMOTI...)
3 2a00:1450:400... 15169 (GOOGLE)
1 67.202.105.32 32748 (STEADFAST)
2 6 2.18.234.21 16625 (AKAMAI-AS)
1 51.89.9.254 16276 (OVH)
6 6 185.64.190.79 62713 (AS-PUBMATIC)
4 4 142.250.181.226 15169 (GOOGLE)
2 2 185.64.189.110 62713 (AS-PUBMATIC)
2 2 198.47.127.20 3257 (GTT-BACKB...)
4 5 37.252.172.249 29990 (ASN-APPNEX)
1 34.98.64.218 15169 (GOOGLE)
3 4 18.156.0.31 16509 (AMAZON-02)
3 3 213.19.147.44 26120 (RHYTHMONE)
2 3 15.197.193.217 16509 (AMAZON-02)
1 1 50.31.142.95 23352 (SERVERCEN...)
1 178.162.133.149 60781 (LEASEWEB-...)
1 34.243.225.216 16509 (AMAZON-02)
1 174.137.133.49 27257 (WEBAIR-IN...)
2 2 52.28.63.132 16509 (AMAZON-02)
1 38.27.122.126 174 (COGENT-174)
2 2 72.251.249.13 29791 (VOXEL-DOT...)
1 1 193.0.160.129 54312 (ROCKETFUEL)
1 67.202.105.23 32748 (STEADFAST)
5 2a04:4e42:1f:... 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.231.31.218 14618 (AMAZON-AES)
6 2a00:1450:400... 15169 (GOOGLE)
1 104.16.138.31 13335 (CLOUDFLAR...)
1 217.20.152.207 47764 (MAILRU-AS...)
1 104.75.88.209 16625 (AKAMAI-AS)
1 151.101.65.140 54113 (FASTLY)
1 192.0.77.40 2635 (AUTOMATTIC)
1 87.240.190.78 47541 (VKONTAKTE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 141.193.213.21 209242 (CLOUDFLAR...)
3 2a00:1288:80:... 203220 (YAHOO-DEB)
2 52.217.95.49 16509 (AMAZON-02)
2 2606:2800:233... 15133 (EDGECAST)
17 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
11 13.224.194.206 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 209.54.180.144 16509 (AMAZON-02)
1 1 2001:678:cb4:... 56396 (AMOBEE)
1 72.251.241.196 29791 (VOXEL-DOT...)
1 188.65.124.91 41690 (DAILYMOTI...)
1 34.120.195.249 15169 (GOOGLE)
57 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
6 11 2a00:1450:400... 15169 (GOOGLE)
2 34.255.13.78 16509 (AMAZON-02)
2 4 142.250.185.102 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 188.65.124.38 41690 (DAILYMOTI...)
1 34.73.247.27 396982 (GOOGLE-PR...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 188.65.126.236 41690 (DAILYMOTI...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 199.232.198.49 54113 (FASTLY)
2 199.232.192.134 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 188.65.126.209 41690 (DAILYMOTI...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 151.101.130.137 54113 (FASTLY)
1 104.111.214.240 16625 (AKAMAI-AS)
1 162.247.243.146 13335 (CLOUDFLAR...)
504 95
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
13    2a00:1450:4001:82f::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.aiupnow.com
5    2a00:1450:4001:811::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.blogger.com
resources.blogblog.com
1    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
11    151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)
cdn.shareaholic.net
m9m6e2w5.stackpathcdn.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
7    2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
4.bp.blogspot.com
1.bp.blogspot.com
yt3.ggpht.com
3.bp.blogspot.com
20    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
20    172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
rt3027.infolinks.com
9    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
4    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
8    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    54.197.98.98 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-98-98.compute-1.amazonaws.com
www.shareaholic.net
34    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
2    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
sigma2.disqus.com
20    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
www.gstatic.com
13    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
mc.yandex.ru
mc.yandex.com
3    188.65.124.90 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: fp.dc3.dailymotion.com
www.dailymotion.com
26    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
open.spotify.com
46    2606:4700:3035::6815:1ac5 (United States)

ASN13335 (CLOUDFLARENET, US)
snd.click
15    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
16    2600:9000:21f3:ce00:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
c.disquscdn.com
8    151.101.0.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
1    216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net
partner.googleadservices.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
3    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    34.204.113.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-113-242.compute-1.amazonaws.com
analytics.shareaholic.com
1    107.20.147.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-147-136.compute-1.amazonaws.com
partner.shareaholic.com
1    2a00:1450:4001:811::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
17    178.79.242.181 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-181.fra.llnw.net
static1.dmcdn.net
vendorlist.dmcdn.net
s1.dmcdn.net
1    172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)
rt3027.infolinks.com
8    188.65.124.59 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: ebed2.dm.gg
pebed.dm-event.net
3    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net
de.tynt.com
6    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
1    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
6    185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
4    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
cm.g.doubleclick.net
2    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image4.pubmatic.com
5    37.252.172.249 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
4    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    213.19.147.44 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
3    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    50.31.142.95 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
1    178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
1    34.243.225.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
s.cpx.to
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
2    52.28.63.132 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-63-132.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    38.27.122.126 (United States)

ASN174 (COGENT-174, US)
match.bnmla.com
2    72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
1    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    67.202.105.23 (United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
5    2a04:4e42:1f::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
i.scdn.co
1    2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.viglink.com
1    34.231.31.218 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-31-218.compute-1.amazonaws.com
recs.shareaholic.com
6    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
1    104.16.138.31 (None, )

ASN13335 (CLOUDFLARENET, US)
api.bufferapp.com
1    217.20.152.207 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: ip207.152.odnoklassniki.ru
connect.ok.ru
1    104.75.88.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com
api.pinterest.com
1    151.101.65.140 (United States)

ASN54113 (FASTLY, US)
www.reddit.com
1    192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com
api.tumblr.com
1    87.240.190.78 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS vk.com, RU)
PTR: srv78-190-240-87.vk.com
vk.com
1    2606:4700::6812:1a47 (United States)

ASN13335 (CLOUDFLARENET, US)
www.yummly.com
1    141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blogs.windows.com
3    2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
2    52.217.95.49 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
media-mbst-pub-ue1.s3.amazonaws.com
2    2606:2800:233:af6:eab:2108:1892:6d8 (United States)

ASN15133 (EDGECAST, US)
o.aolcdn.com
17    2606:4700::6812:bc37 (United States)

ASN13335 (CLOUDFLARENET, US)
www.windowscentral.com
1    2606:4700::6811:a62b (United States)

ASN13335 (CLOUDFLARENET, US)
passport.mobilenations.com
5    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
feeds.feedburner.com
11    13.224.194.206 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-206.fra2.r.cloudfront.net
d2908q01vomqb2.cloudfront.net
1    2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
img.youtube.com
2    209.54.180.144 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
1    72.251.241.196 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
1    188.65.124.91 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: st.dc3.dailymotion.com
speedtest.dailymotion.com
1    34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o22381.ingest.sentry.io
57    2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
8    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
11    2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    34.255.13.78 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-13-78.eu-west-1.compute.amazonaws.com
api.viglink.com
4    142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net
ad.doubleclick.net
2    2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    188.65.124.38 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: icscale-01-pub-ix7.vip.dailymotion.com
dmxleo.dailymotion.com
1    34.73.247.27 (North Charleston, United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 27.247.73.34.bc.googleusercontent.com
www.saastr.com
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
drive.google.com
2    2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
doc-10-94-docs.googleusercontent.com
1    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
docs.google.com
1    2a02:26f0:6c00:2ac::2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
is5-ssl.mzstatic.com
2    188.65.126.236 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: proxy-019.dc3.dailymotion.com
proxy-019.dc3.dailymotion.com
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
youtube.com
1    199.232.198.49 (United States)

ASN54113 (FASTLY, US)
a.disquscdn.com
2    199.232.192.134 (United States)

ASN54113 (FASTLY, US)
referrer.disqus.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a02:26f0:6c00:299::1fcf (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
js-cdn.music.apple.com
1    188.65.126.209 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: proxy-046.dc3.dailymotion.com
proxy-046.dc3.dailymotion.com
1    2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
1    2606:4700:3037::6815:4e07 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    104.111.214.240 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-240.deploy.static.akamaitechnologies.com
cdn.iubenda.com
1    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
Apex Domain
Subdomains		 Transfer
77 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
890 KB
46 snd.click
snd.click Failed
451 KB
41 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
ad.doubleclick.net
static.doubleclick.net
265 KB
26 facebook.com
www.facebook.com Failed
14 KB
26 gstatic.com
fonts.gstatic.com
www.gstatic.com
ssl.gstatic.com
339 KB
26 google.com
apis.google.com
adservice.google.com
accounts.google.com
www.google.com
drive.google.com
docs.google.com
243 KB
21 infolinks.com
resources.infolinks.com
router.infolinks.com
rt3027.infolinks.com
157 KB
18 youtube.com
www.youtube.com
img.youtube.com
youtube.com
816 KB
17 windowscentral.com
www.windowscentral.com
841 KB
17 dmcdn.net
static1.dmcdn.net
vendorlist.dmcdn.net
s1.dmcdn.net
829 KB
17 disquscdn.com
c.disquscdn.com
a.disquscdn.com
708 KB
13 aiupnow.com
www.aiupnow.com
425 KB
12 disqus.com
sigma2.disqus.com
disqus.com
referrer.disqus.com
113 KB
12 googleapis.com
ajax.googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
481 KB
11 cloudfront.net
d2908q01vomqb2.cloudfront.net
5 MB
11 yandex.com
mc.yandex.com
3 KB
10 pubmatic.com
image8.pubmatic.com
image2.pubmatic.com
image4.pubmatic.com
3 KB
10 stackpathcdn.com
m9m6e2w5.stackpathcdn.com
123 KB
8 googletagservices.com
www.googletagservices.com
293 KB
8 dm-event.net
pebed.dm-event.net
1 KB
8 dailymotion.com
www.dailymotion.com Failed
speedtest.dailymotion.com
dmxleo.dailymotion.com
proxy-019.dc3.dailymotion.com
proxy-046.dc3.dailymotion.com
26 KB
6 casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
7 KB
6 blogspot.com
4.bp.blogspot.com
1.bp.blogspot.com
3.bp.blogspot.com
102 KB
5 feedburner.com
feeds.feedburner.com
4 KB
5 scdn.co
open.scdn.co
i.scdn.co
87 KB
5 adnxs.com
ib.adnxs.com
4 KB
4 yahoo.com
ups.analytics.yahoo.com
1 KB
4 google-analytics.com
www.google-analytics.com
59 KB
4 facebook.net
connect.facebook.net
195 KB
4 blogger.com
www.blogger.com
93 KB
3 yimg.com
s.yimg.com
1 MB
3 viglink.com
cdn.viglink.com
api.viglink.com
30 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 shareaholic.com
analytics.shareaholic.com
partner.shareaholic.com
recs.shareaholic.com
953 B
3 google.de
adservice.google.de
1 KB
2 googleusercontent.com
doc-10-94-docs.googleusercontent.com
25 KB
2 2mdn.net
s0.2mdn.net
874 KB
2 amazon-adsystem.com
s.amazon-adsystem.com
1 KB
2 aolcdn.com
o.aolcdn.com
278 KB
2 amazonaws.com
media-mbst-pub-ue1.s3.amazonaws.com
440 KB
2 lijit.com
ap.lijit.com
1 KB
2 advertising.com
pixel.advertising.com
674 B
2 1rx.io
sync.1rx.io
1 KB
2 yandex.ru
mc.yandex.ru
67 KB
2 spotify.com
open.spotify.com Failed
1 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
84 KB
2 shareaholic.net
cdn.shareaholic.net
www.shareaholic.net
7 KB
1 nr-data.net
bam-cell.nr-data.net
725 B
1 iubenda.com
cdn.iubenda.com
5 KB
1 newrelic.com
js-agent.newrelic.com
13 KB
1 fontawesome.com
use.fontawesome.com
247 KB
1 apple.com
js-cdn.music.apple.com
54 KB
1 cloudflare.com
cdnjs.cloudflare.com
7 KB
1 googletagmanager.com
www.googletagmanager.com
36 KB
1 mzstatic.com
is5-ssl.mzstatic.com
214 KB
1 saastr.com
www.saastr.com
65 KB
1 sentry.io
o22381.ingest.sentry.io
245 B
1 adgrx.com
cm.adgrx.com
408 B
1 turn.com
ad.turn.com
425 B
1 mobilenations.com
passport.mobilenations.com
50 KB
1 windows.com
blogs.windows.com
291 KB
1 yummly.com
www.yummly.com
724 B
1 vk.com
vk.com
482 B
1 tumblr.com
api.tumblr.com
392 B
1 reddit.com
www.reddit.com
1 KB
1 pinterest.com
api.pinterest.com
416 B
1 ok.ru
connect.ok.ru
2 KB
1 bufferapp.com
api.bufferapp.com
410 B
1 33across.com
ssc-cms.33across.com
72 B
1 rfihub.com
p.rfihub.com
757 B
1 bnmla.com
match.bnmla.com
112 B
1 adkernel.com
dsp.adkernel.com
233 B
1 cpx.to
s.cpx.to
945 B
1 sonobi.com
sync.go.sonobi.com
478 B
1 zemanta.com
b1sync.zemanta.com
288 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
475 B
1 openx.net
u.openx.net
306 B
1 onetag-sys.com
onetag-sys.com
814 B
1 tynt.com
de.tynt.com
289 B
1 ggpht.com
yt3.ggpht.com
2 KB
1 googleadservices.com
partner.googleadservices.com
644 B
1 blogblog.com
resources.blogblog.com
680 B
1 media.net
contextual.media.net
94 KB
1 t.co
t.co
723 B
504 84
Domain Requested by
57 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
www.aiupnow.com
pagead2.googlesyndication.com
46 snd.click www.aiupnow.com
ajax.googleapis.com
snd.click
32 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.youtube.com
26 www.facebook.com www.aiupnow.com
ajax.googleapis.com
t.co
www.facebook.com
connect.facebook.net
20 pagead2.googlesyndication.com www.aiupnow.com
pagead2.googlesyndication.com
srcdoc
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
t.co
17 www.windowscentral.com www.aiupnow.com
16 c.disquscdn.com sigma2.disqus.com
disqus.com
c.disquscdn.com
15 www.youtube.com apis.google.com
www.youtube.com
snd.click
www.aiupnow.com
14 static1.dmcdn.net www.dailymotion.com
static1.dmcdn.net
14 router.infolinks.com resources.infolinks.com
router.infolinks.com
ssum-sec.casalemedia.com
13 www.aiupnow.com 1 redirects t.co
www.aiupnow.com
ajax.googleapis.com
12 fonts.gstatic.com fonts.googleapis.com
www.youtube.com
11 www.google.com 6 redirects googleads.g.doubleclick.net
www.youtube.com
tpc.googlesyndication.com
11 d2908q01vomqb2.cloudfront.net www.aiupnow.com
11 mc.yandex.com 2 redirects www.aiupnow.com
mc.yandex.ru
10 m9m6e2w5.stackpathcdn.com cdn.shareaholic.net
www.aiupnow.com
9 apis.google.com www.aiupnow.com
apis.google.com
www.youtube.com
accounts.google.com
8 www.googletagservices.com googleads.g.doubleclick.net
8 pebed.dm-event.net www.dailymotion.com
static1.dmcdn.net
8 www.gstatic.com apis.google.com
static1.dmcdn.net
googleads.g.doubleclick.net
www.gstatic.com
8 disqus.com sigma2.disqus.com
c.disquscdn.com
8 fonts.googleapis.com www.aiupnow.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
snd.click
6 ssl.gstatic.com accounts.google.com
www.aiupnow.com
6 image8.pubmatic.com 6 redirects
5 feeds.feedburner.com www.aiupnow.com
5 ib.adnxs.com 4 redirects ssum-sec.casalemedia.com
4 ad.doubleclick.net 2 redirects googleads.g.doubleclick.net
4 open.scdn.co open.spotify.com
open.scdn.co
4 ups.analytics.yahoo.com 3 redirects ssum-sec.casalemedia.com
4 cm.g.doubleclick.net 4 redirects
4 www.google-analytics.com www.aiupnow.com
www.google-analytics.com
www.googletagmanager.com
t.co
4 connect.facebook.net www.aiupnow.com
connect.facebook.net
4 resources.infolinks.com www.aiupnow.com
t.co
resources.infolinks.com
4 www.blogger.com www.aiupnow.com
3 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
3 s.yimg.com www.aiupnow.com
3 match.adsrvr.org 2 redirects ssum-sec.casalemedia.com
3 ssum-sec.casalemedia.com 1 redirects router.infolinks.com
ssum-sec.casalemedia.com
3 imasdk.googleapis.com www.dailymotion.com
static1.dmcdn.net
imasdk.googleapis.com
3 rt3027.infolinks.com resources.infolinks.com
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
3 www.dailymotion.com www.aiupnow.com
ajax.googleapis.com
www.dailymotion.com
static1.dmcdn.net
3 4.bp.blogspot.com www.aiupnow.com
2 referrer.disqus.com www.aiupnow.com
2 youtube.com 2 redirects
2 proxy-019.dc3.dailymotion.com static1.dmcdn.net
2 doc-10-94-docs.googleusercontent.com 1 redirects www.aiupnow.com
2 s0.2mdn.net googleads.g.doubleclick.net
imasdk.googleapis.com
2 api.viglink.com cdn.viglink.com
2 s1.dmcdn.net www.dailymotion.com
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 o.aolcdn.com www.aiupnow.com
2 media-mbst-pub-ue1.s3.amazonaws.com www.aiupnow.com
2 ap.lijit.com 2 redirects
2 pixel.advertising.com 2 redirects
2 sync.1rx.io 2 redirects
2 image4.pubmatic.com 2 redirects
2 image2.pubmatic.com 2 redirects
2 mc.yandex.ru 1 redirects www.aiupnow.com
2 open.spotify.com www.aiupnow.com
ajax.googleapis.com
2 sigma2.disqus.com www.aiupnow.com
sigma2.disqus.com
2 maxcdn.bootstrapcdn.com www.aiupnow.com
maxcdn.bootstrapcdn.com
2 1.bp.blogspot.com www.aiupnow.com
1 bam-cell.nr-data.net js-agent.newrelic.com
1 cdn.iubenda.com snd.click
1 js-agent.newrelic.com t.co
1 use.fontawesome.com snd.click
1 static.doubleclick.net www.youtube.com
1 proxy-046.dc3.dailymotion.com static1.dmcdn.net
1 js-cdn.music.apple.com snd.click
1 cdnjs.cloudflare.com snd.click
1 a.disquscdn.com www.aiupnow.com
1 www.googletagmanager.com snd.click
1 is5-ssl.mzstatic.com snd.click
1 docs.google.com 1 redirects
1 drive.google.com 1 redirects
1 www.saastr.com www.aiupnow.com
1 dmxleo.dailymotion.com static1.dmcdn.net
1 o22381.ingest.sentry.io open.scdn.co
1 speedtest.dailymotion.com static1.dmcdn.net
1 vendorlist.dmcdn.net static1.dmcdn.net
1 cm.adgrx.com ssum-sec.casalemedia.com
1 ad.turn.com 1 redirects
1 img.youtube.com www.aiupnow.com
1 3.bp.blogspot.com www.aiupnow.com
1 passport.mobilenations.com www.aiupnow.com
1 blogs.windows.com www.aiupnow.com
1 www.yummly.com m9m6e2w5.stackpathcdn.com
1 vk.com m9m6e2w5.stackpathcdn.com
1 api.tumblr.com m9m6e2w5.stackpathcdn.com
1 www.reddit.com m9m6e2w5.stackpathcdn.com
1 api.pinterest.com m9m6e2w5.stackpathcdn.com
1 connect.ok.ru m9m6e2w5.stackpathcdn.com
1 api.bufferapp.com m9m6e2w5.stackpathcdn.com
1 i.scdn.co open.spotify.com
1 recs.shareaholic.com m9m6e2w5.stackpathcdn.com
1 cdn.viglink.com m9m6e2w5.stackpathcdn.com
1 ssc-cms.33across.com router.infolinks.com
1 p.rfihub.com 1 redirects
1 match.bnmla.com router.infolinks.com
1 dsp.adkernel.com router.infolinks.com
1 s.cpx.to router.infolinks.com
1 sync.go.sonobi.com router.infolinks.com
1 b1sync.zemanta.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 u.openx.net router.infolinks.com
1 onetag-sys.com router.infolinks.com
1 de.tynt.com router.infolinks.com
1 yt3.ggpht.com www.youtube.com
1 accounts.google.com apis.google.com
1 partner.shareaholic.com m9m6e2w5.stackpathcdn.com
1 analytics.shareaholic.com m9m6e2w5.stackpathcdn.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.shareaholic.net cdn.shareaholic.net
1 resources.blogblog.com www.aiupnow.com
1 ajax.googleapis.com www.aiupnow.com
1 cdn.shareaholic.net www.aiupnow.com
1 contextual.media.net www.aiupnow.com
1 t.co
504 120
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
www.aiupnow.com
GTS CA 1D4		 2021-12-02 -
2022-03-02		 3 months crt.sh
*.blogger.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
cdn.shareaholic.net
R3		 2021-11-09 -
2022-02-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-15 -
2022-07-14		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-24 -
2021-12-23		 3 months crt.sh
*.stackpathcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-31 -
2022-05-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.shareaholic.net
R3		 2021-12-03 -
2022-03-03		 3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2020-04-20 -
2022-05-09		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2021-07-28 -
2022-01-07		 5 months crt.sh
www.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-12-11 -
2022-03-11		 3 months crt.sh
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
a.disquscdn.com
Amazon		 2021-10-31 -
2022-11-28		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
shareaholic.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.shareaholic.com
R3		 2021-11-29 -
2022-02-27		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.dmcdn.net
ZeroSSL RSA Domain Secure Site CA		 2021-11-10 -
2022-02-08		 3 months crt.sh
*.dm-event.net
ZeroSSL RSA Domain Secure Site CA		 2021-10-15 -
2022-01-13		 3 months crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
onetag-sys.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
*.adkernel.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-22 -
2022-01-05		 a year crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.scdn.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-06 -
2022-09-02		 a year crt.sh
ssl1029306.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2021-07-12 -
2022-06-30		 a year crt.sh
api.bufferapp.com
DigiCert SHA2 Secure Server CA		 2020-06-24 -
2022-08-16		 2 years crt.sh
*.ok.ru
GeoTrust RSA CA 2018		 2021-02-18 -
2022-03-21		 a year crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-26 -
2022-08-05		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-05 -
2022-04-02		 6 months crt.sh
tumblr.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-09 -
2022-04-14		 2 years crt.sh
*.vk.com
GlobalSign Organization Validation CA - SHA256 - G2		 2020-06-09 -
2022-06-10		 2 years crt.sh
blogs.windows.com
Microsoft RSA TLS CA 01		 2021-11-05 -
2022-11-05		 a year crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-11-08 -
2021-12-29		 2 months crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-01-11 -
2022-02-11		 a year crt.sh
o.aolcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-28 -
2022-06-02		 a year crt.sh
windowscentral.com
Cloudflare Inc ECC CA-3		 2021-06-05 -
2022-06-04		 a year crt.sh
misc.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-24 -
2022-03-26		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-17 -
2022-02-09		 6 months crt.sh
speedtest.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-26 -
2022-01-24		 3 months crt.sh
*.ingest.sentry.io
R3		 2021-10-24 -
2022-01-22		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
viglink.com
Amazon		 2021-11-13 -
2022-12-11		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
dmxleo.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-25 -
2022-01-23		 3 months crt.sh
www.saastr.com
R3		 2021-11-23 -
2022-02-21		 3 months crt.sh
itunes.apple.com
Apple Public EV Server RSA CA 2 - G1		 2021-06-22 -
2022-07-22		 a year crt.sh
*.dc3.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-21 -
2022-01-19		 3 months crt.sh
*.disquscdn.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
authorize.music.apple.com
Apple Public EV Server RSA CA 2 - G1		 2021-01-06 -
2022-02-05		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
www.iubenda.com
DigiCert SHA2 Secure Server CA		 2021-03-26 -
2022-03-31		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh

This page contains 53 frames:

Primary Page: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Frame ID: F6EBFB89F917DE0FC0BB70CB4D00C5F2
Requests: 166 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 415CC0E7BA4C5BF156C178AC77CE01D8
Requests: 1 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Frame ID: 8C763002D539A85947332BE31DE255A7
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Frame ID: 1C79A37C836BFAD4C29D030675A73CDC
Requests: 1 HTTP requests in this frame

Frame: https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Frame ID: 5ABF1298E2050F95B1864EA3EA63F411
Requests: 1 HTTP requests in this frame

Frame: https://snd.click/mjI0tjt?embed=1
Frame ID: FF08D2459CCAF53FC816F4261875D3BA
Requests: 1 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Frame ID: 06041A53F625F088E59F510CE3566E6F
Requests: 32 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Frame ID: EE24F3F383C490478FE9037140D2FAB0
Requests: 23 HTTP requests in this frame

Frame: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Frame ID: 11ED468BEE8DF289889A118D258A5044
Requests: 7 HTTP requests in this frame

Frame: https://snd.click/mjI0tjt?embed=1
Frame ID: D08B701A61A1CBB2BD02E04807D39DC9
Requests: 58 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 3DCBF06E49AB14ECA6FF3378781530B4
Requests: 6 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Frame ID: 80D34B6D7B874672048842BC4701ED71
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743050&bpp=19&bdt=315&idt=337&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=4428376513156&frm=20&pv=2&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=rREeltNLRA&p=https%3A//www.aiupnow.com&dtd=359
Frame ID: 539E174D1E2FA5AA27A15B8F307BD2A2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Frame ID: 7160E372E9ED21F9B116EAC9B217F481
Requests: 9 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Frame ID: B5F5642E9F279E82D0280A04E674B39C
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Frame ID: 9422525838ADB4218A606CB7E7ABD6BA
Requests: 9 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: FB0B1974F18B86C104CFED2EC5060B41
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Frame ID: 0D04DDFCD8FA6CE43AAB281B69522310
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Frame ID: 4C7F0C876253B59D72EDC80BC01FA454
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Frame ID: 401F2CF4114E7194E648355D4ED3141A
Requests: 15 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: E5F266786236CBB6994A51462EAB8F14
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 3A2AE49765EBC4A2326B3A8BD618C6B6
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: 8CA7FCA21808B044451C5F51F6F0EEBB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Frame ID: 4138444DDED3DD304AE2079F0ED2A76F
Requests: 9 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Frame ID: AE2CFC2F25F22F15012101E8834C1FD6
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Frame ID: 6B17A5C1219B518C03712C5F008D30C5
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&adk=1812271804&adf=3025194257&lmt=1639580699&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743255&bpp=1&bdt=520&idt=972&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600%2C250x250&nras=1&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=9&uci=a!9&fsb=1&dtd=987
Frame ID: 296AECB2AF7984847890B857A8113B56
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D1F8CB95F08D60B2E1F08EC51FA1DAF1
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 6489E21DD4CA1DA8E3CC6DE8FA15387F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html
Frame ID: B8AB9658566280F3DCA0D5354EF625F6
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html
Frame ID: 79D57A54B7B08FC7CC6028CF1B5E2C04
Requests: 14 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.492.0_en.html
Frame ID: 8345B4450E5548652F2A1096EDA6A9DF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 786BFAFF7523C9631BE4A88ABA37EFD0
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 192A58E5FF9A045C2B31B8937481571F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A6D78C14B27115A90DF08030DCC49BC1
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2EFEE854BB20D5846C96D94F6B883D8B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CF7A102C54E0B2826127804C5D15F46C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EB5393568297590FE145B7028D5E239F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: F323E106222F016345FE2ABFF9200BA3
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 3A5669B06BA57E87A24FDF2F936A6993
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 05FA346173C4B9380F2CDA11D0C414B5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 52BB50AE7174E95825B20A2628ADAC6E
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Frame ID: FB7B3B8EFA0F55A73698AB307CADC483
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: FA10871ADD30FA30AE7210B08DC31DA4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: E871203B8D7043F05A5AC03761922888
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 10170822CFAB187008E4241C95013362
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: A99E64ECB2F739CB4193CCC99DBE4CD4
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6E8CF354BA8728AB1F7F16DB92E7831D
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E19256FBC291C3CF101249CF40734CFD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 54FD22C6CD46C2E84B9C110B1674ECAD
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19d4b7700b1888%26domain%3Dwww.aiupnow.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.aiupnow.com%252Ff13e1b94a6abb08%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&locale=en_US&numposts=5&sdk=joey&version=v2.0&width=
Frame ID: 0CAAEB8E1F61CD053AE7868B0B46629D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2D986C433C64DDF935A237EB62BFA4DD
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 192A7C2950F399A18B24DE96C471F857
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials #Cybersecurity - The Entrepreneurial Way with A.I.

Page URL History Show full URLs

  1. https://t.co/IMBWIxzlWq Page URL
  2. http://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html HTTP 301
    https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html Page URL

Page Statistics

504
Requests

95 %
HTTPS

44 %
IPv6

84
Domains

120
Subdomains

95
IPs

8
Countries

16539 kB
Transfer

29006 kB
Size

73
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/IMBWIxzlWq Page URL
  2. http://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html HTTP 301
    https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light HTTP 301
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Request Chain 105
  • https://mc.yandex.com/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9488.u9QiLKA15-Zp90hWrnnqKvwGICrR59o8V8tMA17Upa7KmMnQGbOhnEkdNypFQz0c.qrGQ45iUqUsKZRO5yqTdul2aliY%2C HTTP 302
  • https://mc.yandex.com/sync_cookie_image_decide?token=9488.sO-nchbm0oTybXYLQPbKWSFMza7fafjeUG5sXN3qUUSyf3IodqgTdEFgKQXwWURXeGz3scsVAKyCcuwPN2diQQ%2C%2C.40oReDj0HmRbB2BDuYg2zJJq_Uw%2C
Request Chain 131
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Request Chain 133
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MTgyNzgwMzItMjVEMi00NUQzLTkyQTgtNjU3ODI3RkM0OTA3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D4BA7A629-27E4-4226-A0AA-4347858C5233 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
Request Chain 134
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
  • https://router.infolinks.com/dyn/apn-usync?user_id=4180968463622704791
Request Chain 136
  • https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
  • https://router.infolinks.com/dyn/VR-usync?uid=y-18zKVEBE2uGllNGulROlNPdIZ4CKr76u7_UVm9Y-~A
Request Chain 137
  • https://sync.1rx.io/usersync2/infolinks HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3548810636 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3548810636 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/e0638c74-cf4f-44f4-ab68-decc9116267d HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-1a7a9a5b-71f4-4135-80a0-294e10524237-003 HTTP 302
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003
Request Chain 138
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
  • https://router.infolinks.com/dyn/zmn-usync?uid=
Request Chain 140
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.aiupnow.com%252F2021%252F12%252Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.aiupnow.com%25252F2021%25252F12%25252Fhackers-using-malicious-iis-server.html%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2615535459032288984
Request Chain 142
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP0ee8603b-5de0-11ec-967c-02ce2ee4e570 HTTP 302
  • https://router.infolinks.com/dyn/outh-usync?uid=y-T0Ghv1dE2uHWFlPW9_U.VrXi0PZ4682L~A~UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
Request Chain 144
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
  • https://router.infolinks.com/dyn/sovrn-usync?uid=ccfda82ee36bf7cf1052f420
Request Chain 145
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEJBN0E2MjktMjdFNC00MjI2LUEwQUEtNDM0Nzg1OEM1MjMz&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D4BA7A629-27E4-4226-A0AA-4347858C5233 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
Request Chain 146
  • https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
  • https://router.infolinks.com/dyn/zeta-usync?uid=5123196420775419717
Request Chain 227
  • https://mc.yandex.com/watch/53791720?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A1298%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A95639952349%3Ahid%3A424392075%3Az%3A0%3Ai%3A20211215194903%3Aet%3A1639597744%3Ac%3A1%3Arn%3A499940879%3Arqn%3A1%3Au%3A1639597744714125276%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597741736%3Ads%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C478%2C53%2C%2C%2C%2C1478%3Adsn%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C305%2C53%2C%2C%2C%2C1477%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597744%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr(14)aw(1)ti(2) HTTP 302
  • https://mc.yandex.com/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A1298%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A95639952349%3Ahid%3A424392075%3Az%3A0%3Ai%3A20211215194903%3Aet%3A1639597744%3Ac%3A1%3Arn%3A499940879%3Arqn%3A1%3Au%3A1639597744714125276%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597741736%3Ads%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C478%2C53%2C%2C%2C%2C1478%3Adsn%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C305%2C53%2C%2C%2C%2C1477%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597744%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
Request Chain 228
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&dcc=t
Request Chain 229
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESENqV4_wubCKYl01OfWx4Pgc&google_cver=1
Request Chain 231
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbpGsPHGNeSA3Pkd4mYMRAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOpE_5a4uDc8FX0e27c0Dqc&google_cver=1&gdpr=1
Request Chain 232
  • https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3740180705741226068
Request Chain 276
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26765852.319742854;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26765852.319742854;dc_pre=CIeSx8nJ5vQCFbbnuwgdZ4cDiw;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
Request Chain 293
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26766164.319517987;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26766164.319517987;dc_pre=CK6SyMnJ5vQCFQDjuwgdOnoBfQ;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
Request Chain 311
  • https://drive.google.com/uc?id=1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH HTTP 302
  • https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH HTTP 302
  • https://docs.google.com/nonceSigner?nonce=lnrai3kct15jq&continue=https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH&hash=iedh14ccr5sp9k7do6qsgqg21stsgdbf HTTP 302
  • https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=lnrai3kct15jq&user=13572733374762013682Z&hash=ihbshi6na7ipnagq3pjp28ifrk73ek9a
Request Chain 401
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 402
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 403
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 404
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 409
  • https://youtube.com/embed//RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer HTTP 303
  • https://youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer HTTP 301
  • https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Request Chain 438
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 484
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

504 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
IMBWIxzlWq
t.co/ 		406 B
723 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 15 Dec 2021 19:49:01 GMT
vary
Origin
server
tsa_o
expires
Wed, 15 Dec 2021 19:54:02 GMT
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
235
referrer-policy
unsafe-url
content-encoding
gzip
x-xss-protection
0
content-security-policy
referrer always;
strict-transport-security
max-age=0
x-response-time
128
x-connection-hash
0a7dae440dfb54af634a6401b5b0032353ed317744126f6062683406c18dfc86
Primary Request hackers-using-malicious-iis-server.html
www.aiupnow.com/2021/12/
Redirect Chain
  • http://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
  • https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
302 KB
57 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1b1b92a4c0234d53798901f1e3c471cd982ad4cf646b9505484d0e873c728e88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://t.co/IMBWIxzlWq

Response headers

content-type
text/html; charset=UTF-8
expires
Wed, 15 Dec 2021 19:49:03 GMT
date
Wed, 15 Dec 2021 19:49:03 GMT
cache-control
private, max-age=0
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
etag
W/"fb9de84564f5fb89ea07f81b31b74fdca36f4721d1580f2f3bbe4d1be0d4b6e7"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
57745
server
GSE

Redirect headers

Location
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Content-Type
text/html; charset=UTF-8
Content-Encoding
gzip
Date
Wed, 15 Dec 2021 19:49:02 GMT
Expires
Wed, 15 Dec 2021 19:49:02 GMT
Cache-Control
private, max-age=0
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Security-Policy
frame-ancestors 'self'
X-XSS-Protection
1; mode=block
Content-Length
207
Server
GSE
1529571102-css_bundle_v2.css
www.blogger.com/static/v1/widgets/ 		35 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcd5919bf34c7672ee85e44fd8c6a695a7ffbdd2126f4e54caecca5ca6996eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:22:16 GMT
x-content-type-options
nosniff
age
12407
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36071
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 15:51:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 15 Dec 2022 16:22:16 GMT
dmedianet.js
contextual.media.net/ 		282 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CUN68BAV
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ba96031e2dadf75a257596e171d35c3415967806af6a80023b736f7101cc47b5
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-mnt-h
8-8
content-encoding
gzip
server
Apache
etag
"30bc6e6d7875b522b17aa0b5f801f6c5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Wed, 15 Dec 2021 19:49:03 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-16
expires
Wed, 15 Dec 2021 19:54:03 GMT
shareaholic.js
cdn.shareaholic.net/assets/pub/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
3077cb5e37d8dc041b829c7f823616f6433006e6cc7aa94e2e44692b20c2c720

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:49 GMT
server
nginx
x-amz-request-id
G0NTQ4JM99C3RKBP
etag
"90e9d5610fc8e91cef45750757b9d1a7"
x-hw
1639597743.cds125.fr8.hn,1639597743.cds126.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=1200, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
4264
x-amz-id-2
JfF2RI0ha1Ju+Ba8s7sua+QXfTJTc9fBGAzKXkpKME+9cccU/wj0Wy1MFmhXalGenzz214PESsw=
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:52:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33576
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Dec 2022 17:52:53 GMT
apple-touch-icon.png
4.bp.blogspot.com/-OvGRVWKCtEI/XrFSUNK8zTI/AAAAAAAAf-o/RxScepL4BaQynp6TJIZk-zO6PMljMoB4wCK4BGAYYCw/s1600/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-OvGRVWKCtEI/XrFSUNK8zTI/AAAAAAAAf-o/RxScepL4BaQynp6TJIZk-zO6PMljMoB4wCK4BGAYYCw/s1600/apple-touch-icon.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c1dd3ae27cd0cf43059c6571c71a67429c3071d2fba84eba2d62809aa38ba3d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="apple-touch-icon.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38044
x-xss-protection
0
server
fife
etag
"v7feb"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 15 Dec 2021 13:02:29 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9c2496a76cca88ef04c83ef7dea55cd0cf86709cf0616916a092905aa5373117
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51874
x-xss-protection
0
server
cafe
etag
6637502910117651737
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 15 Dec 2021 19:49:03 GMT
icon18_edit_allbkg.gif
resources.blogblog.com/img/ 		162 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.blogblog.com/img/icon18_edit_allbkg.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 10:59:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 14 Dec 2021 03:14:52 GMT
server
sffe
age
118155
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
162
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Tue, 21 Dec 2021 10:59:48 GMT
infolinks_main.js
resources.infolinks.com/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be2316898d8695e-FRA
date
Wed, 15 Dec 2021 19:49:03 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 15 Dec 2021 14:45:02 GMT
server
cloudflare
age
3831
etag
W/"d66-5d33059cfc081"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
content-encoding
gzip
expires
Wed, 15 Dec 2021 19:45:12 GMT
platform.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
36a79135803869f257cae495ca43ee3d321aaaa2ea929856859444522d64cca8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nw5fq/+w3amRPwpWHROtoA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"ab30921c980527979f1cb8c5e858f5b2"
x-frame-options
SAMEORIGIN
report-to
{"group":"ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-nw5fq/+w3amRPwpWHROtoA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"
expires
Wed, 15 Dec 2021 19:49:03 GMT
tumblr_static_8ivylfvb6r4sw840g0cc4k0s8%2B%25281%2529.jpg
4.bp.blogspot.com/-6CyFYpbgHns/XbbfhTPasCI/AAAAAAAAbl0/FSPC-1XBPZkDRPA36WlpLde2w8pzROJegCK4BGAYYCw/s1600/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-6CyFYpbgHns/XbbfhTPasCI/AAAAAAAAbl0/FSPC-1XBPZkDRPA36WlpLde2w8pzROJegCK4BGAYYCw/s1600/tumblr_static_8ivylfvb6r4sw840g0cc4k0s8%2B%25281%2529.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e9c61cb3ab5d2bcfbf8ebddad7f6c531ea3621fc5ab2adfe61a51f479fc3b69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="tumblr_static_8ivylfvb6r4sw840g0cc4k0s8 (1).jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55898
x-xss-protection
0
server
fife
etag
"v6e5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Fri, 10 Dec 2021 07:52:54 GMT
cookienotice.js
www.aiupnow.com/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/js/cookienotice.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 17:54:09 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
2026
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 22 Dec 2021 19:49:03 GMT
69353044-widgets.js
www.blogger.com/static/v1/widgets/ 		155 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/69353044-widgets.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fe452f57f319d6891a1e4119aa5c860fd59dc23f280351bd805a731ae835d55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:21:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12435
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57252
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 15:10:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Thu, 15 Dec 2022 16:21:48 GMT
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
WSk33mJ+Pp+AJK3rNW8pBeAtKHBPMy8+P6sS+gEljGedZfbSbDlIuHtOzszpdHEnw56X7+RgXhG90gbZxlT3Hw==
x-fb-trip-id
2050670934
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 15 Dec 2021 19:49:03 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
bg1.png
1.bp.blogspot.com/-0bObXH0-WHI/VmnwwA4dQiI/AAAAAAAACVY/NEHl0xoZ58s/s0-r/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-0bObXH0-WHI/VmnwwA4dQiI/AAAAAAAACVY/NEHl0xoZ58s/s0-r/bg1.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8b82f883c1cd11ad9b0f4cd6cea48c70c84a84f41c57ee6e637417ef78182f50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:17:28 GMT
x-content-type-options
nosniff
age
1895
content-disposition
inline;filename="bg1.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5069
x-xss-protection
0
server
fife
etag
"v957"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 06 Oct 2021 17:59:18 GMT
main.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		147 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
10ae4d64b0c71483f2e7214da1da2b2f86279ad766492a028146d6e0623e230c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
G0NVJ6H0HP8GNGHM
etag
"c786ff130fd3e1a456555bb66b7a746f"
x-hw
1639597743.cds151.fr8.hn,1639597743.cds201.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
42511
x-amz-id-2
UH7DmSnm+N46phwWcT71PY+sQ8g+ecsxvmVOE8lYpxYzaUdSSDSJlsJox81y3+LMSuVXmJXL/5I=
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2877
date
Wed, 15 Dec 2021 19:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 15 Dec 2021 21:01:06 GMT
css
fonts.googleapis.com/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8dcb8e128bd3aa982b2fe3a53685a5a6fe9ad4f6ec590611052b74813631e5f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 19:49:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:03 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617
age
5971743
cdn-cachedat
2021-07-24 08:09:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
1b00e9671224b437bf3914cf33baf521
cf-ray
6be23169ae354ac2-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
authorization.css
www.blogger.com/dyn-css/ 		1 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7525488504328308640&zx=b1715448-b0db-499b-be96-20ef0dcb2cab
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 19:49:03 GMT
server
GSE
date
Wed, 15 Dec 2021 19:49:03 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
e68e51f46304cc485d7732b4cf6276c7.json
www.shareaholic.net/config/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.shareaholic.net/config/e68e51f46304cc485d7732b4cf6276c7.json
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.197.98.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-197-98-98.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6e6221f8603843e33aea69f1eff610fc753d5689ce75d5324f27144a10cb475f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-client-geo-country
DE,Deutschland
date
Wed, 15 Dec 2021 06:29:56 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
content-length
2066
server
nginx
x-client-geo-region
x-client-geo-metrocode
etag
W/"6e6221f8603843e33aea69f1eff610fc"
access-control-max-age
2000
x-client-geo-city
x-varnish
311079817 296597667
via
1.1 varnish (Varnish/6.0)
access-control-expose-headers
Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control
max-age=3, public, must-revalidate
x-client-geo-zip
accept-ranges
bytes
content-type
application/json
access-control-allow-headers
*
x-client-geo-latlong
51.299300,9.491000
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 		276 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101734
x-xss-protection
0
server
cafe
etag
4507154694380913909
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 15 Dec 2021 19:49:03 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 415C 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 18:37:20 GMT
expires
Wed, 29 Dec 2021 18:37:20 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
4303
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
2653164334924589
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2653164334924589?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
edd44cad5cd50082407878419dee3031955cfb380d85653ce1100cea73bf9eef
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
ld9FWruKxha+0JkgHvoaMFI052V85dyYFnkDoObHyZScNLQsdEEkZ80+Lt7dz24o5rd+m2n8+59833comFrQjQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:03 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f5f4567c313a2f5bddbc5270cc6371fd6b2ff354d1055b4ea734004fc4e661c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
gUug4AM3gPCuwZ4/s8Ry4w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Wed, 15 Dec 2021 19:51:34 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
AyeVaMFpRq7RpttzVUY8NtvnHqaEbHToBCA19x//HfEXDHgDL/DA8hsUAdeawuVcOjAy18YXLRM4YmFr7y8UQg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
8ebfc166db4cf6118f4493956ba1bf2b
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:03 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"a7f9ecb71b7896dfe08ee2d243a04f31"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
embed.js
sigma2.disqus.com/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sigma2.disqus.com/embed.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
a47701112f705af40272aa6f5f6d7ac1e442e8df2c8c6a2d4ea51ee710558b58
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:03 GMT
Content-Encoding
gzip
Server
openresty
Age
60
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router_gunicorn
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
24631
Cross-Origin-Resource-Policy
cross-origin
ice.js
resources.infolinks.com/js/1769.027-3.025/ 		207 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/ice.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be2316a3d9e695e-FRA
date
Wed, 15 Dec 2021 19:49:03 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
4268
etag
W/"33cca-5d2d8ec5512a4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Fri, 14 Jan 2022 18:37:55 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 10:59:22 GMT
x-content-type-options
nosniff
age
31781
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:48 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 10:59:22 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 718
age
4110587
cdn-cachedat
2021-08-02 20:43:32
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/woff2
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
28557335b4662445583b1248d894b0b8
accept-ranges
bytes
cf-ray
6be2316a581d4a8c-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 00:14:34 GMT
x-content-type-options
nosniff
age
70469
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 00:14:34 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:12:20 GMT
x-content-type-options
nosniff
age
85003
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7900
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:02:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 20:12:20 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		178 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d1fc50d5f0b1a77ffe652c36310574123f7cd3871798d5a74aac8d09c3f455d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 17:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
353327
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60347
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 11 Dec 2022 17:40:16 GMT
x7zgqmr
www.dailymotion.com/embed/video/ Frame 8C76 		0
0
page.php
www.facebook.com/plugins/ Frame 1C79 		0
0
/
open.spotify.com/follow/1/ Frame 5ABF 		0
0
mjI0tjt
snd.click/ Frame FF08 		0
0
authorization.css
www.blogger.com/dyn-css/ 		1 B
43 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7525488504328308640&zx=b1715448-b0db-499b-be96-20ef0dcb2cab
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 19:49:03 GMT
server
GSE
date
Wed, 15 Dec 2021 19:49:03 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
repeat-bg.png
4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/ 		229 B
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/repeat-bg.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2baf0db4101196df611d843d4741b65c2ebde9d4d458196ab9fb71039d8ccec7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:36:53 GMT
x-content-type-options
nosniff
age
11530
content-disposition
inline;filename="repeat-bg.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
229
x-xss-protection
0
server
fife
etag
"v9cf"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 17 Nov 2021 20:02:56 GMT
tag.js
mc.yandex.ru/metrika/ 		194 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
debb229daffbe34e17c32f8d56a72dfa9ba4debfcfcb330e733bf56d88da117c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-encoding
br
last-modified
Wed, 15 Dec 2021 16:08:50 GMT
etag
"61b9e8e2-107fa"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
67578
expires
Wed, 15 Dec 2021 20:49:03 GMT
default
www.aiupnow.com/feeds/posts/ 		95 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&max-results=5&callback=jQuery111003603580231294272_1639597743012&_=1639597743013
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
df6f3992abf84b1b883f4523ac496959660a53c8a3e3146554f034737e508fb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"8b3360978fde67360ef0e1cc4b0817a8462ddfcae096ba75950155288db01119"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
28535
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
Microsoft
www.aiupnow.com/feeds/posts/default/-/ 		74 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Microsoft?alt=json-in-script&max-results=4&callback=jQuery111003603580231294272_1639597743014&_=1639597743015
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
65cfaa60d6857e6a60e16948ae87edd6435de9685995a7225c990d7cb4883d62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"809720d6b99cfdad82c9c2636d7b6eb8aa82cdf652dbe516b2883fd6ad049b7a"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
22813
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
Amazon
www.aiupnow.com/feeds/posts/default/-/ 		84 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Amazon?alt=json-in-script&max-results=4&callback=jQuery111003603580231294272_1639597743016&_=1639597743017
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
a485164ab6c5690a6867e196eb1a24d83220da26f449d00d88eb0f824776ba2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"6a3bbb2deb915ab52b4410f5dddef23f74e8069116b524d59907a982bbf736b9"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
24592
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
Apple
www.aiupnow.com/feeds/posts/default/-/ 		77 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Apple?alt=json-in-script&max-results=4&callback=jQuery111003603580231294272_1639597743018&_=1639597743019
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
820f60bf856afb39a4e051cf83308916bba639d142840980a093c5ae6b2cb9c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"18ff682ad2def1b8b0e03a53d114562c7b03bb59286fbfa2b7333652123a16fd"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
24206
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
VR
www.aiupnow.com/feeds/posts/default/-/ 		132 KB
35 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/VR?alt=json-in-script&max-results=4&callback=jQuery111003603580231294272_1639597743020&_=1639597743021
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
03037c6390042a7077da85d3d54f36bfceb749d1cf9ed9f53c88e2b0ff6f2744
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"8754f4f2e4bc74ae9a6d38b89209d176da00e8747786c21adc5588fe188fd2a9"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
35350
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
x7zgqmr
www.dailymotion.com/embed/video/ Frame 0604 		26 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
e4338d17f0899a6f31b93800fec46ce8d5b0dd408ddcbc162bda3650c92c07c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
9420
Content-Security-Policy
upgrade-insecure-requests
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
text/html; charset=utf-8
Date
Wed, 15 Dec 2021 19:49:03 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Link
<https://static1.dmcdn.net>; rel=preconnect
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Server-Timing
total;dur=139, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
page.php
www.facebook.com/plugins/ Frame EE24 		14 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
be78cc9192327da4d09822a1097454300ba38f4a0ae20256d0e31c111fa6d050
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
nKkgRnh90FjYaTw/W1TPf9WCbbALoBYyj3G+GY6cJec+33wfHeUayno5/U5BPjVqlayaaSuz5XJ9vUypuvVhSg==
date
Wed, 15 Dec 2021 19:49:03 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
1
open.spotify.com/follow/ Frame 11ED
Redirect Chain
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
2 KB
966 B 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
d0d730ac7b9fa74a2c09a58125fdfd317b367486c40ea60e424f959bff191274
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
0be36dd8-2776-4326-91be-02763a3f7d08
content-encoding
br
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
6940dfb3d7eed3e5
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

date
Wed, 15 Dec 2021 19:49:03 GMT
content-type
text/html
location
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
4239e6546897bd4b
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
vary
Accept-Encoding
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
mjI0tjt
snd.click/ Frame D08B 		44 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://snd.click/mjI0tjt?embed=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4ee951553f418f4350146ba094addcef1b03546805e374775ad3583888b194b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
content-type
text/html; charset=UTF-8
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BABcIi%2B2N4Am6CYkd3uslXKSTAutBmy5QOhlNxdNYkJcePe1xiVlxCruo1dF%2BPzMPh7eMwedA4y2y5m3Ep9%2BEdFFV3Y4uK%2BnhF9qiyz4tT2zAiT%2FGeauAuZosQlW8mXLZw6%2FqL8wgsw%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6be2316ae8561762-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 17:53:46 GMT
x-content-type-options
nosniff
age
93317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7776
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 17:53:46 GMT
default
www.aiupnow.com/feeds/posts/ 		299 KB
76 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&callback=jQuery111003603580231294272_1639597743022&_=1639597743023
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
af380d2f27801d0e97291c84df7fb4fb0fc79366e0f1dc3785876b3a2b72ef3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"281fcd3de1ab1c0e9cc7b46797cfe12c3609c7c67994e4d5726b8dacb7b8cbd0"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
77284
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
london-based-fintech-startup-toucan.html
www.aiupnow.com/2021/12/ 		300 KB
56 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/london-based-fintech-startup-toucan.html
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c24111290c8ad7c12a85ed464ef68ad03a73b6f96a605a626b511709f34a326a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
GSE
etag
W/"fb9de84564f5fb89ea07f81b31b74fdca36f4721d1580f2f3bbe4d1be0d4b6e7"
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0
content-length
57310
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 19:49:04 GMT
hamburg-based-dealcode-nabs-1-million.html
www.aiupnow.com/2021/12/ 		300 KB
56 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/hamburg-based-dealcode-nabs-1-million.html
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c7fc79ad0d9fd7c1b846e2d87aac2c09c80515296b8bd03989251c4e0eb5d4a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
GSE
etag
W/"fb9de84564f5fb89ea07f81b31b74fdca36f4721d1580f2f3bbe4d1be0d4b6e7"
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0
content-length
57355
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 19:49:04 GMT
noreply@blogger.com%20(Ravie%20Lakshmanan)
www.aiupnow.com/feeds/posts/default/-/ 		78 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/noreply@blogger.com%20(Ravie%20Lakshmanan)?alt=json-in-script&max-results=3&callback=jQuery111003603580231294272_1639597743024&_=1639597743025
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
73df259f168272b36c586a2d32c19667909858989f45e0f05d957b4394b7cd7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"5cbb01f3269050ab3cad963bd654f5f109e09d99e3df8215953e52e7bebc728c"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
24266
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=ytsubscribe/exm=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=ytsubscribe/exm=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3a5a376ad9d79b81a594792447a2e228ee3610350d89960c7d7606669c594fd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:13:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16504
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10025
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:13:59 GMT
cb=gapi.loaded_2
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		76 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_2
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf982d883df5960372888dea0fad2d161a0b97e1ad17342fb9edf73efdd2db21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:55:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
89627
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27248
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 Dec 2022 18:55:16 GMT
subscribe_embed
www.youtube.com/ Frame 3DCB 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d6b9bfef5c42ff82acb968c5834ebec8ac2295f1604e2f890a80dc043f3a70cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:03 GMT
strict-transport-security
max-age=31536000
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
manage
router.infolinks.com/usync/ Frame 80D3 		9 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
218558585458a13a0561c9747e86fc90db372981a72ba884d87af47e8b3ce13c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-type
text/html;charset=UTF-8
cache-control
no-store
p3p
CP="NON DSP NID OUR COR"
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6be2316bdabd695e-FRA
content-encoding
gzip
lcmanage
router.infolinks.com/usync/ 		0
44 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6be2316bdac2695e-FRA
content-length
0
gsd
router.infolinks.com/ 		312 B
542 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&jsv=1769.027-3.025&ref=t.co%2FIMBWIxzlWq&_cb=16395977433250
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b93578e19093ede2326835d09ec858ab090d8d7a5904c9d16fec43023116965f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/javascript;charset=UTF-8
content-encoding
gzip
cache-control
max-age=0
cf-ray
6be2316bdabf695e-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT
sdk.js
connect.facebook.net/en_US/ 		284 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=28f9a6f9eaf42320ac8b003f19c333a0
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7facf2245c205aa00dc3964963980dff1510da9cc72224400ee4e94e1001511f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.aiupnow.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
P8Gu1X5WCeFMJygM0SIjqQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Thu, 15 Dec 2022 17:27:54 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
81991
x-fb-rlafr
0
x-fb-debug
E7iIZTfhJwlLVLlNgiKRhHuJipgkVEMr9Bj3Yjpnh9hHTY3WgkrQb+T0cBfE1UaNoBtyLSVm3Jm+1azjTyYyJg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
da6a90369335e5e3391be5be62bff621
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:04 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"35eca3b658760da75c19e7497ebe3592"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ 		0
26 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678117
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26065
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-65d1"
content-type
text/css; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
986zwz43n82_AYFYw_iNs4xWn0Fzz1ivLfDi7EucErZRtwTmzNPzVg==
x-cache-hits
0
common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ 		0
93 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 14:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4424614
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94779
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Fri, 22 Oct 2021 00:26:02 GMT
server
nginx
etag
"6172051a-1723b"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 25 Oct 2022 14:45:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
v31HNoBXQbhdTcG-Ts1hB2uXcLMoo9tot5t7sq7c7J-N-3wqtz927A==
x-cache-hits
0
lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ 		0
121 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678117
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
122873
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1dff9"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
21ixlGhyVuDHfc3Ncv6pgKMOPTwORVu2IXoas6BCN94V5jKM0puqFQ==
x-cache-hits
0
config.js
disqus.com/next/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
28
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
recommendations.js
sigma2.disqus.com/ 		63 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sigma2.disqus.com/recommendations.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
aa975a57e5fafd69c188ddb02081e13d144c002a44c02aac4145d8f9fb2b5941
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:03 GMT
Content-Encoding
gzip
Server
openresty
Age
3
Vary
Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service
router_gunicorn
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
20889
Cross-Origin-Resource-Policy
cross-origin
cookie.js
partner.googleadservices.com/gampad/ 		215 B
644 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.aiupnow.com&callback=_gfp_s_&client=ca-pub-1342347843351338
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
4afb6c2a02ed87cd4be2668e56a809f76b0de7b0101abc6d2746bee1cb722338
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
200
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 539E 		436 B
234 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743050&bpp=19&bdt=315&idt=337&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=4428376513156&frm=20&pv=2&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=rREeltNLRA&p=https%3A//www.aiupnow.com&dtd=359
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
55f15f6a124147534f184495c928c994aa90e6854244c1aba298209e890a3f6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:04 GMT
server
cafe
content-length
211
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:04 GMT
cache-control
private
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1847792234&t=pageview&_s=1&dl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&dr=https%3A%2F%2Ft.co%2FIMBWIxzlWq&ul=en-us&de=UTF-8&dt=Hackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAAC~&jid=303388461&gjid=1117416387&cid=306171407.1639597743&tid=UA-135957145-1&_gid=898670481.1639597743&_r=1&_slc=1&z=896979209
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
BTkG/g0SHnMAwq6MGHZUV4sLg5Y7NyQLz0E/SjVCkm/JujK5OMVniTAlHcHc3CAxOTAph23K2StD2cHjhozMrw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jDK2RmUmxKEopUc+nY7sBVl3WrWzIm0YfTbEwhHFqGjrh/Ql/2dqLrbPSwNCYpSKEKxIMHElNNQjw7mOYyPrxw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jx1D1mc8AtZYlKrdXr7b8xslBd0Jqt5kKqoK3KwKKHY90KGNOClRRQeRcMUS+sYhYdwsXOSFTbnMyNyF8zRDYw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
bk8pkla5rVyboJZEb1fkfvamoj4WKCloRiPKiKlNSR+BRW/aB7xoeT3fvKgjwke1CHc6xSOGTj77SVUSOdO4Uw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
JgCoJ9ww6jlhhhSjcv2VPwW+tpgB9K3m/XMmHoIV0SehNwjBul7tU6jMs9ra0Ktt3mQHi1tsxalVRWMlPw6brQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
35 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
CagryQAy0BZe6qrPfIFiAedfbLFgJNvAlK1GJDE+dwpCfEBXRRFyKCDvJbMX/mQh/CHbvSSaXgTglChQzsNr5Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jMQaELtkX781mIq/dZHtK2GsJFHZkagnmZcGs2mozmvEx7cUKOFlw89/x9UFDjAoajzE4F9nT9ehPorEEX+vdw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
+p+f0E6lJYEpFhAGChppkH7Uf+Jo3iCaDbEpBezm2VHHiSpj399+jRkCBoBOf+Typ1ibTXOU607TAg4BiINLnQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
TbziYn/tvJRGptZYn8N8v1i828mxEgsmVNeV6nBBssUdEDfSMnA+jmiIw8dFpMZwqAZLQAUdnueVGMkjrs5Sww==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
32 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
23rubCix/HlITQIwoQdbYYqa/vBx9G+9RRKAC/zRDrvXP4Ja36Lfo8j5+kodYhw6/EryA4YWHYkWoaY3lbVJ1g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Y/VvywQM0v0j7CaZAaS9TW7oWMGty/ymXiubW7mwxIz9UDFJq4YUyBU8T6x+euUQic4+ZgfiakZGuUYCOWLqBg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
b5gRPDMn8YE7oc/416FpdOMkWgI3A5/r1wqKS5EDFsHpJyk2qcpapjf1BFB3ATjjDACppsJGVAChNYuTjkt0mg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
z72hNAXRqqBsDmKwIcN6nGL/b4IfbPgcD1ufOez8fCQirWLsJIkM5+KJ+2ZQy7xVKcHKq44Wh97Mk2gSyVxnvw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
v73YlnpgVxiQMm//QWLXfQT9N45NsfJvm59k1Cc+F2ToZuvr2igr4Kz0IpHE9RcrC8Q5hJ9QTSESai1a8VXNqg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
aQ9d0xA8SG70sV55nhtpVDZ4vlCy0ZKzKBWk29EuHz26Hin6yU6WUk5CmBMuZ0eKUtmsY4mnYEVR/3BYXhcAfw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
smCz9+b84neJPlNn1fP0Jdjhr7kSiPT5PWdViRA/7nsK4q48hdCCkrGK2A7wcLwj/P2L4nqJ/kkHDiTkvyJ0hQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
/vS4tEPSZnfyuM8HybmYb6VQ96TwhtvJ74EY3ymNQLwgp/dfEJu/SaFenL41aD/Ee8jT1A0s5M9HyWizjdNU8w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Gaqu/ScYluJBxiGNWW0wKF3cXi5YWh3sBixGr0vnzYkQm9QS+x3jf4jBSCcTa6VyIrlWbjE/XBaJeP5K3qqaWg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Md1KkwGpxj0rhS6oxUsaBAYkknuZD53sJGC3l2dcDVMUFCLlfx9EkaZTgFB71wg61h8soBVd8x3e3gSX4ZBU0w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
fTHFO2opkg5hSdFJ0pIOU4xkuZUVK9f90zz5wWfdN/1yCtVfq+LnMhvRjMEHKMXUkkmht5fI1aa22tfJXkHaNQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame EE24 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
E0Lx3smhoxYUbefFC5WT/1HCtZwPthdAZVb1fNyFYiejZ9nAogchNk7WRq9guw8I7uBP5OAfd8pq3mMUV11pzw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
ads
googleads.g.doubleclick.net/pagead/ Frame 7160 		111 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d04e41f347a0c072b8fbda7b4fb05e8372ce42a0ac1a7c06859ee195bcfa0161
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM2z98jJ5vQCFZKFpwodNpcO0Q&gqi=sEa6Yf_CBoqktgez_JzYDQ&layout=/sadbundle/%24csp%253Der3%24/11774447946055422554/728x90/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM2z98jJ5vQCFZKFpwodNpcO0Q&gqi=sEa6Yf_CBoqktgez_JzYDQ&layout=/sadbundle/%24csp%253Der3%24/11774447946055422554/728x90/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:04 GMT
server
cafe
content-length
39017
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:04 GMT
cache-control
private
lazy.min.js
www.gstatic.com/feedback/js/help/prod/service/ 		79 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c0f1cce1d9f37c25fa9ee1e57c0f4308de2835d5083048c959b13b2cde60ef9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:05:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2626
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28818
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 17:14:26 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="product-feedback-gathering"
vary
Accept-Encoding, Origin
report-to
{"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:55:18 GMT
e
analytics.shareaholic.com/ 		43 B
380 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.shareaholic.com/e
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.204.113.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-113-242.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Content-Security-Policy referrer always

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
vary
Origin
p3p
CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
referer-policy
unsafe-url
content-security-policy
referrer always
content-type
image/gif
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2653164334924589&ev=PageView&dl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rl=https%3A%2F%2Ft.co%2FIMBWIxzlWq&if=false&ts=1639597743555&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1639597743554.1579516857&it=1639597743115&coo=false&rqm=GET
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Wed, 15 Dec 2021 19:49:04 GMT
/
disqus.com/embed/comments/ Frame B5F5 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4bd97569f19339108d50e204a239bf8a3659823bc4a4c6011cc6a686ad5e4922
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Connection
keep-alive
Content-Length
2801
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Wed, 15 Dec 2021 12:18:33 GMT
ETag
W/"lounge:view:8927097210.bbad8d8423660e7c629bbb0b0793d7d0.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy
no-referrer-when-downgrade
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Wed, 15 Dec 2021 19:49:04 GMT
Age
0
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
ads
googleads.g.doubleclick.net/pagead/ Frame 9422 		110 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f3647ef8db4ecac64239b02b6c3a665dd727436d8ba4648ff3132aa629471670
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJWB_cjJ5vQCFUOFfwQd5_MIxQ&gqi=sEa6YdGXDIuQtwfPuZigBg&layout=/sadbundle/%24csp%253Der3%24/5954505054832724118/728x90/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJWB_cjJ5vQCFUOFfwQd5_MIxQ&gqi=sEa6YdGXDIuQtwfPuZigBg&layout=/sadbundle/%24csp%253Der3%24/5954505054832724118/728x90/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:04 GMT
server
cafe
content-length
38826
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:04 GMT
cache-control
private
sharebuttons.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		178 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
956c937c18e92293c7ef920d33914118c5c3b5930f608c9f59b76367d9c409d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
XKBQ0ZCJN8T0JWWK
etag
"1b7d36dcdcb5fe22c177a72eb41a6b49"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds221.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
37690
x-amz-id-2
Gpfzu1c4HAvB7tTGwj6ocC3HVzfzugMQF8tVDDiT2Gza64pyG3I2rbcEEdMmfssrqA4GsQfkf8U=
recommendations.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		92 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/recommendations.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9904ccc112b0cbf11bac902cb4c91ce4af8398396917bc1d3d8dd5d355ace176

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:47 GMT
server
nginx
x-amz-request-id
XKBP8GA4DSG80AM6
etag
"124b1ddaa6b830a55e18ae7f9c66309a"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds151.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
12739
x-amz-id-2
QubKB136HUDrXNwKBkh3KlnGViIKNFVgsGCDdwlXpKDATcA4jCIIWdTdi9KG3VrFt+NCSnhECMw=
cookieconsent.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/cookieconsent.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
34fa06f4b9082afd593822ef7a15e41e2df8c335d9e696ec864c061cdabe483b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
7N3JWBEJFKDYPN0N
etag
"c9aa93e9b05376764d3741510358494e"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds101.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
2370
x-amz-id-2
EJSjooTlbls7VGIS73GsWrI41+kM3mrP/xSufVGfnIlM40OeIkWpdmDf94hQU8ysvISyF4AIWVM=
affiliatelinks.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		991 B
810 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/affiliatelinks.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
bef5318f625cf3dad8e4db35a1eb5a8548dae2317569c5aa4647e8a198cdd60a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
XKBTD0Z08RQT9KR3
etag
"481e1d8072d6fefe9f42b0f9898cd18e"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds135.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
594
x-amz-id-2
EzqYPFJ4MH4ddsTqnvHB5sWOBUYQTKawP8P+CERXgfj2TZ1RZSWZPpfumdzONMl3L7S9M2EYoXM=
anchorad.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/anchorad.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
be43a684a99f6071923acef248515dadee8bf4db7cc059aed54dda51b6d3dd44

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
7N3VTG63QCXWKFNG
etag
"f475b56277bd3553e78cf2bb834126b5"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds154.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
2637
x-amz-id-2
eAPqZMT1zzAPjvIIjpk3VzgSvvnxAzJ6w4UdR7lJL9DSnLFvZVeLyFIsGRV+w6nJng8x6viRJ4s=
adminbadgei.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/adminbadgei.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
d50b115ed15f11d96d3ab369d091db9bf261ff6a41ee29ef08599464913bb0d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
STCS4WHZSC5A0EK4
etag
"1a370075234e5a4741e8e74bf7eab3b9"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds138.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
4076
x-amz-id-2
aIrtMxvgpwZpf9ZraMhjESwfu5mnJ8lN7pg+W/zXfgdSgAivkflTgIOlMUQKxN6qRACTZhmIDAs=
partners.js
partner.shareaholic.com/ 		0
265 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&referrer=https%3A%2F%2Ft.co%2FIMBWIxzlWq&cl=en-US&id_sync=8ab3716c-38ad-45d0-9f8d-5b74589b8490&minify=1&pvs=1&site=e68e51f46304cc485d7732b4cf6276c7
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.147.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-147-136.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
vary
Accept-Encoding, User-Agent
p3p
CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=utf-8
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
postmessageRelay
accounts.google.com/o/oauth2/ Frame FB0B 		566 B
859 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
23b53255f879259fe33fe23182c181a0963b64ec21de2e6dc797e0821d0d8e80
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mITVBnrSufSzRBUEVKMSpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:04 GMT
content-security-policy
script-src 'report-sample' 'nonce-mITVBnrSufSzRBUEVKMSpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sync_cookie_image_decide
mc.yandex.com/
Redirect Chain
  • https://mc.yandex.com/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9488.u9QiLKA15-Zp90hWrnnqKvwGICrR59o8V8tMA17Upa7KmMnQGbOhnEkdNypFQz0c.qrGQ45iUqUsKZRO5yqTdul2aliY%2C
  • https://mc.yandex.com/sync_cookie_image_decide?token=9488.sO-nchbm0oTybXYLQPbKWSFMza7fafjeUG5sXN3qUUSyf3IodqgTdEFgKQXwWURXeGz3scsVAKyCcuwPN2diQQ%2C%2C.40oReDj0HmRbB2BDuYg2zJJq_Uw%2C
75 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/sync_cookie_image_decide?token=9488.sO-nchbm0oTybXYLQPbKWSFMza7fafjeUG5sXN3qUUSyf3IodqgTdEFgKQXwWURXeGz3scsVAKyCcuwPN2diQQ%2C%2C.40oReDj0HmRbB2BDuYg2zJJq_Uw%2C
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=31536000
content-length
75
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8

Redirect headers

location
https://mc.yandex.com/sync_cookie_image_decide?token=9488.sO-nchbm0oTybXYLQPbKWSFMza7fafjeUG5sXN3qUUSyf3IodqgTdEFgKQXwWURXeGz3scsVAKyCcuwPN2diQQ%2C%2C.40oReDj0HmRbB2BDuYg2zJJq_Uw%2C
date
Wed, 15 Dec 2021 19:49:04 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
JQb9M84BqIm.css
www.facebook.com/rsrc.php/v3/yN/l/0,cross/ Frame EE24 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yN/l/0,cross/JQb9M84BqIm.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5257f6397ef05fa34f2658be967345dac7937800cdf382bd8635e31384296191
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:43:23 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
R4Tr9HQCAgXf/SarMAA6/w==
document-policy
force-load-at-top
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
4856
x-fb-rlafr
0
x-fb-debug
uvYccJZ1P/CGA3efqdfWIJD+7OajM3cizbWHISVkb+utPqG4KIuBPY5ISUyWjFvW6YQQ0yZ/HHZ8FByYq5ErNg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 15 Dec 2022 15:43:23 GMT
www-subscribe-embed_split_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 3DCB 		38 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467269
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6066
x-xss-protection
0
last-modified
Wed, 18 Nov 2020 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:15 GMT
AKedOLQvEGQZieCyCYqn0YCdtdRHEg6M0BUtm3bgWYwWIQ=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 3DCB 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/ytc/AKedOLQvEGQZieCyCYqn0YCdtdRHEg6M0BUtm3bgWYwWIQ=s48-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e7a4de80dbec3e143eea735672c7a5aff8303e551c431f479f7e9f8b6c20b78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1675
x-xss-protection
0
server
fife
etag
"v9f"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 17 Nov 2021 13:50:29 GMT
www-subscribe-embed_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 3DCB 		252 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467268
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
73785
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:16 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0D04 		67 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
176209b1815099692da9c6a42ab1941aef125c2294747bdb167463567b2a7adc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:04 GMT
server
cafe
content-length
22686
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:04 GMT
cache-control
private
dmp.jq_flight.3033f0d7176196134921.js
static1.dmcdn.net/playerv5/ Frame 0604 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.jq_flight.3033f0d7176196134921.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
288694
server-timing
total;dur=0, dc;desc="dc3"
content-length
14940
last-modified
Thu, 09 Dec 2021 09:16:40 GMT
server
DMS/1.0.42
etag
"61b1c978-a5dc"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
8e6a855c5e39190285be5ed851036930
expires
Tue, 11 Jan 2022 11:37:30 GMT
dmp.manifest.a8563fface00cf3c9b95.js
static1.dmcdn.net/playerv5/ Frame 0604 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
a2c0acdd5bc625dde811cbe3d364688921eef737a6663a070cef6995a4fdb84b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
15883
server-timing
total;dur=0, dc;desc="dc3"
content-length
2043
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-1085"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
6362eaf7b2fda288119f785fdb5c4e64
expires
Fri, 14 Jan 2022 15:24:21 GMT
dmp.vendor.dc19b5e1e17ebe5b97db.js
static1.dmcdn.net/playerv5/ Frame 0604 		332 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
50f875818c12b4bac50d2ac2bb80e0edab07d6172d77641c305daf077f2c34ad

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
15883
server-timing
total;dur=0, dc;desc="dc3"
content-length
102538
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-531cd"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
0ea9273a3b4eea90234932dbc165ed18
expires
Fri, 14 Jan 2022 15:24:21 GMT
dmp.main.6d671f5d9b1fba0ca616.js
static1.dmcdn.net/playerv5/ Frame 0604 		210 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.main.6d671f5d9b1fba0ca616.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
db01487388f15a4c0cb6c6e28ca365fc9a9e0855a90894665baa6f582c9e50b6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
15883
server-timing
total;dur=0, dc;desc="dc3"
content-length
49333
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-347b9"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
98711ca1251135675d7db2ab5c3f30c3
expires
Fri, 14 Jan 2022 15:24:21 GMT
dmp.svg_critical.2202bba64ea46ecc7424.js
static1.dmcdn.net/playerv5/ Frame 0604 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.svg_critical.2202bba64ea46ecc7424.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
15883
server-timing
total;dur=0, dc;desc="dc3"
content-length
2586
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-2da4"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
29406b1394b60ec07a968712b3949881
expires
Fri, 14 Jan 2022 15:24:21 GMT
advert.gif
mc.yandex.com/metrika/ 		43 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/metrika/advert.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
last-modified
Wed, 15 Dec 2021 16:08:50 GMT
etag
"61b9e8e2-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Wed, 15 Dec 2021 20:49:04 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 4C7F 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47049564df5541299a0f30aa6e8d2d0fefbe8630d0f55dd4a4e542b2ad128ed3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:04 GMT
server
cafe
content-length
27628
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:04 GMT
cache-control
private
doq.htm
rt3027.infolinks.com/action/ 		884 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3027.infolinks.com/action/doq.htm?pcode=utf-8&r=16395977437521
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78a3351829e5f5a06609e7156a544cb05704fb61608601c9b88e996a9e2741fd

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
x-application-context
application:prod
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-language
de-DE
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
cf-ray
6be2316f8b846913-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005539
x-cache
Hit from cloudfront
content-length
2978
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-ba2"
content-type
text/css; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
Een8QMfeD9RH_9-awxf_1kHTdXzz3kxAn1X-IOrZib0lf8ikudQJHw==
x-cache-hits
0
common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
c.disquscdn.com/next/recommendations/ 		0
87 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005539
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
pEitxb6-2XrcY3dviMGVHJT99tVceprm5RsFahMCChSeHFtDqdLDxw==
x-cache-hits
0
recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5613801
x-cache
Hit from cloudfront
content-length
20244
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 11 Oct 2021 20:15:56 GMT
server
nginx
etag
"61649b7c-4f14"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 11 Oct 2022 20:25:43 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
72EUFO9km9EfrxoKtQO4NpWmzE7Wwyo0v3X6oKH6x6ARgBJn7rPRPg==
x-cache-hits
0
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:04 GMT
Content-Length
0
dmp.locale-en-US.89c08fbc7e17a76680a7.json
static1.dmcdn.net/playerv5/ Frame 0604 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.locale-en-US.89c08fbc7e17a76680a7.json
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
d71d986a726a9a3b37c6a5e049fee9692442911b24fcbc115a55608634a3ebf9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
604505
server-timing
total;dur=0, dc;desc="dc3"
content-length
1077
last-modified
Wed, 08 Dec 2021 14:42:52 GMT
server
DMS/1.0.42
etag
"61b0c46c-fbd"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
69907d2515f3103f75d1c96280d82312
expires
Fri, 07 Jan 2022 19:53:59 GMT
/
pebed.dm-event.net/ Frame 0604 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
x7zgqmr
www.dailymotion.com/player/metadata/video/ Frame 0604 		14 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/player/metadata/video/x7zgqmr?embedder=https%3A%2F%2Fwww.aiupnow.com%2F&referer=&dmV1st=85BD040AD5676152A123949685B6B5FC&dmTs=433660
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
b9e12fd398cc774524961aeacbee1b2873cca6241460d6b45a0ad069bf12f121
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Wed, 15 Dec 2021 19:49:04 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
application/json; charset=utf-8
Cache-Control
no-cache
Server-Timing
total;dur=144, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
Content-Length
8872
dmp.theme_neon.1783142d9b9ad037170c.js
static1.dmcdn.net/playerv5/ Frame 0604 		576 KB
158 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
bf459edbca835630ab04fe10ab0ea320af9c2a02a28354fac1dd2dacb5b48155

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
20100
server-timing
total;dur=2, dc;desc="dc3"
content-length
161081
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-90070"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
9a3b44b1aed8a4db0bbaad108d6067dd
expires
Fri, 14 Jan 2022 14:14:04 GMT
dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
static1.dmcdn.net/playerv5/ Frame 0604 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
b4700758182849390e83510cfa4d6ac01e49183ad810851b099d55fb0b93eec1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
age
288684
server-timing
total;dur=0, dc;desc="dc3"
content-length
16342
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-f198"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
6494673a90f0dcd833e47494163b803d
expires
Tue, 11 Jan 2022 11:37:40 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 0604 		374 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126427
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:04 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 401F 		84 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
159a0842329b5695bb5c57a4a86d9912063d2cb1c395bbab211001b619444d5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:04 GMT
server
cafe
content-length
29709
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:04 GMT
cache-control
private
/
de.tynt.com/deb/ Frame E5F2 		75 B
289 B 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip32.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

cache-control
max-age=86400
expires
Thu, 16 Dec 2021 19:49:04 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
75
date
Wed, 15 Dec 2021 19:49:03 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
usermatch
ssum-sec.casalemedia.com/ Frame 3A2A
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f972192e0a987b28a8991a30c724cddfff0c7dd5512bb4dda13ef715e583f46e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|230|39|45|4|190|41|206
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1647
Expires
Wed, 15 Dec 2021 19:49:04 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:04 GMT
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Wed, 15 Dec 2021 19:49:04 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:04 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame 8CA7 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
usersync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MTgyNzgwMzItMjVEMi00NUQzLTkyQTgtNjU3ODI3RkM0OTA3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D4BA7A629-27E4-4226-A0AA-4347858C5233
  • https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
0
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
6be2317b3acd695e-FRA
content-length
0

Redirect headers

location
https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
date
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
apn-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
  • https://router.infolinks.com/dyn/apn-usync?user_id=4180968463622704791
35 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/apn-usync?user_id=4180968463622704791
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23171eaff695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:05 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:04 GMT
X-Proxy-Origin
78.47.208.28; 78.47.208.28; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
bcab9a37-2700-41dc-9347-e75af514ea5b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://router.infolinks.com/dyn/apn-usync?user_id=4180968463622704791
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cm
u.openx.net/w/1.0/ Frame 80D3 		43 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
VR-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58422/occ
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
  • https://router.infolinks.com/dyn/VR-usync?uid=y-18zKVEBE2uGllNGulROlNPdIZ4CKr76u7_UVm9Y-~A
35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/VR-usync?uid=y-18zKVEBE2uGllNGulROlNPdIZ4CKr76u7_UVm9Y-~A
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23171aa4f695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:05 GMT

Redirect headers

location
https://router.infolinks.com/dyn/VR-usync?uid=y-18zKVEBE2uGllNGulROlNPdIZ4CKr76u7_UVm9Y-~A
date
Wed, 15 Dec 2021 19:49:04 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
r1-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://sync.1rx.io/usersync2/infolinks
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3548810636
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3548810636
  • https://sync.1rx.io/usersync/tradedesk/e0638c74-cf4f-44f4-ab68-decc9116267d
  • https://sync.targeting.unrulymedia.com/csync/RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-1a7a9a5b-71f4-4135-80a0-294e10524237-003
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003
35 B
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/r1-usync?uid=RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be2317becd4695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:06 GMT

Redirect headers

location
https://router.infolinks.com/dyn/r1-usync?uid=RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003
date
Wed, 15 Dec 2021 19:49:06 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX1a7a9a5b71f4413580a0294e10524237003
content-type
text/html
zmn-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
  • https://router.infolinks.com/dyn/zmn-usync?uid=
35 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store
cf-ray
6be231739faf695e-FRA
content-length
35

Redirect headers

Location
https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:04 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
70
Content-Type
text/html; charset=utf-8
us
sync.go.sonobi.com/ Frame 80D3 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
ca.png
s.cpx.to/ Frame 80D3
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.aiupnow.com%252F2021%252F12%252Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.aiupnow.com%25252F2021%25252F12%25252Fhackers-using-malicious-iis-server.html%26pid%3D1...
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2615535459032288984
95 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2615535459032288984
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache, no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Wed, 15 Dec 2021 19:49:05 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Wed, 15 Dec 2021 19:49:05 UTC

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
X-Proxy-Origin
78.47.208.28; 78.47.208.28; 534.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
4aa042e1-d957-4f63-a89b-fb22115f8b41
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=2615535459032288984
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
dsp.adkernel.com/ Frame 80D3 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:04 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
outh-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
  • https://router.infolinks.com/dyn/outh-usync?uid=y-T0Ghv1dE2uHWFlPW9_U.VrXi0PZ4682L~A~UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
35 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/outh-usync?uid=y-T0Ghv1dE2uHWFlPW9_U.VrXi0PZ4682L~A~UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be231738f92695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:05 GMT

Redirect headers

location
https://router.infolinks.com/dyn/outh-usync?uid=y-T0Ghv1dE2uHWFlPW9_U.VrXi0PZ4682L~A~UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
date
Wed, 15 Dec 2021 19:49:04 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usersync
match.bnmla.com/ Frame 80D3 		0
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.126 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
sovrn-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
  • https://router.infolinks.com/dyn/sovrn-usync?uid=ccfda82ee36bf7cf1052f420
35 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/sovrn-usync?uid=ccfda82ee36bf7cf1052f420
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23173e878695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:05 GMT

Redirect headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://router.infolinks.com/dyn/sovrn-usync?uid=ccfda82ee36bf7cf1052f420
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
usersync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEJBN0E2MjktMjdFNC00MjI2LUEwQUEtNDM0Nzg1OEM1MjMz&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D4BA7A629-27E4-4226-A0AA-4347858C5233
  • https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
0
156 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
6be2317b3ad0695e-FRA
content-length
0

Redirect headers

location
https://router.infolinks.com/dyn/usersync?pmuservalue=4BA7A629-27E4-4226-A0AA-4347858C5233
date
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
zeta-usync
router.infolinks.com/dyn/ Frame 80D3
Redirect Chain
  • https://p.rfihub.com/cm?pub=43153&in=1
  • https://router.infolinks.com/dyn/zeta-usync?uid=5123196420775419717
35 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zeta-usync?uid=5123196420775419717
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be2317408c7695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:05 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/zeta-usync?uid=5123196420775419717
Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
ssc-cms.33across.com/ps/ Frame 80D3 		0
72 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP002 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status
2000208
date
Wed, 15 Dec 2021 19:49:05 GMT
server
33XP002
iq-usync
router.infolinks.com/dyn/ Frame 80D3 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/iq-usync
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6be23172ad13695e-FRA
content-length
0
subscribe_button_branded_lozenge.png
www.youtube.com/s/subscriptions/subscribe_embed/img/ Frame 3DCB 		156 B
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/img/subscribe_button_branded_lozenge.png
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 09:51:49 GMT
x-content-type-options
nosniff
last-modified
Fri, 18 Sep 2020 20:15:00 GMT
server
sffe
age
35835
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
156
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 09:51:49 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 4138 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
723c60a9a7ce2bbecc0818e2253a9101fd49b1132ac3d045208cc71914e8d3eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:05 GMT
server
cafe
content-length
27722
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
private
share-button-shadow.png
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/share-buttons/ 		405 B
640 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/share-buttons/share-button-shadow.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
22a6b5ca081c7e993a6de605757cb5da85573221300021627663e89fb6950b18

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
XKBKB1A1MDJ255YA
etag
"eb8d7f99f86c638ac8e68c8e4014cbd3"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds243.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
428
x-amz-id-2
MYcd7n+myKbK2WUua0SBx2hoDquGyFnieY4X92SpJjYozv0MwZB9BoKfANJCHPcIZsig8E8/YoU=
shareaholic-icons.woff
m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c

Request headers

Referer
https://www.aiupnow.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
G0NGXN95674CDRKA
etag
"0e26e8e2b7a79ff2a9e9fe9ef5382e6d"
x-hw
1639597744.cds010.fr8.hn,1639597744.cds254.fr8.c
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
20572
x-amz-id-2
GINV/IDhxdm1w/4N0YeJH3BGo9GKr9WNTUDF1p4Q3KFq3zutmpObz0v5ZPc1kawj+KE0RjRK4+I=
truncated
/ 		492 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
follow.0a706f0e.css
open.scdn.co/cdn/build/follow/ Frame 11ED 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d53fc34a8a2122326a547282899df3aa84a3def278217628e218ba771c4305cb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 14:09:01 GMT
Age
3598546
ETag
"63805a2718e698bb90455bc9ca708c00"
X-Served-By
cache-ord1721-ORD, cache-mad22028-MAD
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1310
X-Cache-Hits
1, 252
vendor~follow.ef331d43.js
open.scdn.co/cdn/build/follow/ Frame 11ED 		116 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/vendor~follow.ef331d43.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8520c4df0969be1603059e7639e03decb805f23feb63736ba40f00365156caa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Dec 2021 16:26:02 GMT
Age
1221594
ETag
"395be2330d0d79dc39a74e34ede9cde0"
X-Served-By
cache-ord1730-ORD, cache-mad22033-MAD
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
36736
X-Cache-Hits
1, 1830
follow.a43eb8b5.js
open.scdn.co/cdn/build/follow/ Frame 11ED 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/follow.a43eb8b5.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
00b61ddd115228a88bb2c3ce857b92524ef040ae538ac0f983e7055177def3ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:04 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 18:06:51 GMT
Age
5916
ETag
"785495232621291776d1d50b1062270f"
X-Served-By
cache-ord1739-ORD, cache-mad22047-MAD
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
5022
X-Cache-Hits
2, 31
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 3DCB 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 16:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
97219
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 Dec 2022 16:48:45 GMT
/
disqus.com/recommendations/ Frame AE2C 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
efed9c0be7c7adf375be6a20b399eeb790011c96ec3c3921fa91cc3d0fb7e095
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Connection
keep-alive
Content-Length
2326
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Thu, 09 Sep 2021 15:45:27 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Wed, 15 Dec 2021 19:49:04 GMT
Age
0
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
ads
googleads.g.doubleclick.net/pagead/ Frame 6B17 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bd3241d7639ed2f5c2ee35088ee469ccd8d9d97d5a65fcebc525adab37f0fa0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:05 GMT
server
cafe
content-length
27728
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
private
vglnk.js
cdn.viglink.com/api/ 		81 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1708225
cf-ray
6be23170bc126958-FRA
content-length
28567
x-amz-id-2
JRuATVnhK5aTWebrb/UxEx668VPTef9xrWWoafFq1mrvOYUxBj2865eVYh+xN7Y/BElkqf0Gcj4=
last-modified
Wed, 02 Dec 2020 18:57:12 GMT
server
cloudflare
etag
"072eaf64a771815874455704fca9301b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-request-id
T5CV2HSV57XY278Z
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
text/javascript
expires
Wed, 22 Dec 2021 19:49:04 GMT
logo.svg
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/ 		743 B
539 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/logo.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
SPDJ024VJGG2SW33
etag
"83eda2388bc041d5d753201754724793"
x-hw
1639597744.cds151.fr8.hn,1639597744.cds154.fr8.c
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
360
x-amz-id-2
u1pmQYGYx+BEROWSOiGI89Vvg0WG5J2ycZg3tRuOno12H0ML/yIqiqurnrat9x1Q1GO+2di04ik=
asid
recs.shareaholic.com/ 		99 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://recs.shareaholic.com/asid?location=https%3A%2F%2Faiupnow.com&api_key=e68e51f46304cc485d7732b4cf6276c7
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.31.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-31-218.compute-1.amazonaws.com
Software
/
Resource Hash
6ad99d7680a81cd576b423e62e3937a7ecbd4a3a4a45687a5822fbef5b55ba13

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
https://www.aiupnow.com
date
Wed, 15 Dec 2021 19:49:05 GMT
access-control-allow-credentials
true
content-type
application/json
content-length
99
vary
Origin, Accept-Encoding, User-Agent
access-control-expose-headers
X-Client-Auth
3087399934-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame FB0B 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/3087399934-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 10:36:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
33160
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4296
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 03:14:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 10:36:24 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame FB0B 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7KpDcCO2A1mmjdbS0BhHfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"3fc975e12af4bcde7e44fdb36bca1117"
x-frame-options
SAMEORIGIN
report-to
{"group":"ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-7KpDcCO2A1mmjdbS0BhHfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"
expires
Wed, 15 Dec 2021 19:49:04 GMT
lounge.load.9068118211410bc5f67f5bb8d6806cba.js
c.disquscdn.com/next/embed/ Frame B5F5 		958 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678117
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
494
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1ee"
content-type
application/javascript; charset=utf-8
via
1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
6n9vPuXlATYt4L1L-U1pffLykddrbUJxx2qujSiuB9tcTD4MettKng==
x-cache-hits
0
ab6761610000e5eb98dc0774392df9f6b5fc1b46
i.scdn.co/image/ Frame 11ED 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.scdn.co/image/ab6761610000e5eb98dc0774392df9f6b5fc1b46
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b71079af3ec36279d0386b3b1498fa09d315d859221fa026027c4175ca3c7f0f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:05 GMT
Last-Modified
Fri, 02 Jul 2021 00:15:12 GMT
Age
649420
ETag
"1f5a157460acdc751052c30ff0e26f3d"
X-Served-By
cache-ord1746-ORD, cache-mad22066-MAD
X-Cache
HIT, HIT
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
43112
X-Cache-Hits
1, 1
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tn=DIV&cls=shareaholic-cookie-consent%20shareaholic-bottom-align%20shr-no-print&ign=false&pw=1600&ph=1200&x=1575&y=1175
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tn=DIV&id=cookieChoiceInfo&cls=cookie-choices-info%20singleton-element&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 296A 		170 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&adk=1812271804&adf=3025194257&lmt=1639580699&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743255&bpp=1&bdt=520&idt=972&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600%2C250x250&nras=1&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=9&uci=a!9&fsb=1&dtd=987
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
89c295e0c7611d0074975890aa6ffcd308dd082b1064255dfa0236d643f2fe4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:05 GMT
server
cafe
content-length
43978
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
private
shares.json
api.bufferapp.com/1/links/ 		66 B
410 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bufferapp.com/1/links/shares.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&callback=JSONP_3047
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.138.31 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a4e24d2b9857f11159e91e3e457926c82644de190d8222e27623d6366a576631
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=43200
cf-ray
6be231721b8f431b-FRA
etag
W/"42-GOyDvKqPyrro+fc2sEvChzio0/c"
expires
Thu, 16 Dec 2021 07:49:05 GMT
dk
connect.ok.ru/ 		11 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://connect.ok.ru/dk?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tp=json&ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&st.cmd=extLike
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.20.152.207 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
ip207.152.odnoklassniki.ru
Software
apache /
Resource Hash
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
Security Headers
Name Value
Content-Security-Policy default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
Strict-Transport-Security max-age=63072000;includeSubdomains;preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
br
vary
Accept-Encoding
rendered-blocks
WidgetExtLike
content-security-policy-report-only
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
x-xss-protection
1; mode=block
pragma
no-cache
server
apache
strict-transport-security
max-age=63072000;includeSubdomains;preload
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-security-policy
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
x-content-type-options
nosniff
expires
Mon, 26 Jul 1997 05:00:00 GMT
count.json
api.pinterest.com/v1/urls/ 		103 B
416 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&callback=JSONP_7261
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7e41f693d93943caeb33fd2f40e48bc498f75d3c3b3b05b76308c3d35fc26f08
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
x-cdn
akamai
akamai-grn
0.846656b8.1639597745.8805fe7
content-type
application/javascript
access-control-allow-origin
*
pinterest-generated-by
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-pinterest-rid
8555147398802388
content-length
103
expires
Wed, 15 Dec 2021 20:04:04 GMT
button_info.json
www.reddit.com/ 		120 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ratelimit-used
1
via
1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
120
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
x-clacks-overhead
GNU Terry Pratchett
server
snooserv
x-frame-options
SAMEORIGIN
date
Wed, 15 Dec 2021 19:49:05 GMT
x-ratelimit-remaining
299
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset
55
accept-ranges
bytes
expires
-1
stats
api.tumblr.com/v2/share/ 		142 B
392 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.tumblr.com/v2/share/stats?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
assets.tumblr.com
Software
nginx /
Resource Hash
92a52c85d6e732cc7b34a65f9317ef052b15c2f2b58c9fc7f0ef939c7e3ba248
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Accept-Encoding
p3p
CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
access-control-allow-origin
https://www.aiupnow.com
x-rid
7b7b9f25bda622810766958d105c2d8d
strict-transport-security
max-age=31536000; preload
accept-ranges
bytes
content-type
application/json; charset=utf-8
content-length
136
share.php
vk.com/ 		24 B
482 B 		Script
General
Check archive.org
Download Go to
Full URL
https://vk.com/share.php?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&act=count&index=4477&callback=JSONP_6807
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.240.190.78 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS
srv78-190-240-87.vk.com
Software
kittenx / KPHP/7.4.109642
Resource Hash
b0c66f841ddc555e6d9db4cada9a766f088103e8c16b42de45095a12b3606a26
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-frontend
front226205
server
kittenx
x-powered-by
KPHP/7.4.109642
strict-transport-security
max-age=15768000
content-type
text/html; charset=windows-1251
access-control-expose-headers
X-Frontend
cache-control
no-store
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
44
yum-count
www.yummly.com/services/ 		11 B
724 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.yummly.com/services/yum-count?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
vary
Accept-Encoding
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11
last-modified
Wed, 15 Dec 2021 19:49:05 GMT
server
cloudflare
x-yummly-req-id
d6bd2075-936c-4011-b639-3d98174f4b05
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
86400
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.aiupnow.com
cache-control
private
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
6be231721d4e0605-FRA
access-control-allow-headers
DNT,User-Agent,Cache-Control,Content-Type,X-Yummly-Auth-Token,Accept,Authorization,If-Match,If-None-Match,If-Modified-Since,If-Unmodified-Since,X-Yummly-App-Id,X-Yummly-App-Key,X-Visitor,X-Yummly-Type,X-Forwarded-For,X-Yummly-Locale,X-Yummly-Domain,X-Yummly-Timeout-Millis
Less-Stress-Infographic_FINAL.png
blogs.windows.com/wp-content/uploads/prod/sites/2/2021/11/ 		290 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.windows.com/wp-content/uploads/prod/sites/2/2021/11/Less-Stress-Infographic_FINAL.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5ea452e977280c259515115b1f3e03bf152e5b4c79b3e785cb8eeac26c327c9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
HIT
content-md5
MYsHuM3b2QRo+mPbo2ZeDA==
age
195523
cf-polished
origFmt=png, origSize=523905
content-disposition
inline; filename="Less-Stress-Infographic_FINAL.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
296906
x-ms-lease-state
available
x-ms-lease-status
unlocked
last-modified
Wed, 17 Nov 2021 13:34:27 GMT
server
cloudflare
etag
"0x8D9A9CEF9F377A3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
x-ms-request-id
395940da-501e-001d-0a25-f0a182000000
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-ms-version
2014-02-14
accept-ranges
bytes
cf-ray
6be231726c5f5b3e-FRA
cf-bgj
imgq:100,h2pri
a5c35f20-fc4c-11ea-bf7d-637e870d3191
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		175 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/a5c35f20-fc4c-11ea-bf7d-637e870d3191
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e33de29236bd945ad5963c32fd373b982e0970b3a1f784b8e7ae07d7be8c254d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:13:34 GMT
x-content-type-options
nosniff
age
466532
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
179043
x-amz-id-2
/cqDgtAWaTTrA3wwpR0YLLKkRKuIpDqm59Fow3b7JifTobMi45kONCFnm0QTTdjRLDMPQ6dAGPc=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 21 Sep 2020 20:54:33 GMT
server
ATS
etag
"f2674983881b2078fcc17208ca7fa426"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
4DDGN6VJ94MY3753
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/jpeg
fdad0470-fc4c-11ea-a947-18dc38fbf5d1
media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/ 		242 KB
242 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/fdad0470-fc4c-11ea-a947-18dc38fbf5d1
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.95.49 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cbf52478eea923d6c8559defe2bd5ce6f23107952a3ab8056d0d2d97df20a79e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 15 Dec 2021 19:49:06 GMT
Last-Modified
Mon, 21 Sep 2020 20:57:00 GMT
Server
AmazonS3
x-amz-request-id
6GCYZREWD338JJHC
ETag
"7407eb6de1fb6ccfb8ffde0f64f2a7de"
x-amz-version-id
null
x-amz-storage-class
STANDARD_IA
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
247619
x-amz-id-2
c/whr9LkD1dLGWw9L/afA4wYstowGm0we9wg9Vh827yS8Xu6Dn4bgIWnkdE8HhY+9HaY3tzmz3U=
9c9d6c80-fc4f-11ea-afdb-ecca84ac1198
media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/ 		198 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/9c9d6c80-fc4f-11ea-afdb-ecca84ac1198
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.95.49 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
17710b0cbda106bd59c9bb320d152a06bba83cfed9e8a171b4e63f48adfc0a09

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 15 Dec 2021 19:49:06 GMT
Last-Modified
Mon, 21 Sep 2020 21:15:46 GMT
Server
AmazonS3
x-amz-request-id
6GCXH1FEH7PDM8RN
ETag
"2806512b949617bd4ea79a2998ae6f56"
x-amz-version-id
null
x-amz-storage-class
STANDARD_IA
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
202394
x-amz-id-2
eNHJjvaAoRlZglDv6myDZITieZjh9K6aTcWCnOapWhXA3hJ4L/16XcNFujXBoxYNjrQEpn95ydI=
cec5d390-f9cb-11ea-bbff-fdb7f71204bb
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		602 KB
603 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/cec5d390-f9cb-11ea-bbff-fdb7f71204bb
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
4512240dca2a59d6f18502229269f36846e194a33015ca8ca1a93a3535fb333b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
x-content-type-options
nosniff
age
0
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
616800
x-amz-id-2
MvMa/PZztU0+yO84zuJDELx9EerJPI2WHnXHml/H2ZzUWWzx3iKFN1La/9AGRb87JgV/xWcW90o=
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Sep 2020 16:27:14 GMT
server
ATS
etag
"b714aca3e727c20fe1de572d1efec1c9"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
6GCG5CVAEQYZ2FY1
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/jpeg
61de0c60-f783-11ea-bd7d-46dcedba277c
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		267 KB
267 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/61de0c60-f783-11ea-bd7d-46dcedba277c
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
33fb4f945a35b6ccaf4d19c0e6d1d8ad39736c430884b7090fc0f965d3f748ad
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 19:00:33 GMT
x-content-type-options
nosniff
age
521313
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
273173
x-amz-id-2
lPlskTBSH/xjE1BqWD1sf2xPYwW4mfB/Oxe+joePRXoJ9BXufvmQgpJcc9r3UKiYpohm/ity32M=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 15 Sep 2020 18:43:46 GMT
server
ATS
etag
"72c72917d284ea57345a106ed1cf71c5"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
VBGW68JWSP3KYWS5
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/png
dims
o.aolcdn.com/images/ 		108 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://o.aolcdn.com/images/dims?crop=3503%2C2332%2C0%2C187&quality=85&format=jpg&resize=1600%2C1065&image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-images%2F2020-01%2Fe948a190-2da0-11ea-9dff-b2fb563a84d3&client=a1acac3e1b3290917d92&signature=b857e71b6d8217dc50eb08e57400ef8cbd7b2188
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:af6:eab:2108:1892:6d8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FF4) /
Resource Hash
d5adf666701b746821cc08cfa7064589419b3e1aa81e6324ddd6843e5bebf082
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
age
334582
cld_latency
133
edge-cache-tag
214263861983770865837665303362291958282,311762242164315631316587765202362003164,ae7a14591aaf8d474cdb3f92111c923e
cld_cache
MISS
cld_hits
0
x-cache
HIT
strict-transport-security
max-age=31536000
content-length
110825
x-xss-protection
1; mode=block
cld_by
cache-dca17767-DCA
x-served-by
cache-wdc5554-WDC
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 11 Nov 2021 06:43:50 GMT
server
ECAcc (frc/8FF4)
x-timer
S1636670915.453639,VS0,VE70
etag
"f94f1ff240047b54329dc3b043ced59c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
SAMEORIGIN
report-to
{"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0
steelseries-arctis-pro-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/steelseries-arctis-pro-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
538644c8d03a34a5f5842ab02d4f32e975b50607bbf7bb3528da122eb0d912b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:22:20 GMT
server
cloudflare
etag
"5f0dcdac-6c56"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be2317279d65c62-FRA
content-length
27734
expires
Sat, 15 Jan 2022 19:49:05 GMT
steelseries-arctis-pro-dac-cropped.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/steelseries-arctis-pro-dac-cropped.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a43b5bfc058d5b10e20d84c9dc83bd1d825fc472b165f0a837fdb02d7ca6c37a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
HIT
age
17596
cf-polished
qual=85, origFmt=jpeg, origSize=41515
content-disposition
inline; filename="steelseries-arctis-pro-dac-cropped.webp"
content-length
24688
last-modified
Tue, 02 Jun 2020 15:50:58 GMT
server
cloudflare
etag
"5ed67562-a22b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 14:55:49 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231729a4a5c62-FRA
cf-bgj
imgq:85,h2pri
hyper-x-cloud-alpha-blackout-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/hyper-x-cloud-alpha-blackout-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
690e2c2fc087cba6dcf864ee61e6c566049979c4f5da31b6ec63b8e7ce3ad05a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:15:58 GMT
server
cloudflare
etag
"5f0dcc2e-511b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa4f5c62-FRA
content-length
20763
expires
Sat, 15 Jan 2022 19:49:05 GMT
hyper-x-cloud-alpha-se-hero.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/hyper-x-cloud-alpha-se-hero.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02f1a982fff273502b329ba242f856f115b2e51273ffc4476bee77f5172680d4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:08:12 GMT
server
cloudflare
etag
"5f0dca5c-d6c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa515c62-FRA
content-length
54976
expires
Sat, 15 Jan 2022 19:49:05 GMT
blackshark-v2-t1bg.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/blackshark-v2-t1bg.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86bd843e845b3814a6cb1438975575e4b8dcd68f9c2ca1a420c649b2d8db6f3b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Fri, 31 Jul 2020 13:22:24 GMT
server
cloudflare
etag
"5f241b10-347a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa555c62-FRA
content-length
13434
expires
Sat, 15 Jan 2022 19:49:05 GMT
51jmb3ciuhl._ac_sl1500_.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/51jmb3ciuhl._ac_sl1500_.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd27265365870814b531d27242813f9df904229b004d7e6f6e1512a68d29f8f4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Fri, 31 Jul 2020 13:22:25 GMT
server
cloudflare
etag
"5f241b11-d616"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa585c62-FRA
content-length
54806
expires
Sat, 15 Jan 2022 19:49:05 GMT
razer-nari-ultimate-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/razer-nari-ultimate-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08a0a69cc7b20ebc145be0de33415376df6b98011bde781c6bef07ce39564b33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 14 Jul 2020 15:54:30 GMT
server
cloudflare
etag
"5f0dd536-6e19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa5c5c62-FRA
content-length
28185
expires
Sat, 15 Jan 2022 19:49:05 GMT
razer-nari-ultimate-se_0.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/razer-nari-ultimate-se_0.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4a0ee6d728ead9cf6f762458a1de9463cfea40e4edce958d445ee006fc27f16

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 16 Jun 2020 21:10:15 GMT
server
cloudflare
etag
"5ee93537-15118"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa5d5c62-FRA
content-length
86296
expires
Sat, 15 Jan 2022 19:49:05 GMT
plugable-onyx-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/plugable-onyx-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bec9c490503ced6d8e92080693b1cea51de26bc67b758394b4638f2f1a03cd8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Jul 2020 10:43:34 GMT
server
cloudflare
etag
"5f0eddd6-4bdd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa5e5c62-FRA
content-length
19421
expires
Sat, 15 Jan 2022 19:49:05 GMT
plugable-onyx-headset.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/plugable-onyx-headset.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
311d0ae54122e562c9d7209237279a234746e4bc9bc08c8fa698fd7a84d79a1c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 02 Jun 2020 13:24:43 GMT
server
cloudflare
etag
"5ed6531b-e4e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa605c62-FRA
content-length
58597
expires
Sat, 15 Jan 2022 19:49:05 GMT
turtle-beach-elite-aero-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/turtle-beach-elite-aero-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1184eaa5a8479aace795d63e8a6198e87229358f756f81721a37cf7f3adae457

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
HIT
age
368325
cf-polished
qual=85, origFmt=jpeg, origSize=24505
content-disposition
inline; filename="turtle-beach-elite-aero-sehero-1.webp"
content-length
14188
last-modified
Wed, 15 Jul 2020 10:58:05 GMT
server
cloudflare
etag
"5f0ee13d-5fb9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Tue, 11 Jan 2022 13:30:20 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa635c62-FRA
cf-bgj
imgq:85,h2pri
turtle-beach-elite-atlas-aero-se.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/01/ 		152 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/01/turtle-beach-elite-atlas-aero-se.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1fed6af0907b4321b97f34f4881f6ee021694567754b4ff26bfe8ff3480b451

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
HIT
age
466530
cf-polished
qual=85, origFmt=jpeg, origSize=203462
content-disposition
inline; filename="turtle-beach-elite-atlas-aero-se.webp"
content-length
155558
last-modified
Tue, 21 Jan 2020 14:02:10 GMT
server
cloudflare
etag
"5e270462-31ac6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Mon, 10 Jan 2022 10:13:35 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa645c62-FRA
cf-bgj
imgq:85,h2pri
steelseries-arctis-1-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/steelseries-arctis-1-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e6f87e479fe96a05167143baf8284070e8e25446568442ef85133ec97ac7cf7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
HIT
age
368325
cf-polished
qual=85, origFmt=jpeg, origSize=20134
content-disposition
inline; filename="steelseries-arctis-1-sehero-1.webp"
content-length
10842
last-modified
Wed, 15 Jul 2020 11:12:03 GMT
server
cloudflare
etag
"5f0ee483-4ea6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Tue, 11 Jan 2022 13:30:20 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa685c62-FRA
cf-bgj
imgq:85,h2pri
steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/05/ 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/05/steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1801957e205fedeb5ad3143a9a15114323490bf7babf1444e4695dff08d16be

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 05 May 2020 12:23:38 GMT
server
cloudflare
etag
"5eb15aca-191ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa7e5c62-FRA
content-length
102893
expires
Sat, 15 Jan 2022 19:49:05 GMT
richard-avatar.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/ 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/richard-avatar.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10a64ebb8661643d154d9ff6466282a8b80d1faac7b93ed08a609e1d182bbe68

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Wed, 25 Mar 2020 19:33:27 GMT
server
cloudflare
etag
"5e7bb207-15681"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172aa825c62-FRA
content-length
87681
expires
Sat, 15 Jan 2022 19:49:05 GMT
1025269.jpg
passport.mobilenations.com/avatars/000/001/025/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passport.mobilenations.com/avatars/000/001/025/1025269.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a62b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f615e7ba92273145a27dfc0773e0a936233f96a40cee0eb90cedf8cdcf2e6e0a
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
2039168
cf-polished
origSize=52888, status=webp_bigger
content-length
50603
last-modified
Fri, 15 Mar 2019 16:47:51 GMT
server
cloudflare
etag
"5c8bd737-ce98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=86400; includeSubDomains
content-type
image/jpeg
expires
Fri, 14 Jan 2022 19:49:05 GMT
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231730ec05c5c-FRA
cf-bgj
imgq:100,h2pri
XMvfuvRqk3g
feeds.feedburner.com/~r/wmexperts/~4/ 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~r/wmexperts/~4/XMvfuvRqk3g
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
GSE
content-type
image/gif
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 20:49:05 +0000
halo-reach-hero.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/ 		82 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/halo-reach-hero.jpg?itok=wmHDT0Is
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a924247a34d2261adba0ab013836e8f7bc8df1f5414459c906d5c2a0448232a4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
MISS
last-modified
Tue, 03 Mar 2020 19:14:58 GMT
server
cloudflare
etag
"5e5eacb2-14991"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172dadd5c62-FRA
content-length
84369
expires
Sat, 15 Jan 2022 19:49:05 GMT
halo-reach-se.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/11/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/11/halo-reach-se.jpg?itok=QwN53No7
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41dc62838893d877af036548c8dae4693825d6decf866a1aade64d8d942afca7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
cf-cache-status
HIT
age
466529
cf-polished
qual=85, origFmt=jpeg, origSize=18910
content-disposition
inline; filename="halo-reach-se.webp"
content-length
13054
last-modified
Wed, 13 May 2020 01:05:12 GMT
server
cloudflare
etag
"5ebb47c8-49de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Mon, 10 Jan 2022 10:13:36 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be23172dae75c62-FRA
cf-bgj
imgq:85,h2pri
tkpYeuiT0cA
feeds.feedburner.com/~r/wmexperts/~4/ 		43 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~r/wmexperts/~4/tkpYeuiT0cA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
GSE
content-type
image/gif
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 20:49:05 +0000
dims
o.aolcdn.com/images/ 		169 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://o.aolcdn.com/images/dims?resize=2000%2C2000%2Cshrink&image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2019-03%2F8abb4e90-50b3-11e9-aaff-ba09ebd015cd&client=a1acac3e1b3290917d92&signature=59a74288ccbf5ce945fab394555e468caaeb6c36
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:af6:eab:2108:1892:6d8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F38) /
Resource Hash
f5fb80c6ab695aec793967d59c135b29618aad2f987174711a218fc44da08d77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
age
1074359
cld_latency
180
edge-cache-tag
205668273106704222303092677181222189726,485239066690905873616624527207302478547,ae7a14591aaf8d474cdb3f92111c923e
cld_cache
MISS
cld_hits
0
x-cache
HIT
strict-transport-security
max-age=31536000
content-length
172683
x-xss-protection
1; mode=block
cld_by
cache-wdc5538-WDC
x-served-by
cache-wdc5559-WDC
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 01 Jun 2021 10:19:59 GMT
server
ECAcc (frc/8F38)
x-timer
S1633336474.742285,VS0,VE1
etag
"d2668a73c5528255b775cdd08b0e7b3c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
SAMEORIGIN
report-to
{"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		997 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6991b0dfb02f46e2bb00808bd3eaaf97cfb4caa209a24ceb5a5c3482b091d6ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
GSE
etag
Kg31R1CGIqw4HTZpTQkVWDFniR0
content-type
image/gif
cache-control
max-age=602954
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
997
x-xss-protection
1; mode=block
expires
Wed, 22 Dec 2021 19:18:19 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d76f32f8bd2f4896065ce24a53a651b8b31f8518eeffef24d8ff3b7942a2437b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
GSE
etag
8QBjG7c8/sQuhDR26KDUQ+59BcM
content-type
image/gif
cache-control
max-age=603106
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1051
x-xss-protection
1; mode=block
expires
Wed, 22 Dec 2021 19:20:51 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a2b9c28205959e1323e482a8ebab65490ba2200da1665b75004947fbc4e18672
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
GSE
etag
IDawmln7mA9Ww+FiBXA+Xtz928I
content-type
image/gif
cache-control
max-age=602916
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
1; mode=block
expires
Wed, 22 Dec 2021 19:17:41 GMT
codeguru-secrets-manager-1024x795.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/ 		772 KB
773 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/codeguru-secrets-manager-1024x795.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a97e731cbb8c8f2fd76edc5ff46950f4548da821813db1770d62cbd710cd168a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
cgC7Wagwmpb4ARt83TrV5Qnu8XXsfh38
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 12:48:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"abea87b3b8c115fcd69f4228f96cbb6d-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
790114
x-amz-cf-id
laVELKuU59Er81OnslIAajf1er1i8Stnw623erpelyEHD1ryOmoB0Q==
codeguru-associate-repository-1024x807.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		266 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-associate-repository-1024x807.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b16ee208e163e440832f7c31333c523ec8d0635bb1b2d332d733c1feb73dbf97

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
tQYPc0YprnBq_R3FSUM.EMUyAanD0GVs
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:12:54 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"928b6c5f1f3973465fdb28a96460b4af-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
271919
x-amz-cf-id
zR1o1mV6rN0jJBj0mm9203KLD0sGNJvZMLR6m5fP6iRrOQPf0vDmoA==
codeguru-secrets-analysis-list-1024x323.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/codeguru-secrets-analysis-list-1024x323.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9cc42edd3434423ba5ed7bab4141062c32ca45432ee495b4db48399fcf625a56

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
YWiPV7Yh3VYQkSrtBp7Kyxrkh_nAIQkM
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 09:33:15 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"b5ebef68c0c71305f72256c4487ede6f-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
96582
x-amz-cf-id
jmo16eR1oE_1i3Jv-GSE5s_Lv1bBDNG38o0UJ6jkf-3lqZbo-BDjUQ==
codeguru-secrets-recommendations-1024x421.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		166 KB
166 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/codeguru-secrets-recommendations-1024x421.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96a96229c6397e7b5b44811bee268f7f6dfcfdd2703efdba8e348f311d0fa6db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
ECTE0akn3piQLdu9Q7lR5ZJJxl0iKzgq
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 17:42:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"a4730d087542ed55feb95b73b7cb0f64-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
169593
x-amz-cf-id
7KzONgtmGEv9D1Ms84FhFS1DYnIqWJwzeLPqOYigJ7Morc3XtD78zg==
codeguru-github-1024x407.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		247 KB
247 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-github-1024x407.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a484ab3ab55740d1b51dab8f319f0778053dc10f6cff128f5f76e76625cc5e5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
LQmUNdZa2Z3VuOlxdcA.D2_4tFmB9y2x
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:12:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"70a8c0e58fcd9fc6701856acacf14137-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
252470
x-amz-cf-id
JMsEy6cEXZHxh6gcmfzpOmmXkFOz_8WgcNz6rJeLf5cuc3ikI7akXw==
codeguru-secrets-manager-popup-1024x419.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		197 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-secrets-manager-popup-1024x419.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
edddcb46193aacdf88726f8250fd0248b2dd411d392b3288ea04ab9e9e6bd526

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
0myyRpUxG.o.OGUTkF7DP7aH6sKV4eMA
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:13:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"079fff016d60236ea339e17d4786be4e-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
202117
x-amz-cf-id
Nn1tGMDDpKst_MdCJC6frO0RJGoGQct0d6uZY-d9OCefZWMyiwbjEQ==
secrets-manager-store-new-secret-1-1024x703.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		139 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/secrets-manager-store-new-secret-1-1024x703.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09dec90213d3b1f9af1a0133e35843f22241aafe04b0d2a1983b69116abfddc1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
QNWc1r9zEhfZbNG81DShOMjdgwVrT6xv
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 09:39:45 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"114cb9341d3eabcac573108a38ebc73f-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
142238
x-amz-cf-id
YlYiWpZL1QlpbrvFUPUcLdUbAZqD54b9W6mjEZYdWWYUgh6qIFjh2w==
secrets-manager-sample-code-1024x662.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/ 		309 KB
310 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/secrets-manager-sample-code-1024x662.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6fcd9dea2794290acd1f2e793fcfef9232545fff93270744e79e30d9de0e0e61

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
1uKtzXVl9B2T0DARloPafecHhsJV8.Jc
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 13:05:32 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"6d79dd654708c4f68b793149572eb9fc-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
316809
x-amz-cf-id
lXXHviBV2H3bW9DPcJpNEoOVCh_1e0abwFeUrqnTKPPIfc5QuUA1-A==
2021-aws-iot-roborunner-1.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		990 KB
992 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-1.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d777536c363f541d3a0a29627c1294ed6c6c0889011ea21d8d4eb859c9aef31b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
4JHI_oNpw_8z2eSQ4TUVmDmuKiVaxZs7
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 22:57:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"16e8631a526d48c810baec9d90b66685-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
1013820
x-amz-cf-id
8NudJUyRePrjZhmWXZ-t2A_yUsqskt1Fnx9wAHEjnMmnOfpMgLDcPA==
2021-aws-iot-roborunner-2.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		674 KB
675 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-2.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a29d510cc6827794383ee2d8aaa0ff664aec760c9bfb99bf5c179c41c97aac48

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
rpOeZcWCoDNQee2qVb0DsibBDbbjiLyQ
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 22:57:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"2e175c77d0d5a2846cfd12c50e1e8937-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
689890
x-amz-cf-id
t2S7GUxugMK_LF9xE3YH-hzap3_Wnvppno7-twHg2yrfi8PSRI8F-w==
2021-aws-iot-roborunner-3.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-206.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7d4767763ce995c13decef23ba129277c5a6e2682ecb104c8e06d2ca0af00137

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
K3Qf0bxcI_txF_iMA.3FY7v1i3Y5MSMv
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 23:00:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
"2e489c9f408199d54a57e71836c4ef5f-1"
x-cache
RefreshHit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
content-length
1206076
x-amz-cf-id
ADUkKBJ1ZSUeFsDZZwWcN86gPMJaF_d1qF6piwh-jLdxWRSYwdK5mg==
/
www.facebook.com/tr/ Frame D1F8 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.aiupnow.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.aiupnow.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Wed, 15 Dec 2021 19:49:04 GMT
bubble.js
resources.infolinks.com/js/1769.027-3.025/ 		156 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/bubble.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be231721ba2695e-FRA
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
4352
etag
W/"27044-5d2d8ec551e5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Fri, 14 Jan 2022 18:36:33 GMT
nth.png
1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:29:29 GMT
x-content-type-options
nosniff
age
4775
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1439
x-xss-protection
0
server
fife
etag
"v74b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 17 Nov 2021 11:04:58 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:38:42 GMT
x-content-type-options
nosniff
age
11423
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 06 Oct 2021 17:58:43 GMT
mqdefault.jpg
img.youtube.com/vi/J36MCxgP2_4/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/J36MCxgP2_4/mqdefault.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd1d46e090dd11a9123e403410ad1b3354ed4c0906c92a13ae0a0daf85a91421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6457
x-xss-protection
0
server
sffe
etag
"0"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 15 Dec 2021 21:49:05 GMT
sprite@1.0435c9db.png
open.scdn.co/cdn/images/follow/ Frame 11ED 		576 B
1015 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://open.scdn.co/cdn/images/follow/sprite@1.0435c9db.png
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1f::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8306b110649100e1a82a22573136f9208f5ceb738bb508a7d2fbad3b66bed7aa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:05 GMT
Last-Modified
Mon, 22 Nov 2021 10:37:26 GMT
Age
2016369
ETag
"be80ee12621c68563801dfc8ad5381d6"
X-Served-By
cache-ord1725-ORD, cache-mad22033-MAD
X-Cache
HIT, HIT
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
576
X-Cache-Hits
1, 24
1
mc.yandex.com/watch/53791720/
Redirect Chain
  • https://mc.yandex.com/watch/53791720?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&brow...
  • https://mc.yandex.com/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&br...
385 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A1298%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A95639952349%3Ahid%3A424392075%3Az%3A0%3Ai%3A20211215194903%3Aet%3A1639597744%3Ac%3A1%3Arn%3A499940879%3Arqn%3A1%3Au%3A1639597744714125276%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597741736%3Ads%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C478%2C53%2C%2C%2C%2C1478%3Adsn%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C305%2C53%2C%2C%2C%2C1477%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597744%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
827d59b6de1d3d3ff458836eac96c44c4b25a6bd1e8cbecaab7fbc66566210a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
last-modified
Wed, 15-Dec-2021 19:49:05 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
385
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:05 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
last-modified
Wed, 15-Dec-2021 19:49:05 GMT
location
/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A1298%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A95639952349%3Ahid%3A424392075%3Az%3A0%3Ai%3A20211215194903%3Aet%3A1639597744%3Ac%3A1%3Arn%3A499940879%3Arqn%3A1%3Au%3A1639597744714125276%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597741736%3Ads%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C478%2C53%2C%2C%2C%2C1478%3Adsn%3A0%2C109%2C681%2C180%2C201%2C0%2C%2C305%2C53%2C%2C%2C%2C1477%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597744%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:05 GMT
dcm
s.amazon-adsystem.com/ Frame 3A2A
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
0P76RX0J43DSJ5T2W0X4
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1KQEHFX61YTM8HXR5X9B
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 3A2A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&gdpr_consent=&us_privacy=&gdpr=1
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESENqV4_wubCKYl01OfWx4Pgc&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESENqV4_wubCKYl01OfWx4Pgc&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:05 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESENqV4_wubCKYl01OfWx4Pgc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 3A2A 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 3A2A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbpGsPHGNeSA3Pkd4mYMRAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOpE_5a4uDc8FX0e27c0Dqc&google_cver=1&gdpr=1
43 B
999 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOpE_5a4uDc8FX0e27c0Dqc&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:05 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOpE_5a4uDc8FX0e27c0Dqc&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 3A2A
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3740180705741226068
43 B
1018 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3740180705741226068
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:05 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3740180705741226068
pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
getuid
ib.adnxs.com/ Frame 3A2A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
bridge
cm.adgrx.com/ Frame 3A2A 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.196 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
ams-delivery-5
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
sync
ups.analytics.yahoo.com/ups/55940/ Frame 3A2A 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YbpGsPHGNeSA3Pkd4mYMRAAABKIAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
ix-usync
router.infolinks.com/dyn/ Frame 3A2A 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/ix-usync?uid=YbpGsPHGNeSA3Pkd4mYMRAAA%261186
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be2317408a7695e-FRA
content-length
35
expires
Tue, 15 Dec 2020 19:49:05 GMT
vendor-list.json
vendorlist.dmcdn.net/v2/ Frame 0604 		297 KB
38 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.dmcdn.net/v2/vendor-list.json
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
AmazonS3 /
Resource Hash
72a24849a385cc8c2e75bcd6a6cd2530d7d867ee28ae27aa89cd5b48f7403e8f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
puSsJBdY6n1_ReUCeRc.OniLCjzZRUnW
via
1.1 42feecb57a2a4d3ece0a33f7c279b80b.cloudfront.net (CloudFront)
age
531538
content-encoding
gzip
content-length
38193
last-modified
Thu, 09 Dec 2021 16:05:33 GMT
server
AmazonS3
date
Wed, 15 Dec 2021 19:49:05 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=604800
x-ip-address
178.79.246.42
x-amz-cf-pop
CDG50-P1
x-amz-cf-id
ayyyBhhaAm6o5c5fbuPJbT8ncHNUBFhF3eCdWqZ_c52w2hyiBtcBMA==
x-llid
efddf897c008d1b4e2bd03a49470fd53
expires
Thu, 16 Dec 2021 16:10:07 GMT
Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
static1.dmcdn.net/playerv5/fonts/ Frame 0604 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/fonts/Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3

Request headers

Referer
https://www.dailymotion.com/
Origin
https://www.dailymotion.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
last-modified
Wed, 08 Dec 2021 14:42:43 GMT
server
DMS/1.0.42
age
604504
etag
"61b0c463-9118"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
server-timing
total;dur=0, dc;desc="dc3"
accept-ranges
bytes
timing-allow-origin
*
content-length
37144
x-llid
aa73c094cc7f14577a7df2ecc8202ff3
expires
Fri, 07 Jan 2022 19:54:01 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 0604 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
latencies.js
speedtest.dailymotion.com/ Frame 0604 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://speedtest.dailymotion.com/latencies.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.91 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
st.dc3.dailymotion.com
Software
/
Resource Hash
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:05 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Sep 2020 07:44:45 GMT
Content-Type
application/javascript
Cache-Control
max-age=21600, public
Accept-Ranges
bytes
Content-Length
2041
Expires
Thu, 16 Dec 2021 01:49:05 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 6489 		374 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126427
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:05 GMT
8xXkV1WypR-WWfVpl
s1.dmcdn.net/w/ Frame 0604 		290 KB
269 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.dmcdn.net/w/8xXkV1WypR-WWfVpl
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/2 /
Resource Hash
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
last-modified
Tue, 14 Dec 2021 18:57:29 GMT
server
DMS/2
age
5089
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
server-timing
total;dur=2, dc;desc="dc3"
timing-allow-origin
*
content-length
274998
x-llid
36ca081d1070775184ec944b5216bede
expires
Thu, 16 Dec 2021 18:24:16 GMT
dmp.controls_seek.f219bca68ed2356bbecc.js
static1.dmcdn.net/playerv5/ Frame 0604 		71 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.controls_seek.f219bca68ed2356bbecc.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
cb060519450cc4982f29f8a767e47c4440e26614975f99ecbf3cec04e0cf9cef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
age
518959
server-timing
total;dur=0, dc;desc="dc3"
content-length
18611
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-11def"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
f62cac180afd158fd697c672bc5684b3
expires
Sat, 08 Jan 2022 19:39:46 GMT
dmp.interaction.40fa3cd6349ecc185144.js
static1.dmcdn.net/playerv5/ Frame 0604 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.interaction.40fa3cd6349ecc185144.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
8ca0c44926e7904b379b0abae96e5def8ad7c140d7c68d0ede2f2148e1ad5745

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
age
288683
server-timing
total;dur=0, dc;desc="dc3"
content-length
4757
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-3d57"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
a4e0867aa3560b501bb05e152d3d1c72
expires
Tue, 11 Jan 2022 11:37:42 GMT
/
o22381.ingest.sentry.io/api/1282937/envelope/ Frame 11ED 		2 B
245 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o22381.ingest.sentry.io/api/1282937/envelope/?sentry_key=f70d4f661ef54b5fb9de10b5bb21e376&sentry_version=7
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/follow/vendor~follow.ef331d43.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://open.spotify.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://open.spotify.com
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
/
pebed.dm-event.net/ Frame 0604 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:05 GMT
Content-Length
0
common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ Frame B5F5 		282 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 14:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4424615
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94779
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Fri, 22 Oct 2021 00:26:02 GMT
server
nginx
etag
"6172051a-1723b"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 25 Oct 2022 14:45:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
_RyReTBjXkWw-AzPW_6koUUAVn8ZM72ELzV2WVJ9_YlTzJtTT-WeLA==
x-cache-hits
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 7160 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
328
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7160 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7160 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 7160 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
10725365602667708830
tpc.googlesyndication.com/daca_images/simgad/ Frame 4C7F 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10725365602667708830
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46c1bedebd89ea719e5ffe1c9c2075e2f2be84ef1ab1b7fc16e9464eeedeacfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 08:56:48 GMT
x-content-type-options
nosniff
age
211937
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29307
x-xss-protection
0
last-modified
Mon, 22 Nov 2021 05:55:27 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 13 Dec 2022 08:56:48 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 4C7F 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
328
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4C7F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4C7F 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4C7F 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4C7F 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:46:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14527
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 15:46:58 GMT
css
fonts.googleapis.com/ Frame 0D04 		4 KB
618 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:17:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:05 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0D04 		1 KB
959 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
101
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:24 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 0D04 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
328
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0D04 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0D04 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 0D04 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
l
www.google.com/ads/measurement/ Frame 0D04 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTWsdzRnLoXL_RdzdpToAzhYgjrTXROA422VGrfgmbnL0f41scbdqdVClydDNpOKH9PHZoj
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
c.disquscdn.com/next/recommendations/ Frame AE2C 		923 B
1018 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
Requested by
Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2bfdbf7d2df8d37016a17d53674d2799bb77996a763bf2bee8b1f604dd31a9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005539
x-cache
Hit from cloudfront
content-length
446
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-1be"
content-type
application/javascript; charset=utf-8
via
1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
7WHhEhqU-YTmW78JvQhCQNV2wr5UAybq6PplkzCiML796FYYl8IkhA==
x-cache-hits
0
ping
api.viglink.com/api/ 		229 B
677 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/ping
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.13.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-13-78.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
fc9fd9b3399b2fde63a31d05af5360f1cf2d8c6438e25c106bb2781b733e4b34

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.aiupnow.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
229
Expires
Thu, 01 Jan 1970 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame FB0B 		51 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 14:44:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
363902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18237
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 11 Dec 2022 14:44:03 GMT
css
fonts.googleapis.com/ Frame 401F 		4 KB
618 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:18:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:05 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 401F 		1 KB
914 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
101
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:24 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 9422 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
328
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9422 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9422 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9422 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		118 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1a38d168c128c8527bba9ec53dd7b0bfed0402082866298ba794c5895733c8bb
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Wed, 08 Dec 2021 20:52:54 GMT
expires
Thu, 08 Dec 2022 20:52:54 GMT
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
30585
age
600971
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B26765852.319742854;dc_pre=CIeSx8nJ5vQCFbbnuwgdZ4cDiw;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/ Frame 7160
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26765852.319742854;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=...
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26765852.319742854;dc_pre=CIeSx8nJ5vQCFbbnuwgdZ4cDiw;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_chi...
42 B
63 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26765852.319742854;dc_pre=CIeSx8nJ5vQCFbbnuwgdZ4cDiw;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H3
Server
142.250.185.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26765852.319742854;dc_pre=CIeSx8nJ5vQCFbbnuwgdZ4cDiw;dc_trk_aid=512199117;dc_trk_cid=161007458;ord=897934744;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 7160 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CEXw5sEa6Yc2bC5KLngW2rrqIDeWJ4uxm5vDS794OjtHmrYkCEAEgvfTmcGCV8v2BlAegAfLZ-IMDyAEJqQKUit6m2-OyPqgDAcgDSKoEhQJP0DMwDCmVXZk-dB7X6O-Hf-z_kgr1HoifggvPPaDCkzH6d_ozC4rE6cEkNLuuQq3RYlwYFbbyej0v3YdMag6UrFaP91sbCb0JGfgQ3EENbQa-damAlHU51KUXC2wAxwmosPSVX49nA7SINZTBtzDthiLou2_ZlddQWS94NB-FDxvFgr4I_Nr7N2ibmEyXQkxDIXlJvOLnDfF91zp_YUnjXiryj9hcjNPgrPNOhRkuLokXyfoI2rnHX0UWTC-PNs8CaYlV49HBdb6GGAKhKO9-mb3Sfy1YGVeMCZcYzay1YNbDUz2v703FX_gzdvUkfW0Bqk9FPCuMolFzn6OXA3A7biqNjxDABNDe1dT3A5IFBAgEGAGSBQQIBRgEoAYugAf2pYd8qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpr4b2AcA8gcEENDfDdIICQiA4YBwEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0xMzQyMzQ3ODQzMzUxMzM4GAA&sigh=tPGEdYAQmZI&uach_m=[UACH]&template_id=531
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 4C7F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CmXNbsEa6YajQGcGkiQOA9KmwD7m5k5lnqbe4z9wO2dkeEAEgvfTmcGCV8v2BlAegAazyuL8ByAECqQJi2p0dU_oMPqgDAcgDyQSqBIkCT9B6lJKmhV_vsf2ehZcbymV9EzC-h2dml5ZoBDjLvcaeZ1Cujyr247LTbBk3cRhV4ocEcLf98YJwieQq2aPhqVvvJzEc1laJTZA7BNYxpia1RvDwtNZU76olnJboj7Z6fMiNsQOMDM6mnjPdSihAw31QqVrUUqifjYy2bTB5hz5NiKGq0fByXb4L_tprPfZ7z7YzPvHRJX3n1nLMfAs_mnankzWoL19NIbXDJA5jEjMT0Lv-3DVbi5HZaE9IklrYLbuTWZU4UR4fQKMp1-kIecCcNh5kY-jN0gy-KxLlxLCb10IoB3nDU3e1MbdRwoP6ixAFY5AwD4lXMpQcWmXlQOYjBWERSeEw5sAE9MH0-egDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB7yNx8ACqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQrOYQ0ggJCIDhgHAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=If4EFS0g9_A&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 0D04 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
88944
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
5844677041473729754
tpc.googlesyndication.com/daca_images/simgad/ Frame 4138 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/5844677041473729754
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54fba0abef056bfa4a37c702730f7758c29fead1d9456b7b8a1cab55d6673db8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 07:12:48 GMT
x-content-type-options
nosniff
age
563777
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71273
x-xss-protection
0
last-modified
Thu, 09 Sep 2021 11:25:40 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 09 Dec 2022 07:12:48 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 4138 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
328
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4138 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4138 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4138 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 4138 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:46:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14527
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 15:46:58 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 401F 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
328
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 401F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 401F 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:05 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 401F 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
l
www.google.com/ads/measurement/ Frame 401F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaS9k3Jl-e2QBSNjAIC3kixg8i_aeCnR8KGgCaCVfHsj8SNUAG0IuuHQXJ8kvFAc0jv6iCtW
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 401F 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
88944
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		118 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2735234f40288691ab3e5e65371a4c251cc6474b81988081d31644ebbafc1b3a
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Tue, 14 Dec 2021 11:28:17 GMT
expires
Wed, 14 Dec 2022 11:28:17 GMT
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
30578
age
116448
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B26766164.319517987;dc_pre=CK6SyMnJ5vQCFQDjuwgdOnoBfQ;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/ Frame 9422
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26766164.319517987;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr...
  • https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26766164.319517987;dc_pre=CK6SyMnJ5vQCFQDjuwgdOnoBfQ;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_ch...
42 B
63 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26766164.319517987;dc_pre=CK6SyMnJ5vQCFQDjuwgdOnoBfQ;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H3
Server
142.250.185.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://ad.doubleclick.net/ddm/trackimp/N297201.3159GOOGLE/B26766164.319517987;dc_pre=CK6SyMnJ5vQCFQDjuwgdOnoBfQ;dc_trk_aid=512275546;dc_trk_cid=161005276;ord=3634503263;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 9422 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C550SsEa6YZXpEMOK_tMP5-ejqAy1yuHsZtbklKjZDuXqq6_eARABIL305nBglfL9gZQHoAHy2fiDA8gBCakClIreptvjsj6oAwHIA0iqBP8BT9A0QgIeow25otVY-nalXPUt_A7jIXFXz6uTEYWZxsj6YSVfloZRbc54QGR549PYRhnvLJXl-YvQXM0PgLg11rSM87j-OcC-vnfKZ-_63pAp1TkHCECDCDZcG5HT2lPQBzPxAa2RkpMGUXBFfSDX7S9lrEQ8loHlN30lI4wu7wvkEagyIq2ttwKZ16LbnLP9JlH3rQRfIIGTLDMiQVMZ5qgB2ymHAOq3eqyjlI31kJgFZpyN-TGE_lqI5kQ2jbcBfFu-txrgkVNh9eUMaUmJv-_Uz5y77DDHl5iQUDz24NUaMI3B-sz9hT-y3tdzaZdcVWRhcfIH8AtlnLLQY0eKwAS636Xk7QOSBQQIBBgBkgUECAUYBKAGLoAH9qWHfKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHBBCt0wjSCAkIgOGAcBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMTM0MjM0Nzg0MzM1MTMzOBgA&sigh=ZLq115CKIos&uach_m=[UACH]&template_id=531
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
5855017874296619942
s0.2mdn.net/simgad/ Frame 0D04 		857 KB
858 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/5855017874296619942?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
79e11ee8b47d2a611d1e36b5755b01395873e0b2cd206e63766d0976abebf112
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 20:23:37 GMT
x-content-type-options
nosniff
age
343528
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877217
x-xss-protection
0
last-modified
Mon, 16 Nov 2020 08:34:46 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 11 Dec 2022 20:23:37 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/2145603764733335165/ Frame 401F 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2145603764733335165/downsize_200k_v1?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
39cd4dda3d197829d18497a003fa176b55f7347ceb63d6c813d335558b62cead
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 14:20:57 GMT
x-content-type-options
nosniff
age
19688
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15043
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 17:18:46 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 14:20:57 GMT
truncated
/ Frame 401F 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
bridge3.492.0_en.html
imasdk.googleapis.com/js/core/ Frame 8345 		597 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.492.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc0e86fa9839984b0d1c815a1008ba178b8e3b50f347ee2446d967e6fea8d09b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198450
date
Mon, 13 Dec 2021 09:13:33 GMT
expires
Tue, 13 Dec 2022 09:13:33 GMT
last-modified
Mon, 13 Dec 2021 09:11:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
210932
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 6489 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 15 Dec 2021 19:49:06 GMT
dmp.dynamic_quality_switcher.810da786f426fdf0a69c.js
static1.dmcdn.net/playerv5/ Frame 0604 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.dynamic_quality_switcher.810da786f426fdf0a69c.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
03de68cb1fdd007abd024234102ebef9781fbea17813281d3a5717d25870762c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
age
288683
server-timing
total;dur=0, dc;desc="dc3"
content-length
7196
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-57b0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
c3cff5fef9297ebfbf185071a09676dd
expires
Tue, 11 Jan 2022 11:37:42 GMT
dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
static1.dmcdn.net/playerv5/ Frame 0604 		189 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
age
288683
server-timing
total;dur=1, dc;desc="dc3"
content-length
54717
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-2f204"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
c3e171b60e36922222ead552fa7269aa
expires
Tue, 11 Jan 2022 11:37:42 GMT
x7zgqmr.m3u8
dmxleo.dailymotion.com/cdn/manifest/video/ Frame 0604 		0
297 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dmxleo.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?auth=1639770544-2562-q5i1dp2z-93ffb84ec1ae9f7a0a997b11f9e87e09l791345nc7u8XooOYiVpGujcsmmrJP43ApIdW-0KSC3ZGc-Yl0G0cH2kYqfxXO9WiQDOJ5oGPDAjhXYDaOtm0HDoRi3v2U0osJknvb1hiicjKb_G1yHgIBKo7g_TiPmCavUtxsElDy0tK8pyoxp3_b50DP9W5KPlQSyIXqwdDxT96KKT93Znq2Ww7I4COjO-oS_tabxkG69dXJw3E-Bca19MBXDW0Z57t2c9nBvFYeX-zVzKLTxvu_era0OsNlIDrfPt9arDp8xk-Eq8FnXZuf5_pq2eN0xxXwV1xyd8m1Rq7QLxrGoywZOt56AfGHJA3Eg8_gBeADFnskx0Fnq--eFhJFjcagkkr5-TJG6t8s6DZoGHPUYO6PzGCpBAQv8BevXz9go_13rFQrKWwI3NX7ToDO74DHFL73Fv3joz33Vm0QwVx9_uy6eaPQT29IpTnj5VvRgl8OXGIP9iJXEk0Jy8P19Cfw_e3UGVHkmZ9szQgqDCkMB3GmzK8s9VnIM3xYgGxdJVfPlbRb2kMD2Y-ioEALR6QIa2gRB3QEj2kiE-BGUbmonrDAJgiLsc0rZCD_Y4WX2cOvQ_AwuJUDyyYyz-fg89QoJwyB5OjSafPwkvf__zV608loZaG9SEtCyXB8gvBMf-ulsb321nrrTpavLGWXuBxf-ak9HIkUHMhmn9NIZilIyrLR4qc2666pzBGrRD97-JWYPBF67nTsae3k7BvrfzrwizmecOqgnHbLgjXNdKF_WVItgN17dEWSlh9FMZS3SDCI3ZlHcnpE_MInnqFJva3RxAYkij07DVfTnzLhYZVWUVVTamC6US1R4-0k19MLz1PcDuVokhHiryQ9F_H2X8-W0g-FrARNLBZsx2j3NAdyjgXgK7RBK3Xb9C3wtFIEKXsTFSdNfxz77VbEa85BiQk5uzk7XrZN2ym1-BWS038UT4f0aH6RyjyxE7dosi4in9jB3HgCTgTus-vaIXz8bddfFanEtkm-xIIWfeChb169yZHkoRjWBZubzZIP8hHAD1d0xVUB71GugMI7Z5xL77xylCoM5vcn5sicuk4xfEZMfS3FlYsCVRh4_RVCjuZUbEejiHwhI06fvOwkhd9TqO_Khuddl6bVbIp4GD4JF32FRAAVBo2zCum8r8vS0502uxYLC209MFQWYfQ8OqctoEPZdAh0IcIiU_24JRn5mqFlhpJBr13KOyqYDHdTpmsDdmEbNoeFAyhTHvWeNzOZApGDCylvhhJl24sZYsX5fTn6n4ou_rvoP0h_f5p2aj3E8ADa6VLF18ck1WFHXOSGVR-LKT07FhMG5Ik3MXwLySUGguPDMI-jQZ3OFekMaOxJnqYvwURtE-cSVDCdA-IdkfP-Jpa6pzNxq1M_Ogrump006mtXmVZhkIouhIKjMq0co9BxAcua6pObnv5Z5r71umqgUXutSQk6mOtqEe3ISj1cBotw3fJPRZJOUgIvz7QeSMZlAZyVaQcOpOTTfByohYrcAgroF8Y0Vo_9LMeLa0gUZnkxUighDPZHgdGZYaPTEwTB1zb6nvp2o8PE9WOY3VxOMPbfUGQq5qb-RltE30BnlQZlIMKVPP18i6OFNKuBHY2FcSxnKzF68PDSUmpK78A2bsKh4VeB_wuQ8pep3PkhtmVZUmCRz_tbOApJf8zCpDL33irEBtb9uguDGsFMxnNPCVkQtdxJ76iY1Re7rqI5rgf2FhJF88dqq95kOy-qna7Hn8zj6lFHY7wbqVi2RbK4RNqVgiMrKUAJQSUjeoGRY1_aNDkAo4PrvRhRieN8WyzFKByfNzrmEcd7XiNiIlQTGaFJB-D-xHhB_KMjNns6BTz3yKIs9DMl7Y7kmxSnEpC6u70U_wF56XkJKDVQlVpV3G56PWE2iy-3jAUKJNvRqwGPfmv3E527rAnQOEG3eqkcCXqA9MUlDe1XAgvHDC6hOxIOJKhttASJFq8yLQ5lV2uw3beHMwx0aBc6VURsEpIlUx4otLGQYRvp3DN2eGNeIgU5cGe4yznR93yuL2uWewlZyMqeyL4G7boX1UTWORm3TEUFcKCA2ktym4_oXSOYMYOYX8FOs6StW1WcSWbJxF0aUHIEYePRORsUCz_okea5cx4wFEBMuIcLeqpEVvI-3naXzKqAlDt1cq0_x4Z2v42wCFynDywmnQL3DDd3hnd4CrmKc95f-iF8Z1YDaNzkURNBMKVIQuLWd13SzF4IEM5AS9kZx4YwGMBDiRd7Ix2FIPxOyXkNoujaLPKpf0tG3IgHc93Lyk01M9KAnMTjAxIFtbQgNqi0Ujywnt_3nTKL0afCXXhcAd9JyrxiEOhGXVmN0yvMJGQj3_zTRHF76S0pCo03-TZHyg3T-1RY8MZKycZYuh07fhfBpkaNrKExjCv8LfzFTxsqAXcLSxo1oWuuy60JmkyDj1N2PfwWgoSu9n-PZM0wOa5gO6c3W5d1LhLs7qwnZhbbUNxKXdvOkLwo1XzdyPJ2MMFtv1JpW9AbR_W23fX6ZM0ZuGID-IYdqQDfoLrKXAo-PtvjUUEL2-8anWD_854qaasn7DJPHHtPUvL4M5v3K-tZGep2Vw8V14dc3SnUgJID0VCAM3MRDLpewmxwbldvz463-8rZcpEfRdYAQHG09WDKCe5Untw9IiVdFCRCIUD0KQeyDetSsbk5ja1LL1tGSzASu8-JF_TVsAh1JcxI2Af1AdnACcGukMCzBuQEH8RHP_3bWHyzipd4nd6WwFMLzCV-8db-_GYEWTrJRvL-dbyCppeBfOKlGHG86drVRNFEPE&bs=1&cookie_sync_ab_gk=1&reader_gdpr_flag=1&reader_gdpr_consent=&gdpr_binary_consent=opt-out&gdpr_comes_from_infopack=0&reader_us_privacy=1---
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:05 GMT
content-encoding
gzip
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET
access-control-allow-origin
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
adview
googleads.g.doubleclick.net/pagead/ Frame 0D04 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CqA75sEa6YdvkF4e0iQOo9oCIDvae_Zhmro76zJwOwI23ARABIL305nBglfL9gZQHoAGMk_qrAsgBBqgDAaoE7AFP0IS_sjbmjMx7hNV_8_0E3ei4lZB-Pa7f61F2jdAQjK7icArWx_hi8cuLMghRn531dJEOd4-9Zx9VINifgUdrONPzW2sdeYd3BBZ1-jzmt1Yu5ikQGurlH_qrkgNWb9wfH2ACwc69EuMNZyWDcpWGpemxI4r2GD7V8vauUnpJlV_4GnGdVaBKZ6nIb5l_hmtZzzIfBGEz2JpmnsoafEvybuAsRW618P3hwiAfm-p5JG50iA_gINZQMjtfYh_SK96-QGCMweXCqYXNe62yBvKXdIf5FgtNuDWfZUGdhdwAzCGmqnu60Owf2mevHcAEk6WH1M8D4AQDiAWdn9CQM5IFBAgDGAGSBQQIGxgMkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAfc7IXUAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcLENOyngUYiKiklgHSCAkIgOGAcBABGB-ACgHICwGwE_DGwg3IE7-Wyt0D0BMA2BMNiBQD2BQB0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=VDGDfYVA_ZA&uach_m=[UACH]&cid=CAQSKQCNIrLM_ZPVhCLdxKSvlcjS21_4eNXq6NgVTymLCYkONQ-RHQqa-T-M&template_id=509&vt=10
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 0D04 		42 B
63 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAg2K1Ub7dHMANZjxnuXaXuoVwDAB-BqpIj4JsJhxfgquSezJL4M6oh3UjyFWtxYRsPPSZf1dxG3vIG4KwT92ZqkTfiHtL7w2A_V33V33IdqhZGIz2vxEa6frTFfkUvBh5p2RhXkIKzmClZEjujgmB5NHIfA&dbm_d=AKAmf-CMA_sF1VWWjwcSo5yYj_fh_n8V4PrNtvfwlDGej1EPKZRnXf1jo3c0eXpi1Pn0tE0OD4Q1pUBkHjDFPMranyryHDl7CDguEhEU8jegdGXaHUX9SDCxHM-7u0mIUh-uUKpOfcjKwmDoqxoOzKH1fveJ3VU6tTRooXahb6Tmi8cLhCZyVZDlmvwWU2TqbxuV6P026BVvAo4NVkahSWxyt4ZLuLQWfqO07DnKWmK-Zf4UmxjXBhwLz-wYSt7nqeBBCqfWkLypX3i9pM71gsfxQtHiiVdgL8nOVXzLyOZ1B4QQRpX5_Kjx2jWYuBYhRZ3GLE6M7HCLIhaBh-vpI2uWYvBtroG9LSbf4uO-yN5unFlkX1T2UCrvY8tiWX7dQjQAZbBxqkZ5lMrXZ5FFMZK3AqW2tZntYa4tJWAOpDOqks_qjcGoon9ZtIuykX-B4YOToxtSW-s3x2h0SNlw7peMl2UqRjS2TOpRi6mn3jAOtQ2EsG4SFIprsq0CyqqRuyLwRjX5V_iJ_g_RYLg37rf33zl6DXmmM-3e4ALmxZrWZA_-TgXDNtu9n51gx4284nhmE7Ps_ajVho0WHCQxT5qnZGnanHsdKQl-Q3Ac0ND5uKtz1e5oP3nbPKlRtu_A-pYoJca7-sXvpqpCsd8Led2eGP9A5mb0UqItdDp0k1Glmq9U28gp1Vc1U313A7QGH4OaqWano0bdGvCd8yq077NY7SavCZMN-41U62VtykJvLx8yKxZOaSqpmLNiVpF33XJK-9kt51HD0ExpILNAPi8asGmIByVOdTi1YbZ1tJRVzkO4lBXM-aDHYnEBw63gKtj_Hhgj2ZKa6JKBcOfL5394UtYpmXe0S2_rh-uZ2p3zg0T0Eqn6BDWLPYHW2Tw2AIxxdJt8WxRFOFWckADvYMxqA6LlxAe-dFXBFvEmEhjjEhejRNh5tO58lXFCcID_f6y55Ch_EbIMPB07ygNWVbsrx95mja-6EunQ4rgiaUqz6gD1DJ8uJpqiDbDuid2v_cukfyO1xK5kAqWLvb7QEbNEZG-kc8f1EsMi-gzaLhh8eN3EI9PhL-_X1GyO-WbiDbIIFmdOzY544LY3RtLid8VU0ZiGybuvG1MaGP5-DWKpUn4KcDrI3wbeE8GxdyZZI4TAjeG5C3flWJzt8lrA1zRFN9hxKz0CWEeGJk6tJWsnTu8CC5qA0HlgcVkTN0WILd0MAksE-ALfWEIeAwwqWBPcS8a0H7UZdq3X5Q3QONeuXJQvIaXSZTfUYDkOEzZ80LpwZge3cR1bIPUGrCReL3lFKfFOoWesP-ToblEn3P2piVnQR8UFiKOpyMYaKvwqzFMDObDvjctQfU5m-GOgu9RqOHOrM0mKN1P1OBoOugWlZuMerUtpJusj_mpKmBpdlJjqEhOeata66mCN0F-eUjXRQMaT1N2te_PkYburHHfLlccXC-_TfXxbbn8hk4GbGjyHRoJ6mCprSvfi5axGj8DuRAelPVBtf8H0AgNbLfq0sGbSLHrKZsWTcIpUrJ8A_q39fEt2Oh1Q6Yk8Ow0S7gMKfLO2F7Gui2GKJ3jhEb9QTGcaewrvwWiS19S5DpiMVsW5yNogMR0aiJJZ6DlagzT9vikB4oJG-dICwWKmtxWB749ISJ4i4YdpoaCevwWXyu5DuVyLkBTuLHyW5rKvIQDYKr2NUoa6zwbmBr3zYoJMAy0K0t1WKTlfTpimfNAT7hkf_6ww_M1TYJT4Nfxrr4jcFfrlwu5965I9n0M0oAp-EvPV96ziZPUmDQgnJyGzLaftLGrMCrJqz4CqMewUyRh9Bpc3TnsuGySJqairAJYqI7bjmOF9bJloM74O5kbHGuhNfNgepbgK0mVyYtA22kwVapfcLAuP6u31_FiLqwl4UPigkb9l4iSqyeJwb4XS4bmLwAa2QD0CU8PnrfmjkrK9UlzOsz-Dz56LwkqTnMfxNIo3IHlOf28WDA2n3DRyJwGZX5X70E4R20GQLv9eI15BDfVyBRFgTxGubeBm84ABNhqBTJMbc7XW4LnCGDLkIJvpZpVjFp4eFmaSkaSBN_6LAEveRbVDLXo3PTz3a-3-F3bcncvKAW5JXOBDgsjzyRq0wApU02zdv5Pq8McFMKKNTCOtis41LrKvTayJhkrt2-6uiA8LzSkv07YRcZpnlS9a0u4H7OXUyIOLAF7_un2lwaWJdkc5msPI4j0a6aIw6muO_IVZ_NDbygm7Y_kEFNRt5uuJCOPgb35pc3MpQuFpJCXFCCa02yGyXMbKJQuuFkmVHVVX8Cpl7XrofSOvbhJqggYwMSAHfZeeeO6gAUs5DJAZ0X8E3fpX0BTEGSOqeFiUdQjlheUOJhfDBolx9qF-y8jp0EDupdm5lmFo7-oa1Q7vjSIDskkIevuV81IehbwXpO766r2ZurQ9InXpaMW3QDdRq1JD0D2VNAiN_Vu9XXBXRIHw1bq8zGTR-S4PPA2lkxq_MoQAf9NXgjs3CQkpLHiSLJxEwjMGshU6vs9HCpcC_8jM9J_4s2CpcN08CqHqZbPwmkkYGLZj3DgmlNpb-37To8OBD5Y2JoY0GjRxVKKSL1EVCwB-Kr78ydjexls6vLaBf9TINK--gg4NzMS2u3gjpUK50VpoQlOaME23x718gBbLmHrTIec-dYlaVDSzRiqL93LXby1dpLZYiQRgRV9oOelx8l0JvfJkPmQpER36MaxyezWGq6WHXHgc6mAVxfWV6LQVTadsgd7vkUPK0Yd1xwuW9BmjVXoDJVknw-dq_3kviy4KrbgO6u5WmrwgyfxJ5skXiHFozMDmc2g99feFbw3rblw7-x3U2bcbTw6NlujzKMxh1orv3VU59sJvQ7KFr2jrvKqI5OPEIbX7f2TftyjO4CKtN2KPYN_7QCdBxOcfTJEbYYd0O6cf6X3SUTVaPrvQcB46H7SFx7y6C6Be5FWgyMldIj7OQUlVQLovoCW9iQksA1pmFZlFR6RQbxCiWeF_fT-R41d8coMzrIgr5HxY1d42GvC6DSV-9c1PE6mWomS0Cut5Jka_07-DTEozHNXfwOly9V3PZ5ur-Tm3YoXjhdiJLdMYv9jtcO7ySwoU_rQ9DTeqh6TnmMUGi1I3XuU&cid=CAASPeRorkg9dwJknYk-Vx5mjPHeTc3SZFB9MeDKLzEeOxYMq21ZSS4Z80ipJVANBkeNnviSpbEUycKbhFfwQd0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743090&bpp=2&bdt=354&idt=608&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cGWZVdKQu0&p=https%3A//www.aiupnow.com&dtd=612
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 4138 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CxlW-sEa6Yd_yILqjmLAPr4q-yA664suSZ7_JoPDmDrGspYzZKRABIL305nBglfL9gZQHoAGY7uqhA8gBAqkCVKI2fd3gsj6oAwHIA8kEqgT9AU_QowSQWJVdPLH02PG644O4IKVlTtU1D6egduXrPbfW3GQ2jf3c-KQq4JAAp-fzmwe7vHYlXKdGrPlHvFYZ7oi9dQu-whNxwzBmBgL0cgd8fSsk7rUgCKW1Fy_ceQ5Dn4LEpyjSK7DWKRFa6859rv1G03281Ut2GcAYKdkkXKDa5iT-xh4aW--CuxnVBopwH7SIcQdAi5vQux12Y1aga0ba6zzVCLlRqSwiGhnPIIfOeT2WJKYrlaXDjrEWRCCInoyq4zEjjKIIZceT4_uIquMGFSemG8hDIJUJRSBh5lPTWqh465KQnLOW684NMEa69mhRUpp5NxMM3vxVBgTABO_bt9jxA5IFBAgEGAGSBQQIBRgEoAYCgAfQkZVeqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQgcIN0ggJCIDhgHAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=AE6QQb-m4iU&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
intag_incontent.js
resources.infolinks.com/js/1769.027-3.025/ 		173 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/intag_incontent.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be231765ed9695e-FRA
date
Wed, 15 Dec 2021 19:49:05 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
3635
etag
W/"2b399-5d2d8ec55168c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Fri, 14 Jan 2022 18:48:30 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 401F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cs8lZsEa6YfCnIISDiwO4toGwA-eW1_5mgry8gKoPitGj7b4BEAEgvfTmcGCV8v2BlAegAf3XmsECyAEJqQKUit6m2-OyPqgDAcgDywSqBIECT9DAG-UNeOposZ3rSpoaVL7sL4gJsKleSBE8kl5AuSi0IuiiCMaXtLMuaKaKNjJcXzQB8k8vp4_cxPH4c-VK8LG1LyrfLYdXGLjQtus0jIsKtYcaU11ihtmnQvRP-unrqJsZb-UjbH1ego3uvvzKOSsWjjbcWdytqsc-TRrhu2Hfd6otHkLlMfXWTRI05LZR8CQsSbFY-vi0aWw2TB4-dTGNmShl8lgTlC7-6NTtRGqdi4U377pfOJZTYTtxWESEx0BMFXckzGZjKX8yDnPhNtGi_JUNO1hgUczwDFdtiNHqKLFqd9yQPtEWf5qthq4Nni0Wj8fyTPDPjVFxZhW1joLABMiZ45zwA5IFBAgEGAGSBQQIBRgEoAYugAfrp-W-AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEIHXDdIICQiA4YBwEAEYH4AKAcgLAbgTiCfYEwzQFQGAFwGyFxwKGggAEhRwdWItMTM0MjM0Nzg0MzM1MTMzOBgA&sigh=4jiZcTjrbns&uach_m=[UACH]&template_id=5000
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
cast_sender.js
www.gstatic.com/eureka/clank/96/ Frame 0604 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/96/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:02:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13623
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15236
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 15:10:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="cloudview-release"
expires
Thu, 16 Dec 2021 16:02:02 GMT
common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
c.disquscdn.com/next/recommendations/ Frame AE2C 		262 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005540
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
Cma54UnriBHBFV4VxYeZWbwSG-yyrS7UwD8h9k_NWhGMA6snxm81fQ==
x-cache-hits
0
Screen-Shot-2021-11-02-at-8.11.33-PM-1-1024x391.png
www.saastr.com/wp-content/uploads/2021/12/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.saastr.com/wp-content/uploads/2021/12/Screen-Shot-2021-11-02-at-8.11.33-PM-1-1024x391.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.73.247.27 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
27.247.73.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
84077212eff3a118119952d95dfdd412f3a97e1c779d3881ce6c3402fbfc96b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
last-modified
Wed, 15 Dec 2021 05:37:52 GMT
server
nginx
etag
"61b97f30-10289"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
66185
1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH
doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/
Redirect Chain
  • https://drive.google.com/uc?id=1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH
  • https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xA...
  • https://docs.google.com/nonceSigner?nonce=lnrai3kct15jq&continue=https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597...
  • https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xA...
22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=lnrai3kct15jq&user=13572733374762013682Z&hash=ihbshi6na7ipnagq3pjp28ifrk73ek9a
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ac58756be8a08b00efa89ae967645beadb91d7a724c5217e4c847be2f06d4034

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
access-control-allow-methods
GET,OPTIONS
server
UploadServer
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
x-guploader-uploadid
ADPycdtJdfrL9AU12mXE8MEN7VelvCWYXhiEbzXp07TX03BN7d1MeOerOj07VsmIVnWSLgOv-LLMXkzBgVwfLOS5qqpRydV6Xw
x-goog-hash
crc32c=sudjPA==
p3p
CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info."
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
inline;filename="4214db0a-02ac-4110-a901-bb96409e7ada.jpg";filename*=UTF-8''4214db0a-02ac-4110-a901-bb96409e7ada.jpg
content-type
image/jpeg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22775
expires
Wed, 15 Dec 2021 19:49:07 GMT

Redirect headers

date
Wed, 15 Dec 2021 19:49:07 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="DriveUntrustedContentSignerHttp"
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
report-to
{"group":"DriveUntrustedContentSignerHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external"}]}
content-type
application/binary
location
https://doc-10-94-docs.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0/og8p596u6ccj5tjjtdauaftb27nksn0k/1639597725000/04172779913741121811/13572733374762013682Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=lnrai3kct15jq&user=13572733374762013682Z&hash=ihbshi6na7ipnagq3pjp28ifrk73ek9a
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-ix74D1ryk72uf4ypldFRnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self', script-src 'nonce-ix74D1ryk72uf4ypldFRnA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentSignerHttp/cspreport, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 786B 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2805
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s
googleads.g.doubleclick.net/pagead/drt/ Frame 192A 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2805
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s
googleads.g.doubleclick.net/pagead/drt/ Frame A6D7 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2805
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s
googleads.g.doubleclick.net/pagead/drt/ Frame 2EFE 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2805
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 7160 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
82c3b988a2cbd0ed808e7b8a8e6492b4352af2bea2a7187181d4e1a9be736aac

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 0D04 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d92ef1fc59ca0a42648e704458434ce31e641effdc30d1bb8b5d41ebc8bf762b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CF7A 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:48:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 15 Dec 2021 20:48:50 GMT
domains
api.viglink.com/api/ 		76 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.13.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-13-78.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
f7664e23b73cb30828e04463f54920dbbeb02d02aa052877f46ec0ef515d2511

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:05 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.aiupnow.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
76
Expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ Frame 9422 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d82b1d0353b313086c9438e8d43011f8e00fb6cef060c60333a2d6a55c7afade

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ Frame B5F5 		165 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678119
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26065
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-65d1"
content-type
text/css; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
t2IuYt3VnZvAXLfCgbDaw1m48seAVYiriu6oYFODG_KqX_OCrF0Z_g==
x-cache-hits
0
truncated
/ Frame 4C7F 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e5cbadf2520dc34f3318a463db9b9a4004e15eb72693eb5c8971fb8e1d00cd9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
cb=gapi.loaded_3
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes_style_bubble/exm=auth,profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes_style_bubble/exm=auth,profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_3
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c4a8c639edd67d769faf82914dc8ff0a1104373b575707f5f363ba8a91f78acd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 15:44:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
360270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5103
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 11 Dec 2022 15:44:36 GMT
css
fonts.googleapis.com/ Frame B8AB 		6 KB
743 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Overpass:700,600|Open+Sans:regular
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bb9bbca62474487d6bfcfd88a8da5d165633d0ccdeb4ae5ecbc9ae963575877b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:30:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:06 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame B8AB 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 23:28:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73239
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Wed, 15 Dec 2021 23:28:27 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame B8AB 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12927
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 16:13:39 GMT
css
fonts.googleapis.com/ Frame 79D5 		6 KB
743 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Overpass:700,600|Open+Sans:regular
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bb9bbca62474487d6bfcfd88a8da5d165633d0ccdeb4ae5ecbc9ae963575877b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:21:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:06 GMT
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 79D5 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 23:28:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73239
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Wed, 15 Dec 2021 23:28:27 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 79D5 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12927
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 16 Dec 2021 16:13:39 GMT
truncated
/ Frame 4138 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b22251f63b49f2c24864c6529d2174090ec111318efce86b3140339d67fc0d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ Frame B5F5 		475 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678119
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
122873
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1dff9"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
CFmt8W5S2HSdsmMvUIPk-KHRka7DOTzBMj5AeEcPlLbyj8-vwvYuJw==
x-cache-hits
0
config.js
disqus.com/next/ Frame B5F5 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:06 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
31
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
default
www.aiupnow.com/feeds/posts/ 		66 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&start-index=17&max-results=1&callback=jQuery111003603580231294272_1639597743022&_=1639597743026
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
da93e21044cd49e9c8b630d9125b44dcc8e22ebcce2cf8663d38f888d558fcc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"f90762885665bc3e9218faa8e4a40c963b4ec586b6f2ea02ffb15ce7c72ce5d6"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
21405
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:07 GMT
truncated
/ Frame 401F 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02e8ed546acde0a1d9d07cc08532695ab1acc699f4debafcf512e19f50eeb678

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
getads.htm
rt3027.infolinks.com/action/ 		124 B
203 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3027.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22IL_IN_ARTICLE0%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22a%22%2C%22miw%22%3A1%2C%22maw%22%3A342%2C%22mih%22%3A12%2C%22mah%22%3A2400%2C%22sdata%22%3A%22image%22%2C%22scs%22%3A%22OB0XGVAPuL%22%7D%5D&rid=cf780947-e665-4fa3-b2a9-7ddb74fafdb1&jsv=1769.027-3.025&sr=1600X1200&rts=1639597745905&cfv=-1&ref=t.co%2FIMBWIxzlWq&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tzo=-0000&c=c&strg=true&rsd=2aWYEOloKYwzQyahRm_7adLYxyvT3wa_Ohk8De0Yph738Fa38wwnLFLYtYupw66Zd8FZctpCJz06q80uAn6EHj9Owm5O53lcq_JZ2PCsbhO3mGwq9UyvLoM4VGgR7ePMso1KiMGUa6vFPAIA0nwkuY4EYOZIhd2H&rsk=22&rcs=JA_gPIR8q2K4L-q9l2VNXw&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4bac60605cc28d70120aeebfd16265f062a1192d0f51a0384ab90453818e894

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:06 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="NON DSP NID OUR COR"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language
de-DE
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be2317b9bee695e-FRA
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
dcl.htm
rt3027.infolinks.com/action/ 		0
116 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3027.infolinks.com/action/dcl.htm?rid=cf780947-e665-4fa3-b2a9-7ddb74fafdb1&jsv=1769.027-3.025&capara=%7B%22mode%22%3A%22default%22%2C%22markers%22%3A1%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:06 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be2317b9bef695e-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 401F 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:33:18 GMT
x-content-type-options
nosniff
age
51348
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 05:33:18 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 401F 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:54:06 GMT
x-content-type-options
nosniff
age
64500
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 01:54:06 GMT
10725365602667708830
tpc.googlesyndication.com/daca_images/simgad/ Frame 6B17 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10725365602667708830
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46c1bedebd89ea719e5ffe1c9c2075e2f2be84ef1ab1b7fc16e9464eeedeacfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 08:56:48 GMT
x-content-type-options
nosniff
age
211938
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29307
x-xss-protection
0
last-modified
Mon, 22 Nov 2021 05:55:27 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 13 Dec 2022 08:56:48 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 6B17 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
329
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6B17 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
224
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6B17 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:06 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6B17 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
396
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6B17 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:46:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14528
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 15:46:58 GMT
RetinaMedium.2811330fd8cd981352918b4059564b10.woff2
static1.dmcdn.net/playerv5/fonts/ Frame 0604 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/fonts/RetinaMedium.2811330fd8cd981352918b4059564b10.woff2
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
0365e3f4d308d0beec787524d9a2f686351e1011555515526ddfaf34176d0514

Request headers

Referer
https://www.dailymotion.com/
Origin
https://www.dailymotion.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
last-modified
Wed, 08 Dec 2021 14:42:43 GMT
server
DMS/1.0.42
age
604500
etag
"61b0c463-8fcc"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
server-timing
total;dur=0, dc;desc="dc3"
accept-ranges
bytes
timing-allow-origin
*
content-length
36812
x-llid
0f7636559fcb63f1398b7d51d5336b2e
expires
Fri, 07 Jan 2022 19:54:06 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 6B17 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CoooasEa6Yf-DMI24iwPHj724C7m5k5lnqbe4z9wO2dkeEAEgvfTmcGCV8v2BlAegAazyuL8ByAECqQJi2p0dU_oMPqgDAcgDyQSqBI8CT9CaBTqg0qajEQxeeZmDJNr1_zQDpjT4RtZ0u3kMxfuIYVp2IEL8x_3tX031z_KEbzDCkw-wqxA5GlEGsmnc8X3qLzmFCP_jugVYFX0l0RgErPTbGLB6gjI2t7aK57CnLQkk1tmp1n_JOd2QrCe24Fxwvr8FdrsukNsy8X_PHUctDY2mOMyZDX3NcRpPyRkIhe0fD4EuAJigQLskpjOREZOQ3o6P3EKiE-F-aVGKJ8Umpfzh9c4BYK5nYqDD-k3SDjZYAX1Z_GXke2lQaKG5wb6nAfh-dCcJxVOTO3IKraMO22Urh75YCEOtZdeqsrVCx44fVu558vc-LtejSoGnGoS-TKLDKxSyjBDmgHCZQcAE9MH0-egDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB7yNx8ACqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ2fUC0ggJCIDhgHAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=9riUbRiGwlU&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:06 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
x240
s1.dmcdn.net/v/SnsdJ1WypR--M_6QB/ Frame 0604 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.dmcdn.net/v/SnsdJ1WypR--M_6QB/x240
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
DMS/2 /
Resource Hash
c9dbf391eb49cc7fb60b02931b2d3595eaf3c065b716778f0be58306dd7cbde1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 08:31:30 GMT
server
DMS/2
age
26502
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=604800
server-timing
total;dur=1, dc;desc="dc3"
timing-allow-origin
*
content-length
20487
x-llid
2ac5883533c6de3f8259b4186a33cedb
expires
Thu, 16 Dec 2021 12:27:24 GMT
x7zgqmr.m3u8
www.dailymotion.com/cdn/manifest/video/ Frame 0604 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?sec=HhRoXb5vURZvHJ_AeJyVXKriXSdNVoLSwNsThfMM9tQRqXsKpvEz6sbh8EPWKGeJ681vUQF6sokCKFYIa2uvQw&dmTs=433660&dmV1st=85BD040AD5676152A123949685B6B5FC
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
39947c13916e5320090985dc27701829329c0bf1f40ed4debdd7e5dd93b56c2b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Wed, 15 Dec 2021 19:49:06 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
application/vnd.apple.mpegurl
Cache-Control
private, max-age=600
Server-Timing
total;dur=25, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
Content-Length
2075
Expires
Wed, 15 Dec 2021 19:59:06 +0000
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ Frame AE2C 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005541
x-cache
Hit from cloudfront
content-length
2978
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-ba2"
content-type
text/css; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
dOrKsjMRLcP1BEToFee-079ePSShZUgkZXCkrJo9qN09hPI4486fZA==
x-cache-hits
0
k0mtnwaPiJWk8CavAZCSyiiuy4U.js
snd.click/cdn-cgi/apps/head/ Frame D08B 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/cdn-cgi/apps/head/k0mtnwaPiJWk8CavAZCSyiiuy4U.js
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9f21406615f1546dd9ced7d75db04dffb75609a92a35f835405784c78119447

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112609
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
799J88C0261GS46S
x-amz-id-2
OYScEjvSJEz/nC9a2YuFgn3bZ/GExwruvjUP1OiIT8fttqlaFlPjptDJ9WbANTjOYmMgf1Ms7UY=
last-modified
Mon, 21 Oct 2019 15:01:53 GMT
server
cloudflare
etag
W/"7031c38f280b4d0118a771a4d493828b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDKcnJswEnrXWx%2FAZ319fNhPNV9FzZqRmKiytdYW3q%2B4j3%2B8sJyI9cp641hj1apJt56o3HfUVuegQU5yO65jh1JTYPCQ8ENG1mtigBA1dxDGSjFSXmJDdgx24VgZUch%2F5e3l7W8m3pE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
6YU3RAlWGj1iJUnxcHmzNeblwGRVBezJ
cf-ray
6be2317eafe56946-FRA
css
fonts.googleapis.com/ Frame D08B 		7 KB
748 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans:400,600
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d5cf55fc7fb9816c5b7543e469706d77fdfa681df626c471e44b08fbf0cb9fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 19:49:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:06 GMT
bootstrap.min.css
snd.click/frameworks/bootstrap/css/ Frame D08B 		152 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snd.click/frameworks/bootstrap/css/bootstrap.min.css
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 May 2021 13:25:00 GMT
server
cloudflare
age
112610
etag
W/"609d28ac-2606e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8WDwxnDA3z4n5gMhEF6cFDQYXCfWvOGww3xN62K4Z26knZJmb1a6tya7Aky1%2Bi66erlcN2BlLyD0p%2BKddqZ6VZm%2FGO9Z%2F33UchcWCShyFYskkqS4NKHObPtPjJIgWkdj68Tob7LAEaE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2317e9fe06946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.min.css
snd.click/landing/css/ Frame D08B 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/css/style.min.css?id=cecc8f3ce54a139a39cf
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cf34d605f353037a0ab53e0d1abfe48d1c54263e5e763c23366e77d45960bfa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 25 Oct 2021 13:56:45 GMT
server
cloudflare
etag
W/"6176b79d-2326"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88EnDuxquPqDZv3c4C5oAtj5FQECY0sDetW2VX8tlV5NnB%2BDeUOstzpi7wfJ7bI8vABVQOmbaOtxNNbjzHhw98iyu80bmwFnqiwRHz6WvjNPTr9TESqVxnxx6Evkr4YjJfcn0fLxD4Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2317eafe46946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
play.png
snd.click/landing/img/ Frame D08B 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/play.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07820f0ee3e5c253462bade268025f7712fdf14c0821fdaeb25040791fca9e4d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112610
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
52519
last-modified
Tue, 11 Jun 2019 11:54:48 GMT
server
cloudflare
etag
"5cff9688-cd27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwStYoWUB%2FmzbPBdr3PIPt2c7SVtH6vTnmmHystNe6%2FsFXfq9OMmqik%2BxazvCEmeDLxTr3G8wEhiHmQowsGFKXZl2jst6BpRJyuiHDKm2ro4cEj9GOudhHoDPGhYel5xulFrI%2Bpo0B0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231810eb26946-FRA
1000x1000bb.jpeg
is5-ssl.mzstatic.com/image/thumb/Music124/v4/f3/53/13/f3531334-66a6-a46c-9a24-d109879e0400/8445490162586.jpg/ Frame D08B 		212 KB
214 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://is5-ssl.mzstatic.com/image/thumb/Music124/v4/f3/53/13/f3531334-66a6-a46c-9a24-d109879e0400/8445490162586.jpg/1000x1000bb.jpeg
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2ac::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
ATS/9.0.3 /
Resource Hash
e89c1da385be36ce801884d3609d7339ed0a608898520cc43a31334a8ab5535d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-apple-jingle-correlation-key
RSJGQXJXPHH5CRL5G7RF6K4THA
strict-transport-security
max-age=31536000; includeSubDomains
etag
"MSwxLjE3LjMtMjFMLDIwRTI0MSwxNjM2MjI0MTEzNDk4LGlzQnVpbGRWZXJzaW9uTm90U2V0LDUxMDE0LG5vRWZmZWN0"
x-b3-traceid
8c92685d3779cfd1457d37e25f2b9338
x-daiquiri-instance
daiquiri:13624002:mr85p00it-hyhk03094901:7987:21RELEASE176:daiquiri-amp-processing-shared-int-001-mr
x-apple-request-uuid
8c92685d-3779-cfd1-457d-37e25f2b9338
b3
8c92685d3779cfd1457d37e25f2b9338-2cd69c16fe368b9d
content-length
217382
server
ATS/9.0.3
x-cache
TCP_MISS from a2-16-186-230.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
apple-tk
false
last-modified
Sat, 06 Nov 2021 18:41:53 GMT
x-cache-remote
TCP_MISS from a193-108-94-144.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
apple-seq
0.0
date
Wed, 15 Dec 2021 19:49:07 GMT
apple-originating-system
UnknownOriginatingSystem
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control
no-transform, max-age=12567996
x-b3-spanid
2cd69c16fe368b9d
cdnuuid
e4083fa9-39a4-4a8c-a32c-03606a4b278a-641434754
9_1560249795_youtube.png
snd.click/storage/platforms/ Frame D08B 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/9_1560249795_youtube.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
111739
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8256
last-modified
Tue, 11 Jun 2019 10:43:15 GMT
server
cloudflare
etag
"5cff85c3-2040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l70b0C2dDjScpHZs8OiPR%2BXqQPMFLQM0bG3Hbjjptte3O5wQMb27OIzkVZ20aYhhU%2FeVYgFf03D4Oyk0czgLt1BLyyC%2BDB%2FMS7aGVMLtc7yxUPJ8cMpjl2T8b6kPVT8LMNui8m%2F%2FyR0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811ef46946-FRA
6_1629198382_spotify.png
snd.click/storage/platforms/ Frame D08B 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/6_1629198382_spotify.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112551
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5041
last-modified
Tue, 17 Aug 2021 11:06:22 GMT
server
cloudflare
etag
"611b982e-13b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RYqRBQrbuHmpYZy%2F7oFVjbBZE2%2B%2BsabfsYPabQA2IinGh%2BYRpi4Hl6QPM8FaErjdLqFuqGKXDyu%2FEDDg8G2VEkXCv4EvCBS2oZB2hWT0SoZnTZMgV0D4wxx0kBLidEeF3PASuPkLl7E%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811ef96946-FRA
11_1619597220_apple_music_logo.png
snd.click/storage/platforms/ Frame D08B 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/11_1619597220_apple_music_logo.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112437
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6100
last-modified
Wed, 28 Apr 2021 08:07:00 GMT
server
cloudflare
etag
"608917a4-17d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nY7YfyPqADbzrSL7I14PdFAfz%2FhAnlFb23%2FLy5CliKeqyQBh5lvuYsuhyaqUAaxB70S%2Bpqi%2FmC1A6ZyoGh3spllCX%2FMBQStYtvxX3yqmlxF1yV%2BGhY%2Bznbmu51ub7Y2g%2ByCHmvIM0c%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811efd6946-FRA
19_1629199063_pandora.png
snd.click/storage/platforms/ Frame D08B 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/19_1629199063_pandora.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c90b7e832a212a6390a5ec8c2c1161bda9375fb414ad87bfea2e282d2284be79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3062
last-modified
Tue, 17 Aug 2021 11:17:43 GMT
server
cloudflare
etag
"611b9ad7-bf6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDpp8wp7W6P1hXFfxrbtns0w%2BHGSq3z6b3%2F9xxBr0%2BakkJr1t0V3NCQ6ylN9Pmyz9HJZoUnFrqQgjIn1Cty7J%2FhsEkiDnbKekXLL551ShSGtOb%2F9Qm3qTbsPrPqnJCVA1gVF5ewEjG8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f026946-FRA
47_1629202649_qobuz.png
snd.click/storage/platforms/ Frame D08B 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/47_1629202649_qobuz.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9222037993e442ba70d3b56378f359c8c37b8e2cadfb301735de27bd0ea24635

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6724
last-modified
Tue, 17 Aug 2021 12:17:29 GMT
server
cloudflare
etag
"611ba8d9-1a44"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=97LnQX2i7BTIb2QReXSvPqxffM6QxjbWbHD44smnea2iwEH8sgQSLTxsApHKZBwSDDOBZ%2BLBn5xjMWXmV8QAehK%2B%2FJAacuXR4r%2FyT5xA988SM2PSWu%2BysR4txmZ51lOecKG%2BPZYQcLw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f086946-FRA
12_1629198849_deezer.png
snd.click/storage/platforms/ Frame D08B 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/12_1629198849_deezer.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa0d1383cd6184c9654b458ceb23a3ad8c700d98cab32478b805e385efd97af0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112551
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7419
last-modified
Tue, 17 Aug 2021 11:14:09 GMT
server
cloudflare
etag
"611b9a01-1cfb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y1LhEtCM32mdOagO%2FlhYojnHzlmKASevNiefLGfJfz3orHi5dZ8QOtkNuTbOrjlKlCTsFZ5TTeIaXlFh2PqIEFctSam%2BGVV1SaHFb%2FZ2BD%2FIGfSBOdbnyq2F1I%2F7kEsVUZu9qWWFFWE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f0e6946-FRA
8_1560250345_soundcloud.png
snd.click/storage/platforms/ Frame D08B 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/8_1560250345_soundcloud.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8559b7e5e86976ac2b43d84dca46f5710852e2e1c50d5fdce5fd532efcb2154e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
110370
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5510
last-modified
Tue, 11 Jun 2019 10:52:25 GMT
server
cloudflare
etag
"5cff87e9-1586"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQoGq8bcUoF94oFO3%2FQEUHwJ3curQCROFra4AvA9IphvLJeY7fta531KtraSvef%2FnLQrw5IztaZx%2BajKMhJiiTA3LvAu5KoUI56pemuEzGAaa2HUWKOk7iYmhQjD4CJ5fk53cNQI%2FR4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f126946-FRA
16_1560252521_tidal.png
snd.click/storage/platforms/ Frame D08B 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/16_1560252521_tidal.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4476c31489084f057d971484ea8337d294bdce33db840a204e800da4e37ebe1d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112551
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4664
last-modified
Tue, 11 Jun 2019 11:28:41 GMT
server
cloudflare
etag
"5cff9069-1238"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J3v0956bkUUMFSqiAWxdwEPubtkJ82%2FwBR9QTrkRQpKGvhP85oAGNbQwfT98vw1w%2BM3gs49NtilWsx06AkjD2qxsxojZQufkcRKcLNSbL7vZ3ZxIlEQXIDR6vZQy2TCfVvfaQIA4ALo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f156946-FRA
17_1560253092_napster.png
snd.click/storage/platforms/ Frame D08B 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/17_1560253092_napster.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ec2fc40578b5d3c7c8ac12187d460fbde0d2775e48091c1363e4fac43f99a0b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112437
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8456
last-modified
Tue, 11 Jun 2019 11:38:12 GMT
server
cloudflare
etag
"5cff92a4-2108"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2Bzsrub%2BeafAfo6Jik6I76CERdL6CWfPERoMfUAgUFa2WIMfpx0tpaWXRDaJvn47Thtloa8tIHJD6iyQqklyhOldRyS%2BupGfoiOECMJsdCRPH8L%2BnXm7PzeHpMOI85ac1UxLzGgEbmo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f1a6946-FRA
31_1629200927_iheart.png
snd.click/storage/platforms/ Frame D08B 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/31_1629200927_iheart.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32c8ec967ccde3b64e5317b356d5ca6ac6a0b39ba32f6de2f8c3b1a4e38c2574

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4948
last-modified
Tue, 17 Aug 2021 11:48:47 GMT
server
cloudflare
etag
"611ba21f-1354"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hmDVLwEqk6rdr4hjOe%2ByUDpPVrfu0dnjInjoXtUNzAPZSz2rE3pG%2Bn4aRGDuqECguhGv4ZDJTdLunRVy1rgAaYmJnIrnkvJAnkLYCx%2FpWr0SJldn%2Fct707Zl9SA3T6Jf5OpWxLhtd9o%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f1e6946-FRA
118_1617886201_amazon_music_alt_black.png
snd.click/storage/platforms/ Frame D08B 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/118_1617886201_amazon_music_alt_black.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
884bab512acc3235af224271f85a9030fd7461211c697519808bcb7702c1a091

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
107447
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
41889
last-modified
Thu, 08 Apr 2021 12:50:01 GMT
server
cloudflare
etag
"606efbf9-a3a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRPByV9FuNFhETl%2BRSwe4UYYCgljBjHEREeMMnPTZgSWorLjn9%2BHmGQtv%2Bn9T%2FhA9%2Fk635AY8q8paJEqXPtJ0bW2RD%2F0iX9UF%2FNxqD38%2BDShEZl5NF5qrpdJsI6xklz4YhbGAgUsIjw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f206946-FRA
54_1597838664_yt_music.png
snd.click/storage/platforms/ Frame D08B 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/54_1597838664_yt_music.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
871f64d89795838c773a27fb668e45b3e494fb3c24758cfcca6934f305f0db72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112610
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6852
last-modified
Wed, 19 Aug 2020 12:04:24 GMT
server
cloudflare
etag
"5f3d1548-1ac4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4sv2fMmfZL8%2BfaXZNxInTLvSYVSDqAY3%2Fd%2B2hF7vTQ4prW%2BeewdViwGAyav71b7zJ9YF247laz%2B9qnY5fzH%2FLcbJISpXf5oA5oFdd1rDPRVeqhwxpncXSxH9lhTfvYShc7AHRYZDSEk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f246946-FRA
24_1560252942_audiomack.png
snd.click/storage/platforms/ Frame D08B 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/24_1560252942_audiomack.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
654fbcbda47c2aa67f212492935f5f7ac35cb0a0ce269ac8ba0ee283c4afb691

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4847
last-modified
Tue, 11 Jun 2019 11:35:42 GMT
server
cloudflare
etag
"5cff920e-12ef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6vsqfNjoBAT95yOTWhq9piB%2BCfB59mdevISkC2omqBzxmE2nLuKEXhKsTt3JveO06ewSIS%2B3dkIqtON7k41wktz1zlfDQJz0W9c4KCMu3i2HcMGkcdFlK4ZSTOJbCNhIlhVSHs96k1k%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f346946-FRA
42_1551453680_awa.png
snd.click/storage/platforms/ Frame D08B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/42_1551453680_awa.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9379a60c9161c83f5075dec933369e78b3be0d8c3b7827ceda7d7a038ee62ce9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2858
last-modified
Fri, 01 Mar 2019 15:21:20 GMT
server
cloudflare
etag
"5c794df0-b2a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0mkXDuHT2OV9cwTZmxjGwoeHlhAfpbKcfYC0gtll9NBhYsmlSqPz17%2BzOtp6kEm6GSFrb6g5hGGytgW%2BInb%2FbvGD7p0UEkJrShFDJrXoXRSTJZcOEMLSjvZkXoKA8hq%2FeO6HxtIzoE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f396946-FRA
33_1629201073_anghami.png
snd.click/storage/platforms/ Frame D08B 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/33_1629201073_anghami.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6246
last-modified
Tue, 17 Aug 2021 11:51:13 GMT
server
cloudflare
etag
"611ba2b1-1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fDRwCR9A%2Fc5BLf4afwtoQ2DsWAAV7%2BFCc5nIHSnCp32gRt1oOnR7hgZ9rOLulxgrUkHmSoGfYMS%2BJyuEbIWl1S2YV1Hm%2FWtOcOBtJClzeqLReHFwZR8faPMXty%2BUohhMo8e3EwhXss%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f3f6946-FRA
35_1629201159_jiosaavn.png
snd.click/storage/platforms/ Frame D08B 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/35_1629201159_jiosaavn.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7192
last-modified
Tue, 17 Aug 2021 11:52:39 GMT
server
cloudflare
etag
"611ba307-1c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1qmEUFnXfTJGp3Ar2woWfL85c4XGQqwn5XshrI0%2FIOAJKHNzXeP3q7dlJPTTC3w3BTRopOFQ7kim%2Bqz3at7AevDDNx%2F2KvEp7Vkap2uzybbd9PjkuFo7lPtlJ%2B1nRNwdlnPoL%2F%2Bb3a4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f436946-FRA
94_1583854462_wynk.png
snd.click/storage/platforms/ Frame D08B 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/94_1583854462_wynk.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100073
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4294
last-modified
Tue, 10 Mar 2020 15:34:22 GMT
server
cloudflare
etag
"5e67b37e-10c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhAzjLESG55lsff4%2Fegd30VeBNaRDidujKCjAmTOgoy2pxqAPmG00Ov%2F5Pu4yv48Xp6s%2FSVJyt9xx1tz1rrHfn7B2%2BUThwef4qJg%2Fc1ON%2Bz%2BtAZrZB%2BytkQOgyjoGsaIt9LTCSfcwNk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f486946-FRA
logo_itunes.svg
snd.click/landing/img/ Frame D08B 		14 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/logo_itunes.svg
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
age
112592
etag
W/"5ea04bb9-37e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWwCr2CwuhXhLDs7xnE0Doxffjb0S3GBF2TNwcKjHqo8z01ari%2FH8YQi18Y%2Fx32uZuFx43kSRomMEC%2BiESNSwpCnZgwbX3uBqcumCweDXW%2BMuoJ0xVTdON0kHBcti3WHfYXFlQ6igj8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be231811f4c6946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
25_1560246937_google_play.png
snd.click/storage/platforms/ Frame D08B 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/25_1560246937_google_play.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
107447
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11612
last-modified
Tue, 11 Jun 2019 09:55:37 GMT
server
cloudflare
etag
"5cff7a99-2d5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2FqspUm9AQWOYIBsr0Fo%2FrbLb8WC3mdpt0aw4A56sSfcHbbQNYGZ5ceLJyS3sg81%2ByepfFLa51vPbOMNVPmFGYQyGnrzA7bcl2WEWJ9xQDlN5Ng%2Fqq%2F1K9o1Ks4zwwttYI3Iz%2FlNTpc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f4d6946-FRA
20_1629199143_bandcamp.png
snd.click/storage/platforms/ Frame D08B 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/20_1629199143_bandcamp.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
109634
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6658
last-modified
Tue, 17 Aug 2021 11:19:03 GMT
server
cloudflare
etag
"611b9b27-1a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RE3fe3TfsxamXCfgAJg6lsb7tZ0Ccpru57LVGmoP%2F56neo%2FhNFD0lN%2B3N8ENbszXeRlTKVp5PSLAWW1M9nM4qcgMztxzbSWIQ2s5kcf%2FpTKBPDh%2FjmUeXYHx4VDp4kmiS4c5pABZ1HE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f526946-FRA
icn_spotify_64.png
snd.click/landing/img/icons/ Frame D08B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_spotify_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fee9bee5192b952739299570f6f1d5880895edb6e518c14850651083c242fef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112551
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2797
last-modified
Tue, 11 Jun 2019 09:47:21 GMT
server
cloudflare
etag
"5cff78a9-aed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UiHcSBP2l1IzudOMhx8cof022%2BwPGcMCLq8BKpSIJ4uBykN5gMva6RsnS50HhS212guoJSWj2Gjf46JGdWCTq9rr66vyEgT9uR2zo3DfOnwzyEb%2FlVQ%2Fe23pITadyRrzf99J92XpKpo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f556946-FRA
icn_deezer_64.png
snd.click/landing/img/icons/ Frame D08B 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_deezer_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1a32bc2f145aea8c098f09896ed081513a6f6fcb8adc1aecfdc2b43618393a7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112551
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3586
last-modified
Wed, 19 Aug 2020 06:47:48 GMT
server
cloudflare
etag
"5f3ccb14-e02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IeyX8ivWdLgVhW9QaM%2F8Y39ZTdebdr4acuyRQ%2F0GMImeBazBMYaLyRHZtR0pqTd4a5pb%2BJx5ZSwVHFSKAkNQuo%2FpIAUTs4Y%2FBb8MGUkKkjpRrQeDwm%2Fq4%2F%2FfWiVrcVj0PYyG2%2BX4gi0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f576946-FRA
icn_apple_64.png
snd.click/landing/img/icons/ Frame D08B 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_apple_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d387f8955e673b6b83572bdd758e2b0be9da640de3fc2d83c2cb96dbf4c4037

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112551
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2981
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
etag
"5ea04bb9-ba5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZBCqjlmLNSzDhfuOwTxrVeXTx6yJnXEb4jFUvVyvqYMG3hoS0%2FLNDT4K4ZiUYR2NLNWSLs2%2BEV8OxhFGKHqoHpRW1xMAzLPAtdoopwXnwLhqMT7bFlD%2FM4ThzNqZTIAVYMW8fk2n90%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231811f596946-FRA
rocket-loader.min.js
snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame D08B 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Dec 2021 14:30:56 GMT
server
cloudflare
etag
W/"61b75920-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=klgPiKgpqC4hAx5cK2SWEr%2FjuCXBUnuARFc27C5kQ1zOHjTiR7PCoIihxlhM5937OcM%2FatNsY6FVeKh7kJlGNUXf85WhL4FbOXqzho2h1eXLlR6LkFrimW9XlRN54FWsuFT6%2FmaiD8U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be231811f606946-FRA
vary
Accept-Encoding
expires
Fri, 17 Dec 2021 19:49:07 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame EB53 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2806
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame F323 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743156&bpp=1&bdt=421&idt=676&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1324&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=CAIO6Z8EHt&p=https%3A//www.aiupnow.com&dtd=680
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16358
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
482830803_mp4_h264_aac_l2.m3u8
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/ Frame 0604 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/482830803_mp4_h264_aac_l2.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 15 Dec 2021 19:49:07 GMT
Server
lumberjack/2.4.24-2.4.24
Accept-Ranges
bytes
Content-Length
0
Access-Control-Max-Age
600
recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ Frame AE2C 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5613804
x-cache
Hit from cloudfront
content-length
20244
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 11 Oct 2021 20:15:56 GMT
server
nginx
etag
"61649b7c-4f14"
content-type
application/javascript; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Tue, 11 Oct 2022 20:25:43 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
pPhifYAXeUH-CgtjzACnpJaxOHkxH1Se8BimuTcMnmpcsuyy6dDCmg==
x-cache-hits
0
config.js
disqus.com/next/ Frame AE2C 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:07 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
31
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
visual.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		2 KB
1001 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/visual.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8fc00d8824032a8e3e17e51a2e38afd6ab6d5aac1e796ed36ccc6a728440cb9c
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
371408
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
971
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Sat, 11 Dec 2021 12:38:59 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 11 Dec 2022 12:38:59 GMT
qFdH35WCmI96Ajtm81GlU9s.woff2
fonts.gstatic.com/s/overpass/v7/ Frame B8AB 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/overpass/v7/qFdH35WCmI96Ajtm81GlU9s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Overpass:700,600|Open+Sans:regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
995dfb0c839090c9461662fca31b3d886f80dd9e881db8ea224374866eade55f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 20:21:37 GMT
x-content-type-options
nosniff
age
602850
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38496
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:13:56 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 08 Dec 2022 20:21:37 GMT
visual.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		2 KB
1001 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/visual.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8fc00d8824032a8e3e17e51a2e38afd6ab6d5aac1e796ed36ccc6a728440cb9c
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
592898
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
971
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Wed, 08 Dec 2021 23:07:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 08 Dec 2022 23:07:29 GMT
qFdH35WCmI96Ajtm81GlU9s.woff2
fonts.gstatic.com/s/overpass/v7/ Frame 79D5 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/overpass/v7/qFdH35WCmI96Ajtm81GlU9s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Overpass:700,600|Open+Sans:regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
995dfb0c839090c9461662fca31b3d886f80dd9e881db8ea224374866eade55f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
null
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 20:21:37 GMT
x-content-type-options
nosniff
age
602850
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38496
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:13:56 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 08 Dec 2022 20:21:37 GMT
subscribe_embed
www.youtube.com/ Frame 3A56 		604 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
89e1e7d66925e39d903f8909564052d62a529e70cc5b3dd049628d2d0e716efd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:07 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:44:54 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
50653
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 05:44:54 GMT
bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		318 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:32:36 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
51391
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
318
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 05:32:36 GMT
bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		116 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:12:54 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
84973
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 20:12:54 GMT
bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		117 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:04:39 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
13468
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
117
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 16:04:39 GMT
spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 11:23:48 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
116719
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 11:23:48 GMT
truncated
/ Frame 6B17 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a11517741b9d2f953a6889e81f52493ccb44c55c8d6a7c9bdbe190644ab0fc18

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 		149 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54385
x-xss-protection
0
server
cafe
etag
4993246191385855005
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 15 Dec 2021 19:49:07 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 7160 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuaMmx_UvCHRuFAOCZ4mfCghmiL1Qhrn1NSpoSG9deSKGvlCXfwGRdDU8PrleGkvEfhR8cRo-UoNe1NE2c_jreI-5L8Ax6zrOgb24W3aJ9gQ0XFnZeuNw&sai=AMfl-YSYiAMFAhp5eZOk7I3MEFSY9XwhMeG4lZI9Oh6cwmnD0AB6pq_SLdrS358-ZVazdTccnKCErQsrCMHh&sig=Cg0ArKJSzCme9D9ToXLHEAE&id=lidar2&mcvt=1171&p=0,0,90,728&mtos=1171,1171,1171,1171,1171&tos=1171,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2269704460&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597743502&rpt=1936&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
details
disqus.com/api/3.0/forums/ Frame B5F5 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=sigma2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:07 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
1
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3067
X-XSS-Protection
1; mode=block
/
pebed.dm-event.net/ Frame 0604 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:07 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:07 GMT
Content-Length
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 786B
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743070&bpp=1&bdt=335&idt=515&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=FJWNERn6Jp&p=https%3A//www.aiupnow.com&dtd=523
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:07 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 192A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743069&bpp=1&bdt=334&idt=423&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=kTdiI8Dhkt&p=https%3A//www.aiupnow.com&dtd=432
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:07 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame A6D7
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:07 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 2EFE
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:07 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:07 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 05FA 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743158&bpp=2&bdt=423&idt=735&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=2406&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=DHcjTREb5n&p=https%3A//www.aiupnow.com&dtd=739
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9422 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuod9eZ6GJ06yMp1BsofylEh3j0w1kZmqVq2tVN8iifcXKTIBaWaIzpo1qa_lmbVJUVPjI7fY-DaTkRO26d-woRkBLXwL7cHCzZkxhxWxN1rf0hTsrYFQ&sai=AMfl-YRjpjCBGPAi8FXK6vm_1zYLeA9FxLmjM0kjA6fIXWi4vzt3Ohc05GzZPF2dLYi4l6T2oCAIbW0hB5Pe&sig=Cg0ArKJSzPOZv3mPMafUEAE&id=lidar2&mcvt=1152&p=0,0,90,728&mtos=1152,1152,1152,1152,1152&tos=1152,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3822660987&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597743595&rpt=1986&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 52BB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743147&bpp=1&bdt=412&idt=583&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C728x90%2C796x199&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=JvV42QXC6D&p=https%3A//www.aiupnow.com&dtd=587
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
js
www.googletagmanager.com/gtag/ Frame D08B 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-75423470-2
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/apps/head/k0mtnwaPiJWk8CavAZCSyiiuy4U.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a7b4478db6fa30a953d0908270705c14c6afe801cb8dcf1543b0a81c626d91cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36228
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:18:32 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Dec 2021 19:49:07 GMT
RyunFgoTt9A
www.youtube.com/embed/ Frame FB7B
Redirect Chain
  • https://youtube.com/embed//RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
  • https://youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
  • https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
59 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e302fea180b0792866b7bee07f80b63c2203b3271b1c5f306d4cdb03d5da480f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:07 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type
application/binary
x-content-type-options
nosniff
expires
Wed, 15 Dec 2021 19:49:07 GMT
date
Wed, 15 Dec 2021 19:49:07 GMT
cache-control
private, max-age=31536000
location
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
strict-transport-security
max-age=31536000; includeSubDomains; preload
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
server
ESF
content-length
0
x-xss-protection
0
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
activeview
pagead2.googlesyndication.com/pcs/ Frame 4C7F 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvvu-JXQU0M_A0vKaP8Tc3ZzKwzbNy68O4gcg2IdqjU37NlWD7nDqdP5DfoIzF9xi1a8U6PfwJ05aa0Y5vyYpv3oOkLf1L2jQV5WqLQaNvf7ZgR5s_PXA&sai=AMfl-YT-WUJwcbirqJEbdsyOo8gkmcxb8mxnyoMz4hq9nZJs3WZ9rDHdabrysVZpGczummyQN-oYCuvwzgeqcU35wVW4oWPTM3n3lzM&sig=Cg0ArKJSzGRl3h4fL1yHEAE&cid=CAASPeRoERtxYtHccicI2suQzvvTKTmI6HsbeOUEutKiNMIh-f-IwSodXXR9ntmIFO3xVWa7QBpGsv3aqrRhHRQ&id=lidar2&mcvt=1124&p=0,0,250,250&mtos=1124,1124,1124,1124,1124&tos=1124,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=906162475&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597743736&rpt=1904&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame D08B 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://snd.click
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 11:14:45 GMT
x-content-type-options
nosniff
age
117262
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34260
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:02:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 11:14:45 GMT
www-subscribe-embed-card_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 3A56 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed-card_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467269
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2447
x-xss-protection
0
last-modified
Wed, 25 Nov 2020 01:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:18 GMT
www-subscribe-embed-card_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 3A56 		149 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467269
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44975
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:18 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame FA10 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 19:07:16 GMT
expires
Wed, 29 Dec 2021 19:07:16 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
2511
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 0D04 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:54:06 GMT
x-content-type-options
nosniff
age
64501
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 01:54:06 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 0D04 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:33:18 GMT
x-content-type-options
nosniff
age
51349
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 05:33:18 GMT
noavatar92.png
a.disquscdn.com/1638827995/images/ Frame B5F5 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.disquscdn.com/1638827995/images/noavatar92.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.198.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
681306
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA50-C1
content-length
1644
x-amz-cf-id
2LY82J9qCa_-WIZlRzBRDCqFd9d4zRrWEaprVHFbKcwbcpLZkyYaqg==
expires
Thu, 06 Jan 2022 22:34:02 GMT
truncated
/ Frame B5F5 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
details
disqus.com/api/3.0/forums/ Frame AE2C 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=sigma2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:07 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
1
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3067
X-XSS-Protection
1; mode=block
event.gif
referrer.disqus.com/juggler/ Frame B5F5 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=1&embed_hidden=1&load_time=1531&event=init_embed&thread=8927097210&forum=sigma2&forum_id=526051&imp=8sl65gp1hgbqi9&thread_slug=hackers_using_malicious_iis_server_module_to_steal_microsoft_exchange_credentials_cybersecurity&user_type=anon&referrer=https%3A%2F%2Fwww.aiupnow.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:08 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
53791720
mc.yandex.com/webvisor/ 		43 B
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=1&wv-hit=424392075&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=843430827&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1639597747%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194907%3Au%3A1639597744714125276%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597747&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:07 GMT
last-modified
Wed, 15-Dec-2021 19:49:07 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:07 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=1&wv-hit=424392075&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=66635775&wv-type=5&browser-info=gdpr%3A14%3Aet%3A1639597747%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194907%3Au%3A1639597744714125276%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597747&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:07 GMT
last-modified
Wed, 15-Dec-2021 19:49:07 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:07 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame B8AB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 3A56 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 16:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
97222
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 14 Dec 2022 16:48:45 GMT
boutique.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/boutique.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96c9fed934404639caa8b1f74101b53343186d3ed5a654cbe9748c0e78e541af
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
371407
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12238
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Sat, 11 Dec 2021 12:39:00 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 11 Dec 2022 12:39:00 GMT
Persona_Boutique_Owner_male_500px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/Persona_Boutique_Owner_male_500px.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c1b16b47b78e43565be3d12f27133f7eba0a24f5781b292e5fac73d084e0725
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
74366
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46781
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Tue, 14 Dec 2021 23:09:41 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:09:41 GMT
backdrop.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/backdrop.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9083eeab46df9f2cfe1548a485742acce97708d8ff901728e692ed9ba6c8e9a9
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
142957
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1033
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Tue, 14 Dec 2021 04:06:30 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 04:06:30 GMT
visual.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		2 KB
1009 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/visual.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8fc00d8824032a8e3e17e51a2e38afd6ab6d5aac1e796ed36ccc6a728440cb9c
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
371408
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
971
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Sat, 11 Dec 2021 12:38:59 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 11 Dec 2022 12:38:59 GMT
logo-white.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/logo-white.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9c7ced652c966659825962b2c0f79ccbb36d535bb4a61c2ea175eb105690878
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
67994
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1372
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Wed, 15 Dec 2021 00:55:53 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 00:55:53 GMT
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 79D5 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
architekt.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/architekt.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
829c4d5174ddbea97221dafff61a7a208a132f0ecdc7196f1b7011427b34e59f
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
593149
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8566
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Wed, 08 Dec 2021 23:03:19 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 08 Dec 2022 23:03:19 GMT
Persona_Architect_female_500px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/Persona_Architect_female_500px.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
867929a5db83737a5849a31f013a188b9522e6a0b8455bf9ff4f4c2d9aae624b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
50954
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49343
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Wed, 15 Dec 2021 05:39:54 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 15 Dec 2022 05:39:54 GMT
backdrop.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/backdrop.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9083eeab46df9f2cfe1548a485742acce97708d8ff901728e692ed9ba6c8e9a9
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
74638
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1033
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Tue, 14 Dec 2021 23:05:10 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 23:05:10 GMT
visual.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		2 KB
1009 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/visual.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8fc00d8824032a8e3e17e51a2e38afd6ab6d5aac1e796ed36ccc6a728440cb9c
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
592899
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
971
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Wed, 08 Dec 2021 23:07:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 08 Dec 2022 23:07:29 GMT
logo-white.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/logo-white.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9c7ced652c966659825962b2c0f79ccbb36d535bb4a61c2ea175eb105690878
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
592899
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1372
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Wed, 08 Dec 2021 23:07:29 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 08 Dec 2022 23:07:29 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame EB53
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:08 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:08 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:08 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame E871 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597743168&bpp=4&bdt=433&idt=930&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da50def7700f50d3f-222b50dc07cd00cc%3AT%3D1639597744%3ART%3D1639597744%3AS%3DALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw&prev_fmts=728x90%2C728x90%2C728x90%2C796x199%2C250x250%2C250x250%2C300x600&correlator=4428376513156&frm=20&pv=1&ga_vid=306171407.1639597743&ga_sid=1639597743&ga_hid=1847792234&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3579&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753742%2C31063793%2C31062931&oid=2&pvsid=1122785430481641&pem=687&tmod=131&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=w3ga0vkUc4&p=https%3A//www.aiupnow.com&dtd=934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16360
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 1017 		337 B
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3717839
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
BgwSdrutfPW44PHsz7X8ZdoA5N6vtHGhpzafb6E7XWICbuLHkYjqMA==
x-cache-hits
0
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame A99E 		337 B
838 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ce00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3717839
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
K0_2pcRbG2J9AnTX-85Qf5OpmMCNunmJyQr-FRQs3wKGnJzhsbc3vA==
x-cache-hits
0
landing.js
snd.click/landing/js/ Frame D08B 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/landing.js?id=a4d4ab09a2052e8cd0bc
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c811b52b159c35e96af4b1f0b999753162f21933e5e520e288de72dbd5a2018a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 24 Jun 2021 11:55:19 GMT
server
cloudflare
etag
W/"60d472a7-10aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYeaNHhQUblHmV%2FHcaZx5Jr3spV9v6%2BLVF2VjxzsOWDFioHqKgeYUsCJpBhza%2BJGWXoqv%2BDo1bp%2FrOFeBDzz%2BCYjE397bBiz32Z1XYsx6JtCRA0WG66btiYh2cCl4nEICX9%2Bs%2BszwGo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be23185ac576946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.jcarousellite.js
snd.click/landing/js/jcarousel/ Frame D08B 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery.jcarousellite.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a5aa8749b707f73090c7fc4938f6452803ccfe09c30ff8ff5adbd6735b799e6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
112438
etag
W/"5c0d5dac-326e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NWbvZvLmWu3rFl%2BfptcZmPSZPFLDAmpPUl7PHLvxvuyneech%2FriWK7JMFHkt0MiaP0ACGZkuRC9NNBcmWnqxsyV0NpHz86qkWRlfvca0FfUkZlSUVJZw2ZeJKSl1rUMly1iIFz4NK2I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be23185ac596946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.mousewheel-3.1.12.js
snd.click/landing/js/jcarousel/ Frame D08B 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery.mousewheel-3.1.12.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac45e4c266a4fb5e7d49b00f4b3b9c53b70ccb5754d3a6d5cfc338ca3b98bd84

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
112438
etag
W/"5c0d5dac-204e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hf9DEgV%2FOLrLkceLC4Wz%2BPtBI%2FWA5ZV2WIhS3BXbB4r%2FIQgbhDEh%2BNKHIacQ%2Fh1NEfKX6XHStBuSMjrKgG58lNaiP0G061ppM%2F9KNUATLVl%2BIiggYJrSVvw%2B0rKbR11zeZ6MvmGum7Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be23185ac5b6946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.easing-1.3.js
snd.click/landing/js%7D/jcarousel/ Frame D08B 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P80rkK7m9ScYwQ7T80bgPqraPY%2FEIOfN19ztB1A4RpRyPOi3BpBrrzlsZo3z2tR2Co8ACMHvEHYFKPLp4qxfrXJk7aN94ZqlxBBouVqwbv7jfH1jBsv73r%2FOtFOrKtLl5yflt9eIffE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, private
cf-ray
6be23185ac5e6946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
-1
clipboard.min.js
snd.click/landing/js/ Frame D08B 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/clipboard.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
112552
etag
W/"5c0d5dac-29a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7Pp8OiTJYS860Zhg%2BuxmLOi%2F8Jx1Jtl%2FISFxgeRi8a7viYyqwR9K4rp8H27lfU2lWtbmfZbT58o4HjpAp02bBRsYVSXU2hyUGljduNUCpQKm6Kr%2BrQtiuU5ZqeeVkZ28gJsdyHsgVQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be23185ac606946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
bootstrap.min.js
snd.click/frameworks/bootstrap/js/ Frame D08B 		57 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/frameworks/bootstrap/js/bootstrap.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 May 2021 13:25:00 GMT
server
cloudflare
age
112552
etag
W/"609d28ac-e2d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGM1eQNZVVlAxpf0Yp%2FR8cbqxzHUNNWbQhmk0ko7WMIWiJJCWSKTMreHnf5UNUkJ8cmd8Rbe5wBDWhMroCOeXloHm%2F%2F4PzIc3htCALwCx2KsrQuJ8EDdvwrl5pDfPdc7sC0vJlT4ep8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be23185ac646946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ Frame D08B 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1987311
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6157
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFsF%2F42MjcNYvy6g1EOU9EOgdGbYVhWalhfiQUMfqH5S7GaLqCd3OIzN5BTTI3kKtEsgEzmoUDr%2B9DL31eGiF0eAGoTNRnJL05Db%2BjE5VCi2oo%2BLVN80sJA6b1nlT2JRM1qyN8sUW8ilw9aCtsJE%2BsDC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6be23185bb76dfdb-FRA
expires
Mon, 05 Dec 2022 19:49:08 GMT
musickit.js
js-cdn.music.apple.com/musickit/v1/ Frame D08B 		230 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-cdn.music.apple.com/musickit/v1/musickit.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::1fcf Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
daiquiri/3.0.0 /
Resource Hash
638b07dda0f438a7f4c609bd114bedcc9c15b100133b8b8ebffc7fb85197bcb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-apple-jingle-correlation-key
C4LO2VII5O2DEU7UVQMM4M3NDY
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-responding-instance
silverbullet-external:3002:mr28p00it-ztdg08092301:8301:21REL8
x-daiquiri-instance
daiquiri:15887002:mr85p00it-hyhk04103901:7987:21RELEASE198:daiquiri-amp-all-shared-int-001-mr, daiquiri:18493001:mr85p00it-hyhk03154801:7987:21RELEASE198:daiquiri-amp-all-shared-ext-001-mr, daiquiri:18215001:mr85p00it-hyhk03094701:7987:21RELEASE198:daiquiri-amp-store-shared-ext-001-mr
x-apple-request-uuid
1716ed55-08eb-b432-53f4-ac18ce336d1e
content-length
54285
etag
"40b3884272568618861bbec2af9ac315"
apple-tk
false
last-modified
Thu, 9 Dec 2021 18:22:23 GMT
server
daiquiri/3.0.0
apple-seq
0.0
date
Wed, 15 Dec 2021 19:49:08 GMT
apple-originating-system
UnknownOriginatingSystem
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-transform, max-age=405
x-apple-version-number
2150.7.0
jquery-1.11.1.js
snd.click/landing/js/jcarousel/ Frame D08B 		276 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
112438
etag
W/"5c0d5dac-4508e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OcBiY9cOGY%2Bk1wqlP5wPjX%2FLLRVWChDHXNdWWvlMef6tM1%2Fv0iLBQuK%2FA7ZTGI5FDEJ2YSzO9IJWeBFGpNwrcVT0%2F3bMfy6f%2BPJ2LjKoKchMKioDZOGr14Hi2v%2FcP5E5%2FKPaP1tYR14%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be23185ac706946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
53791720
mc.yandex.com/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=3&wv-hit=424392075&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=317142599&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597748%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194907%3Au%3A1639597744714125276%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597748&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:08 GMT
last-modified
Wed, 15-Dec-2021 19:49:08 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:08 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=1&wv-hit=424392075&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=923744076&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597748%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194907%3Au%3A1639597744714125276%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597748&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:08 GMT
last-modified
Wed, 15-Dec-2021 19:49:08 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:08 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=2&wv-hit=424392075&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=439862656&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597748%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194907%3Au%3A1639597744714125276%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597748&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:08 GMT
last-modified
Wed, 15-Dec-2021 19:49:08 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:08 GMT
www-player-webp.css
www.youtube.com/s/player/204bfffb/ Frame FB7B 		337 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88a9ae6f4226f2a69171713a1a08bf670297ae4b2517d8df0d707a206b0bb5b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
92906
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47300
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:42 GMT
www-embed-player.js
www.youtube.com/s/player/204bfffb/www-embed-player.vflset/ Frame FB7B 		225 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a9cf9fe55d2740f89e2bbbd96b47d2793948cb9480aae05f7db428b41e9d8dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
92905
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74767
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:43 GMT
base.js
www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/ Frame FB7B 		2 MB
529 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8903986c927e122375ba7e0e972f366ae8c7104bf6f9fd4bccac2ada20949158
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
92904
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
541105
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:44 GMT
fetch-polyfill.js
www.youtube.com/s/player/204bfffb/fetch-polyfill.vflset/ Frame FB7B 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
92905
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2830
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:43 GMT
listRecommendations.json
disqus.com/api/3.0/discovery/ Frame AE2C 		8 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=sigma2&thread=url%3Ahttps%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b3d9e60436d10a54b04fa0bede523a36ffc72dacbe2db27148aa08d9e55eec45
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:08 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control
stale-while-revalidate=450, public, max-age=1800
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin
Content-Length
7793
X-XSS-Protection
1; mode=block
truncated
/ Frame B8AB 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
boutique.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/ Frame B8AB 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11774447946055422554/728x90/boutique.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96c9fed934404639caa8b1f74101b53343186d3ed5a654cbe9748c0e78e541af
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
371408
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12238
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:51:17 GMT
server
sffe
date
Sat, 11 Dec 2021 12:39:00 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 11 Dec 2022 12:39:00 GMT
truncated
/ Frame 79D5 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
architekt.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/ Frame 79D5 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5954505054832724118/728x90/architekt.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
829c4d5174ddbea97221dafff61a7a208a132f0ecdc7196f1b7011427b34e59f
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
593149
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8566
x-xss-protection
0
last-modified
Tue, 09 Nov 2021 12:40:55 GMT
server
sffe
date
Wed, 08 Dec 2021 23:03:19 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 08 Dec 2022 23:03:19 GMT
css2
fonts.googleapis.com/ Frame FA10 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:24:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:08 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:08 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame FA10 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 15:27:48 GMT
x-content-type-options
nosniff
age
102080
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 15:27:48 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame FA10 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:49:32 GMT
x-content-type-options
nosniff
age
10776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 16:49:32 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame FA10 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:45:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3842
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8346
x-xss-protection
0
server
cafe
etag
3177319193432224586
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 18:45:06 GMT
analytics.js
www.google-analytics.com/ Frame D08B 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-75423470-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2882
date
Wed, 15 Dec 2021 19:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 15 Dec 2021 21:01:06 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FB7B 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 11:18:05 GMT
x-content-type-options
nosniff
age
117063
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 11:18:05 GMT
482830803_mp4_h264_aac_l2.m3u8
proxy-046.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/ Frame 0604 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-046.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/482830803_mp4_h264_aac_l2.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.209 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-046.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 15 Dec 2021 19:49:08 GMT
Server
lumberjack/2.4.24-2.4.24
Accept-Ranges
bytes
Content-Length
0
Access-Control-Max-Age
600
stat.gif
referrer.disqus.com/juggler/ 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/stat.gif?event=failed_recommendations.server.undefined
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:08 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ Frame 6E8C 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:22:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:08 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:08 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6E8C 		1 KB
890 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:49:04 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 6E8C 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
331
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:43:37 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6E8C 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
226
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6E8C 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:08 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 6E8C 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
398
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:42:30 GMT
l
www.google.com/ads/measurement/ Frame 6E8C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRERaHFo2xVJj8gG1-xaVSiXTxBvD8qgzPxAwfLXEdB4NuWp12OKljx0DrwzdXAGsXkGOOc
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 6E8C 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 19:06:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
88947
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 14 Mar 2022 19:06:41 GMT
id
googleads.g.doubleclick.net/pagead/ Frame FB7B 		113 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9447306fcca14b863da5bcc55b505a8bea3ede2e1df933ba6fb4134dcf69fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame FB7B 		29 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:35:15 GMT
x-content-type-options
nosniff
age
833
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 15 Dec 2021 19:50:15 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame E192 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:02:20 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2808
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
a3fmBC5pwb_hc1vtPj8EisbHNaOXXVv65hr18gGbcOg.js
www.google.com/js/th/ Frame FB7B 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/a3fmBC5pwb_hc1vtPj8EisbHNaOXXVv65hr18gGbcOg.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b77e6042e69c1bfe1735bed3e3f048ac6c735a3975d5bfae61af5f2019b70e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:14:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
2078
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13354
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 17:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:14:30 GMT
embed.js
www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/ Frame FB7B 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
550c9da427a76b05374a263e56f08ea0db57d7fd44f33abea68182afe165233f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
92903
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7354
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:45 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame E192
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:08 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:08 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:08 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 54FD 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16360
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
generate_204
www.youtube.com/ Frame FB7B 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?CFgpcw
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
analytics.js
www.google-analytics.com/ Frame D08B 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2882
date
Wed, 15 Dec 2021 19:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 15 Dec 2021 21:01:06 GMT
jquery.easing-1.3.js
snd.click/landing/js%7D/jcarousel/ Frame D08B 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:09 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JArRv4tmQccHdhn2vRGg21o342l76%2BwIjesyi57GgotgNpgpKpA4LX%2Fwz64WKw6gQX8DBNvmNDhwIW83C8UJelQCmzPBYhxti4FZVg0NFc9xnr6AXqpKSW0z4I%2BE%2FxJpyUL9YNEHSq8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, private
cf-ray
6be2318b19936946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
-1
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db9d879a9026ddcf15143e614fba82bd576610d734f82a84161e46a588a17903
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8526
x-xss-protection
0
comments.php
www.facebook.com/v2.0/plugins/ Frame 0CAA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19d4b7700b1888%26domain%3Dwww.aiupnow.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.aiupnow.com%252Ff13e1b94a6abb08%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&locale=en_US&numposts=5&sdk=joey&version=v2.0&width=
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=28f9a6f9eaf42320ac8b003f19c333a0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html;charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
x-content-type-options
nosniff
x-xss-protection
0
x-fb-debug
q+ehQ9Ygj6WrgdHlkYrRpydJsc+5+pPHcZeKyh6zvV+eJsKayfQvoossQOi8wk/6kbHM7zJCJVBqnsK6yUhH7g==
content-length
0
date
Wed, 15 Dec 2021 19:49:09 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:09 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2D98 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
date
Wed, 15 Dec 2021 19:39:54 GMT
expires
Thu, 15 Dec 2022 19:39:54 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
555
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 192A 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a7836e8723b8176f6c962c8ed30fe9316a905e1d703455be13b5e97176e6bcec
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8XRWbq3JFru7p05trN+L3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 15 Dec 2021 19:49:09 GMT
date
Wed, 15 Dec 2021 19:49:09 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-8XRWbq3JFru7p05trN+L3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
pagead2.googlesyndication.com/bg/ Frame 2D98 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
16361
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13559
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:28 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 192A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=1122785430481641&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
all.js
use.fontawesome.com/releases/v5.0.9/js/ Frame D08B 		682 KB
247 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.9/js/all.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0

Request headers

Referer
https://snd.click/
Origin
https://snd.click
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13995611
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
SR8DCA5SAAY20AF0
x-amz-id-2
FhWEDnftOi/x5NSwa0jQd2WZOcjhUashYRDnrRUyVxa8/v9leoFvUGoB1m7ZgB5boUUmqoibNK4=
last-modified
Wed, 30 Jun 2021 15:28:17 GMT
server
cloudflare
etag
W/"bffc6023835e717c0348c41583e56eba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ihwmTgUY2RWCpE25NZ0BH8wJTtwHd%2Fknta1IdQcVcK%2BA0yxPgwNcxPn07CyUvsk%2BCXGuoVksBkj5whbB1zNpjagTdk5d%2BEinb%2FGpk9n1L7VdhNfPxqw8WCxENf7RzzLhom6n2D8ysrFkAIRR50u%2FqU2w"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6be2318d0c907034-FRA
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=1122785430481641&bg=!0dKl0pbNAAZKWFskSlg7ACkAdvg8WoDRC_HeM-DiHHp5DE-Tetp43H7MiSxAXFuhUSsUIfdvy-4IQwIAAAB8UgAAABBoAQcKADS1C1OyFdEgWtGtWbiJOYiXKjIgD9U9E25umkpMQoyZJJwVSim6Ej8bkQt9qyjI2gjikiusmQKoSzwrHweKQeSGV19-Cj7uAtrMYU8VcIluxkGxD3j4rB_T2zCUVa1wxPiCWqUkwqAo8g-TB_G4Zip0yilrVhBguv3PWeqTKw2SlYlN_1p_1tSQdtTs1StiW_Ts5PQEFYlKLPuACrg5CgWsJqbZps5_eOTbzAEV1dKeIHRa6z1UBuLEXSqzy513IW9Rq9EVpT-Zl10dBDGJFvjR60pSPtzy7wSPvK7NdQj9LfJTp9oMJYXkTQOY9e_45H5pg8zbcEXS57TEEB2qUFq3ZDSwn5Ck9UHMdsrrudQMB1Bt5hKgOFM4MVgbTKsuqfzh5SpUvAJQtK8HTgEwpoRFghjn4N5TQwEYioX8T2-G0LyXVPJHORGdVVerMyvQGfwQ-nz12vTGlvNwxQp7O_n7ZgEFCnQbOJkQ0f4lirG1Lh-Ge3JJpW2IRqmS8dbmpx7MJ52MMmOGCPOiEJYU_6fNwYize7UDpeTTAlB9oCeSSnov5URSQDg7XyZ0b_W-HHUXg2Vy2j84IMA-iKiSLpH-22Dkt8L9IhBbLqWGV3YY8OhkW7zsAX6RgriwS8Xh39zRpdELY1A_QCAL46p9e0xp4s1ir-qVNkkSe0-Fwl6yymbBWsk0tK2Bhv9GgNOZMGO0NVVufsrYWOEBL4irCbONPyL2NsVow61gXfflnrhs5ipw7Fl5AN6VNnPgUkbhEqNa72vgymk0jlDYG65U-wMkl5fCHVaiz_N_gScFoacG2b98UO5YuqeZoYJh4KS396Pdl4qcC-j3B5fmSSAdPIjprcXB8ViSn0jjq25QLlYTU4GxfiYoYrDm9hqU0G9rd1Td1ZhdQgAoT3jpEXCXvR3kktBnJaHiL5ZbO8BXuCLqe2a_QNhPtxFTgcejUX_fUlG__62aEWm7nxO234w4LPY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:09 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
33_1629201073_anghami.png
snd.click/storage/platforms/ Frame D08B 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/33_1629201073_anghami.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100075
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6246
last-modified
Tue, 17 Aug 2021 11:51:13 GMT
server
cloudflare
etag
"611ba2b1-1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTERo84yg96J2OJjXFlrZPkdrbOhh6vHKLM%2FNvAffJU1vju0ZhtLMsTssg1q5CaeTzlQ1Hcszt2DNsBTSzwUzy8zlJHM8IlEUVVAUw6uoSc5oXfwPI%2FlQ0ckDUIMdyldBEGSPO2bKFU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e08d56946-FRA
35_1629201159_jiosaavn.png
snd.click/storage/platforms/ Frame D08B 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/35_1629201159_jiosaavn.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100075
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7192
last-modified
Tue, 17 Aug 2021 11:52:39 GMT
server
cloudflare
etag
"611ba307-1c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52%2FjMUHM31W5rJrhOG8KQOIKxK98PB%2FHAUUFEIUi%2BF%2B9lKIZ8sjWvPrQOD6kk1%2F5%2F7DbmzxhzdnjJ9Y0pvjw06TxI0WkT6qokY%2BAdI6wtFt1sWOvuMCPFKYki69IeheNfZMUxg0JWwQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e08da6946-FRA
94_1583854462_wynk.png
snd.click/storage/platforms/ Frame D08B 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/94_1583854462_wynk.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
100075
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4294
last-modified
Tue, 10 Mar 2020 15:34:22 GMT
server
cloudflare
etag
"5e67b37e-10c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4EB9BvtxNKrfSvyEsddUVNouN6BpJZQvttXwS2orLxUmdk0uVBI2YyNP4KReOOCe2%2F8A6fIniTshZif%2FoDU69tUsmVy6KofZboQq%2B4zUMFMjgQHTnVgTsbvmS9EJLUELi3EdAzT0wI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e08dd6946-FRA
9_1560249795_youtube.png
snd.click/storage/platforms/ Frame D08B 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/9_1560249795_youtube.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
111741
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8256
last-modified
Tue, 11 Jun 2019 10:43:15 GMT
server
cloudflare
etag
"5cff85c3-2040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQjeS7nNbW9k2pmpL0ZrzWBPgQTnqio4S8z3bjUzBuga0oe1tThV8AnFhAHNTRwvFuJ21UwtaNERx1tln4PkkKWVFMgLsx2TLb7yH4DDCy2lXcay0Eu3ThpByHkoTpuJ4VuxOuVG2Z8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e08e06946-FRA
6_1629198382_spotify.png
snd.click/storage/platforms/ Frame D08B 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/6_1629198382_spotify.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112553
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5041
last-modified
Tue, 17 Aug 2021 11:06:22 GMT
server
cloudflare
etag
"611b982e-13b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5QSnxO1ewaXTyV6Zhfgb%2BYrGNFze5fUYwOwYV3OOc5jiTvDqBwQM7KgIGjNxkffKij%2FpBJTzTUenggm%2BjgLpD1DNKfOJ1gbykt0gh2bpGu9Wv0bCwIrzqjdzrhQarC4OBdpKc9DCER4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e08e36946-FRA
11_1619597220_apple_music_logo.png
snd.click/storage/platforms/ Frame D08B 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/11_1619597220_apple_music_logo.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
112439
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6100
last-modified
Wed, 28 Apr 2021 08:07:00 GMT
server
cloudflare
etag
"608917a4-17d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRXarY07m68RXvHlHJB4sCJ9lx9M6K5XSTf7n1M0oIb2h%2FaVrb1eeJz5wuRTiKcomqA0iPIOcHwlY%2BM5rXKwg6WYBD3vgTBKc0Iokw2A91vrOYHp4Ke1DK357Geysq%2F5gUt6c1Yh9Vg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e08e56946-FRA
logo_itunes.svg
snd.click/landing/img/ Frame D08B 		14 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/logo_itunes.svg
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
age
112594
etag
W/"5ea04bb9-37e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iys%2FOi2WIVXtA7uoDFyIjPzz9ztv3jLlhrlNk2p5Ca4t%2Bh5cgCHSHLMzwBRfu4D432vBiZhn%2Fd0M5Qy4dtVR%2FwFOsclFp%2B5EYVsHom7h4oUuwZqYwbdpcicvcfIPnTkwm9Dw8nid91M%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2318e19106946-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
25_1560246937_google_play.png
snd.click/storage/platforms/ Frame D08B 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/25_1560246937_google_play.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
107449
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11612
last-modified
Tue, 11 Jun 2019 09:55:37 GMT
server
cloudflare
etag
"5cff7a99-2d5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Ee5rgPqHd8gEqEcjpt4HKRvJdJOXvbBkr1vCZLslNjI2SCPzEz0PRJ%2BlXkf%2FQDjAtl8UQBk8EVSQReCi581x1tNUEcPbsf%2B%2Ftf9gM9T1VbvpfvUQ2zX0gQTioRTVgbQI7xj2EcEl7c%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e19146946-FRA
20_1629199143_bandcamp.png
snd.click/storage/platforms/ Frame D08B 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/20_1629199143_bandcamp.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:1ac5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
109636
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6658
last-modified
Tue, 17 Aug 2021 11:19:03 GMT
server
cloudflare
etag
"611b9b27-1a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHk%2B4FqJJrrNSVpW9pXwckLq9EC5i15OE%2BLg9pM%2FKKE0IUoloxn8ibcoMEffkB4HeMCw0yE9H8wNkXPa4sHtS5x3bMm7igsA1dzC7Uw2zgjQIDobrdTqhQJF9Ju44lb0wy%2BnaJVlnCE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2318e19176946-FRA
nr-1212.min.js
js-agent.newrelic.com/ Frame D08B 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1212.min.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding
gzip
etag
"9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id
YXKSRKQXSAVQSE4H
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12828
x-amz-id-2
O4JKwZC9VFoJXBRd/NFCO0gPTS39j/XLNaWXaKgHazkl5CgZvT66crlfLN37ZUtrHbYn5R9QuA4=
x-served-by
cache-fra19141-FRA
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1639597749.481398,VS0,VE0
date
Wed, 15 Dec 2021 19:49:09 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
3452
iubenda.js
cdn.iubenda.com/ Frame D08B 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iubenda.com/iubenda.js
Requested by
Host: snd.click
URL: https://snd.click/landing/js/landing.js?id=a4d4ab09a2052e8cd0bc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.214.240 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-214-240.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
39ffb5a9e67544a56b3ec4b1b8060a8c9a7cd29b750e624394a37f414cdf630b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:09 GMT
content-encoding
br
last-modified
Wed, 15 Dec 2021 10:23:26 GMT
etag
"61b9c21e-145b"
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin
*
cache-control
public, must-revalidate, proxy-revalidate, max-age=86400
content-type
application/javascript
content-length
5211
expires
Thu, 16 Dec 2021 19:49:09 GMT
db9141e72b
bam-cell.nr-data.net/1/ Frame D08B 		49 B
725 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/db9141e72b?a=184865423&v=1212.e95d35c&to=ZAMANRNYWxZYAUxeXF1JIwIVUFoLFiNIR297EhYRPXpaC00QV1tfVhQRPTJcUyZWDExFXF8KBxMhSUcKWgdLRA%3D%3D&rst=5670&ck=1&ref=https://snd.click/mjI0tjt&ap=1808&be=4970&fe=5635&dc=5615&perf=%7B%22timing%22:%7B%22of%22:1639597743232,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:1,%22rq%22:2,%22rp%22:2434,%22rpe%22:2440,%22dl%22:2705,%22di%22:3740,%22ds%22:4279,%22de%22:4279,%22dc%22:4969,%22l%22:4969,%22le%22:4972%7D,%22navigation%22:%7B%7D%7D&at=SEQDQ1tCSBg%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:10 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6be2318f0f28dfbb-FRA
53791720
mc.yandex.com/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=4&wv-hit=424392075&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=378067377&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597749%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194909%3Au%3A1639597744714125276%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597749&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:09 GMT
last-modified
Wed, 15-Dec-2021 19:49:09 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:09 GMT
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:10 GMT
Content-Length
0
/
pebed.dm-event.net/ Frame 0604 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:10 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
482830803_mp4_h264_aac_uhd.m3u8
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vhItXcdQELOqo7Osd9coDdCFUzdVhxWbBh41UnP0eWTIc-Pi3dV_VYJdLJAQeYIQU)/video/308/038/ Frame 0604 		0
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vhItXcdQELOqo7Osd9coDdCFUzdVhxWbBh41UnP0eWTIc-Pi3dV_VYJdLJAQeYIQU)/video/308/038/482830803_mp4_h264_aac_uhd.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 15 Dec 2021 19:49:10 GMT
Server
lumberjack/2.4.24-2.4.24
Accept-Ranges
bytes
Content-Length
0
Access-Control-Max-Age
600
log_event
www.youtube.com/youtubei/v1/ Frame FB7B 		28 B
55 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
X-YouTube-Client-Version
1.20211210.00.01
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
Cgs3SndBZ254dGdFSSizjemNBg%3D%3D
X-YouTube-Ad-Signals
dt=1639597747962&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image&bid=ANyPxKo7KoEO8ddsObIKD0CYHTxQVc7De2z8B5d22apaQkmY4mE6yw8kYRIBJG2RXXjNtX_2eV-sJyaO_saPw4Co3ftnJeqKSw

Response headers

date
Wed, 15 Dec 2021 19:49:10 GMT
content-encoding
br
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:10 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.dailymotion.com
URL
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Domain
www.facebook.com
URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Domain
open.spotify.com
URL
https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Domain
snd.click
URL
https://snd.click/mjI0tjt?embed=1

Verdicts & Comments Add Verdict or Comment

205 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| _mNHandle string| medianet_versionId function| fbq function| _fbq object| _mN object| _mNSrv function| setup string| _mN_Idf undefined| _mN_ctr string| _mN_ctrM object| mnjs object| hbCMBidxc object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE object| webpackChunkpublisher_sdk function| Shareaholic string| GoogleAnalyticsObject function| ga function| $ function| jQuery function| loadCSS object| adsbygoogle number| perPage object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_persistent_state_async boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map string| google_user_agent_client_hint string| disqus_shortname number| infolinks_pid number| infolinks_wsid object| $iceboot object| INFOLINKS object| gapi object| ___jsl object| creditsyear function| ym string| no_image object| month_format string| more_text string| comments_text string| pagenav_prev string| pagenav_next string| POSTPAGER_OLDER string| POSTPAGER_NEWER string| s string| o string| u function| selectnav object| jQuery111003603580231294272 undefined| jQuery111003603580231294272_1639597743012 undefined| jQuery111003603580231294272_1639597743014 undefined| jQuery111003603580231294272_1639597743016 undefined| jQuery111003603580231294272_1639597743018 undefined| jQuery111003603580231294272_1639597743020 function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt function| __gjsload__ object| cookieChoices number| level number| offset undefined| jQuery111003603580231294272_1639597743022 undefined| jQuery111003603580231294272_1639597743024 function| _typeof object| $ice object| $infolinks object| FB function| disqus_config object| DISQUS function| disqus_recommendations_config function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages boolean| publisherConfigLoaded object| google_tag_data object| gaplugins object| gaData object| osapi object| gadgets object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ object| Ya object| yaCounter53791720 number| $iceId object| DISQUS_RECOMMENDATIONS object| help object| hgb object| userfeedback function| vglnk object| google_image_requests function| JSONP_3047 function| JSONP_7261 object| VK function| JSONP_6807 boolean| __v5k function| vl_cB function| vl_disable function| vglnk_16395977447966 undefined| vglnk_16395977447977 function| __shareaholicAdsBannerLoaded object| bubble object| skins number| widthCompare undefined| vglnk_16395977455139 object| googletag object| google_llp object| GoogleGcLKhOms

73 Cookies

Domain/Path Name / Value
.googleusercontent.com/docs/securesc/4o20v64vb0cj32hqsqp3oo06ubpv60v0 Name: AUTH_hq3ol2uolsl8ptr9jeovocpv0r3trnfv
Value: 13572733374762013682Z|1639597725000|spas8l89jmuvfi07s0feaot34lvok38a
www.aiupnow.com/2021/12 Name: logglytrackingsession
Value: def1a19b-b8ed-4707-ba87-003eab53d249
.t.co/ Name: muc
Value: c206e047-3a4b-4e17-a7ca-d0bacf4985e1
.t.co/ Name: muc_ads
Value: c206e047-3a4b-4e17-a7ca-d0bacf4985e1
.google.com/ Name: NID
Value: 511=a6D2U5kGduVX5fgtwNn2GJSHVKJ6sBZKmMYxVmrehjMkrN3Bd5aBSbZcDmHThgELomTjHvZeBoUwM6RSjxWVq5ZBaUR-N8EnAGf8gkldxU82owbJk1Gx_PJfJxHqGjoKorkN22zhruDbUL-wH5EggflDHNN4RRj_7mSiKoJNREI
.youtube.com/ Name: YSC
Value: fbWC5tUd1KY
.dailymotion.com/ Name: v1st
Value: 85BD040AD5676152A123949685B6B5FC
.dailymotion.com/ Name: dmvk
Value: 61ba46afd4112
.dailymotion.com/ Name: ts
Value: 433660
.aiupnow.com/ Name: _ga
Value: GA1.2.306171407.1639597743
.aiupnow.com/ Name: _gid
Value: GA1.2.898670481.1639597743
.aiupnow.com/ Name: _gat_blogger
Value: 1
.infolinks.com/ Name: cuid
Value: 78cfc0cd-1dff-4e95-8c30-2056f63f3f18
.aiupnow.com/ Name: _fbp
Value: fb.1.1639597743554.1579516857
.aiupnow.com/ Name: _ym_uid
Value: 1639597744714125276
.aiupnow.com/ Name: _ym_d
Value: 1639597744
.spotify.com/ Name: sp_t
Value: 859e2faed5746222795e0df40cee5914
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Ffollow%2F1
.mc.yandex.com/ Name: sync_cookie_csrf
Value: 3240504438fake
.aiupnow.com/ Name: __gads
Value: ID=a50def7700f50d3f-222b50dc07cd00cc:T=1639597744:RT=1639597744:S=ALNI_MYKWe_gBQMmqjMCQXJRIQmpx3DJdw
.mc.yandex.ru/ Name: sync_cookie_csrf
Value: 303133731fake
.aiupnow.com/ Name: _ym_isad
Value: 2
.yahoo.com/ Name: A3
Value: d=AQABBLBGumECEMu8WMw98kqxnbc7lbXZMjwFEgEBAQGYu2HEYQAAAAAA_eMAAA&S=AQAAAucL-2CPM48Sc-66TeVZYt0
.casalemedia.com/ Name: CMID
Value: YbpGsPHGNeSA3Pkd4mYMRAAA
.casalemedia.com/ Name: CMPS
Value: 3177
.casalemedia.com/ Name: CMPRO
Value: 1186
.advertising.com/ Name: APID
Value: UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
www.aiupnow.com/ Name: cookie_consent
Value: seen
.lijit.com/ Name: ljt_reader
Value: ccfda82ee36bf7cf1052f420
.pubmatic.com/ Name: SyncRTB3
Value: 1640736000%3A220
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 4BA7A629-27E4-4226-A0AA-4347858C5233
.adnxs.com/ Name: uuid2
Value: 2615535459032288984
.analytics.yahoo.com/ Name: IDSYNC
Value: "192u~223v:18xp~223v"
.yahoo.com/ Name: APID
Value: UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
.yahoo.com/ Name: APIDTS
Value: 1639597744
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0Mja0NDMxMjA3NzUxtDQ3NBfiM9S1jHeLSjf0Mw_1iQwCAAOmxsMlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFslzmtoZmxpamlubmJqYGQJAGHqE7AQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0Mja0NDMxMjA3NzUxtDQ3NBfiM9S1jHeLSjf0Mw_1iQyS4jU0M7Y0tTQ3NzE1MLIEAA4rlPU0AAAA
.infolinks.com/ Name: ANUSERCOOKIE
Value: 4180968463622704791
.yandex.com/ Name: yandexuid
Value: 5599961671639597745
.yandex.com/ Name: yuidss
Value: 5599961671639597745
mc.yandex.com/ Name: yabs-sid
Value: 2026205241639597745
.yandex.com/ Name: i
Value: WFT4ajzojBqDqRatI688V4wDMNNB1QF3EEospcgj5KHX6Fw8lfH56ZWDKMF0ZOEoLOQOfIEDXFCyni1OPP11Goyqtz4=
.yandex.com/ Name: ymex
Value: 1671133745.yrts.1639597745#1671133745.yrtsi.1639597745
.vk.com/ Name: remixlang
Value: 6
.infolinks.com/ Name: VRUSERCOOKIE
Value: y-18zKVEBE2uGllNGulROlNPdIZ4CKr76u7_UVm9Y-~A
.dailymotion.com/ Name: usprivacy
Value: 1---
.casalemedia.com/ Name: CMST
Value: YbpGsGG6RrEA
.infolinks.com/ Name: OUTHUSERCOOKIE
Value: y-T0Ghv1dE2uHWFlPW9_U.VrXi0PZ4682L~A~UP0ee8603b-5de0-11ec-967c-02ce2ee4e570
.infolinks.com/ Name: SOVRNUSERCOOKIE
Value: ccfda82ee36bf7cf1052f420
.adsrvr.org/ Name: TDID
Value: e0638c74-cf4f-44f4-ab68-decc9116267d
.pubmatic.com/ Name: PUBMDCID
Value: 3
.turn.com/ Name: uid
Value: 3740180705741226068
.cpx.to/ Name: cpSess
Value: 789fa27daad62e25
.cpx.to/ Name: dsp_app_nexus
Value: 2615535459032288984#1639597745493
.infolinks.com/ Name: IXUSERCOOKIE
Value: YbpGsPHGNeSA3Pkd4mYMRAAA&1186
.infolinks.com/ Name: ZTUSERCOOKIE
Value: 5123196420775419717
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwjsoZbr1YOgOhAFOAE.
.pubmatic.com/ Name: pi
Value: 60809:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.casalemedia.com/ Name: CMRUM3
Value: e661ba46b02760&ce61ba46b005a0&2761ba46b00b40&2961ba46b005a0&2d61ba46b12760CAESEOpE_5a4uDc8FX0e27c0Dqc&0461ba46b127603740180705741226068&be61ba46b005a0&f161ba46b005a0
.doubleclick.net/ Name: IDE
Value: AHWqTUmChKDoXVU4v9AAkiswPQWl3R9KDuWdDxA3Zc1lrqs1T9fC8-EzWCkUnZVm14g
.aiupnow.com/ Name: _ym_visorc
Value: w
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003%22%7D
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003%22%7D
.infolinks.com/ Name: KADUSERCOOKIE
Value: 4BA7A629-27E4-4226-A0AA-4347858C5233~1639597832907
.infolinks.com/ Name: R1USERCOOKIE
Value: RX-1a7a9a5b-71f4-4135-80a0-294e10524237-003
.doubleclick.net/ Name: DSID
Value: NO_DATA
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 7JwAgnxtgEI
disqus.com/ Name: __jid
Value: 8sjb66afk9hn3
.disqus.com/ Name: disqus_unique
Value: 8sjb6pt2tj754o
.nr-data.net/ Name: JSESSIONID
Value: 32f3558129f59a17

234 Console Messages

Source Level URL
Text
security error URL: https://t.co/IMBWIxzlWq
Message:
Unrecognized Content-Security-Policy directive 'referrer'.
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
network error URL: https://mc.yandex.com/sync_cookie_image_decide?token=9488.sO-nchbm0oTybXYLQPbKWSFMza7fafjeUG5sXN3qUUSyf3IodqgTdEFgKQXwWURXeGz3scsVAKyCcuwPN2diQQ%2C%2C.40oReDj0HmRbB2BDuYg2zJJq_Uw%2C
Message:
Failed to load resource: the server responded with a status of 400 ()
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~r/wmexperts/~4/XMvfuvRqk3g'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~r/wmexperts/~4/tkpYeuiT0cA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/482830803_mp4_h264_aac_l2.m3u8#cell=core
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://proxy-046.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/482830803_mp4_h264_aac_l2.m3u8#cell=core
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
network error URL: https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vhItXcdQELOqo7Osd9coDdCFUzdVhxWbBh41UnP0eWTIc-Pi3dV_VYJdLJAQeYIQU)/video/308/038/482830803_mp4_h264_aac_uhd.m3u8#cell=core
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Message:
The resource https://imasdk.googleapis.com/js/sdkloader/ima3.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
3.bp.blogspot.com
4.bp.blogspot.com
a.disquscdn.com
accounts.google.com
ad.doubleclick.net
ad.turn.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
analytics.shareaholic.com
ap.lijit.com
api.bufferapp.com
api.pinterest.com
api.tumblr.com
api.viglink.com
apis.google.com
b1sync.zemanta.com
bam-cell.nr-data.net
blogs.windows.com
c.disquscdn.com
cdn.iubenda.com
cdn.shareaholic.net
cdn.viglink.com
cdnjs.cloudflare.com
cm.adgrx.com
cm.g.doubleclick.net
connect.facebook.net
connect.ok.ru
contextual.media.net
d2908q01vomqb2.cloudfront.net
de.tynt.com
disqus.com
dmxleo.dailymotion.com
doc-10-94-docs.googleusercontent.com
docs.google.com
drive.google.com
dsp.adkernel.com
dsum-sec.casalemedia.com
feeds.feedburner.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.scdn.co
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
img.youtube.com
is5-ssl.mzstatic.com
js-agent.newrelic.com
js-cdn.music.apple.com
m9m6e2w5.stackpathcdn.com
match.adsrvr.org
match.bnmla.com
maxcdn.bootstrapcdn.com
mc.yandex.com
mc.yandex.ru
media-mbst-pub-ue1.s3.amazonaws.com
o.aolcdn.com
o22381.ingest.sentry.io
onetag-sys.com
open.scdn.co
open.spotify.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.shareaholic.com
passport.mobilenations.com
pebed.dm-event.net
pixel.advertising.com
proxy-019.dc3.dailymotion.com
proxy-046.dc3.dailymotion.com
recs.shareaholic.com
referrer.disqus.com
resources.blogblog.com
resources.infolinks.com
router.infolinks.com
rt3027.infolinks.com
s.amazon-adsystem.com
s.cpx.to
s.yimg.com
s0.2mdn.net
s1.dmcdn.net
sigma2.disqus.com
snd.click
speedtest.dailymotion.com
ssc-cms.33across.com
ssl.gstatic.com
ssum-sec.casalemedia.com
static.doubleclick.net
static1.dmcdn.net
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
t.co
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
use.fontawesome.com
vendorlist.dmcdn.net
vk.com
www.aiupnow.com
www.blogger.com
www.dailymotion.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.reddit.com
www.saastr.com
www.shareaholic.net
www.windowscentral.com
www.youtube.com
www.yummly.com
youtube.com
yt3.ggpht.com
open.spotify.com
snd.click
www.dailymotion.com
www.facebook.com
104.111.214.240
104.16.138.31
104.244.42.69
104.75.88.209
107.20.147.136
13.224.194.206
141.193.213.21
142.250.181.226
142.250.185.102
15.197.193.217
151.101.0.134
151.101.130.137
151.101.65.140
151.139.128.11
162.247.243.146
172.66.41.9
172.66.42.247
174.137.133.49
178.162.133.149
178.79.242.181
18.156.0.31
185.64.189.110
185.64.190.79
188.65.124.38
188.65.124.59
188.65.124.90
188.65.124.91
188.65.126.209
188.65.126.236
192.0.77.40
193.0.160.129
198.47.127.20
199.232.192.134
199.232.196.134
199.232.198.49
2.18.234.21
2.18.235.93
2001:678:cb4:bbbb::11
209.54.180.144
213.19.147.44
216.58.212.162
217.20.152.207
2600:1901:1:c36::
2600:9000:21f3:ce00:6:8656:f5c0:93a1
2606:2800:233:af6:eab:2108:1892:6d8
2606:4700:3035::6815:1ac5
2606:4700:3037::6815:4e07
2606:4700::6810:135e
2606:4700::6810:a40d
2606:4700::6811:a62b
2606:4700::6812:1a47
2606:4700::6812:acf
2606:4700::6812:bc37
2a00:1288:80:800::7000
2a00:1450:4001:801::2003
2a00:1450:4001:801::2006
2a00:1450:4001:801::200e
2a00:1450:4001:803::2004
2a00:1450:4001:803::200e
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2002
2a00:1450:4001:811::2006
2a00:1450:4001:811::2009
2a00:1450:4001:811::200d
2a00:1450:4001:812::2003
2a00:1450:4001:812::200e
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2013
2a00:1450:4001:830::2001
2a00:1450:4001:830::200a
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
2a02:26f0:6c00:299::1fcf
2a02:26f0:6c00:2ac::2a1
2a02:6b8::1:119
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:1f::760
34.120.195.249
34.204.113.242
34.231.31.218
34.243.225.216
34.255.13.78
34.73.247.27
34.98.64.218
37.252.172.249
38.27.122.126
50.31.142.95
51.89.9.254
52.217.95.49
52.28.63.132
54.197.98.98
67.202.105.23
67.202.105.32
72.251.241.196
72.251.249.13
87.240.190.78
00b61ddd115228a88bb2c3ce857b92524ef040ae538ac0f983e7055177def3ec
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
02e8ed546acde0a1d9d07cc08532695ab1acc699f4debafcf512e19f50eeb678
02f1a982fff273502b329ba242f856f115b2e51273ffc4476bee77f5172680d4
03037c6390042a7077da85d3d54f36bfceb749d1cf9ed9f53c88e2b0ff6f2744
0365e3f4d308d0beec787524d9a2f686351e1011555515526ddfaf34176d0514
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
03de68cb1fdd007abd024234102ebef9781fbea17813281d3a5717d25870762c
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
07820f0ee3e5c253462bade268025f7712fdf14c0821fdaeb25040791fca9e4d
08a0a69cc7b20ebc145be0de33415376df6b98011bde781c6bef07ce39564b33
09dec90213d3b1f9af1a0133e35843f22241aafe04b0d2a1983b69116abfddc1
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361
0bcd5919bf34c7672ee85e44fd8c6a695a7ffbdd2126f4e54caecca5ca6996eb
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
10a64ebb8661643d154d9ff6466282a8b80d1faac7b93ed08a609e1d182bbe68
10ae4d64b0c71483f2e7214da1da2b2f86279ad766492a028146d6e0623e230c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1184eaa5a8479aace795d63e8a6198e87229358f756f81721a37cf7f3adae457
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
159a0842329b5695bb5c57a4a86d9912063d2cb1c395bbab211001b619444d5d
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
176209b1815099692da9c6a42ab1941aef125c2294747bdb167463567b2a7adc
17710b0cbda106bd59c9bb320d152a06bba83cfed9e8a171b4e63f48adfc0a09
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a38d168c128c8527bba9ec53dd7b0bfed0402082866298ba794c5895733c8bb
1b1b92a4c0234d53798901f1e3c471cd982ad4cf646b9505484d0e873c728e88
1d1fc50d5f0b1a77ffe652c36310574123f7cd3871798d5a74aac8d09c3f455d
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb
218558585458a13a0561c9747e86fc90db372981a72ba884d87af47e8b3ce13c
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c
22a6b5ca081c7e993a6de605757cb5da85573221300021627663e89fb6950b18
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
23b53255f879259fe33fe23182c181a0963b64ec21de2e6dc797e0821d0d8e80
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
2735234f40288691ab3e5e65371a4c251cc6474b81988081d31644ebbafc1b3a
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f
2a5aa8749b707f73090c7fc4938f6452803ccfe09c30ff8ff5adbd6735b799e6
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2baf0db4101196df611d843d4741b65c2ebde9d4d458196ab9fb71039d8ccec7
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
2d387f8955e673b6b83572bdd758e2b0be9da640de3fc2d83c2cb96dbf4c4037
2d5cf55fc7fb9816c5b7543e469706d77fdfa681df626c471e44b08fbf0cb9fb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
3077cb5e37d8dc041b829c7f823616f6433006e6cc7aa94e2e44692b20c2c720
311d0ae54122e562c9d7209237279a234746e4bc9bc08c8fa698fd7a84d79a1c
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
32c8ec967ccde3b64e5317b356d5ca6ac6a0b39ba32f6de2f8c3b1a4e38c2574
33fb4f945a35b6ccaf4d19c0e6d1d8ad39736c430884b7090fc0f965d3f748ad
34fa06f4b9082afd593822ef7a15e41e2df8c335d9e696ec864c061cdabe483b
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
36a79135803869f257cae495ca43ee3d321aaaa2ea929856859444522d64cca8
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39947c13916e5320090985dc27701829329c0bf1f40ed4debdd7e5dd93b56c2b
39cd4dda3d197829d18497a003fa176b55f7347ceb63d6c813d335558b62cead
39ffb5a9e67544a56b3ec4b1b8060a8c9a7cd29b750e624394a37f414cdf630b
3a5a376ad9d79b81a594792447a2e228ee3610350d89960c7d7606669c594fd2
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
41dc62838893d877af036548c8dae4693825d6decf866a1aade64d8d942afca7
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4476c31489084f057d971484ea8337d294bdce33db840a204e800da4e37ebe1d
4512240dca2a59d6f18502229269f36846e194a33015ca8ca1a93a3535fb333b
46c1bedebd89ea719e5ffe1c9c2075e2f2be84ef1ab1b7fc16e9464eeedeacfe
47049564df5541299a0f30aa6e8d2d0fefbe8630d0f55dd4a4e542b2ad128ed3
4a9cf9fe55d2740f89e2bbbd96b47d2793948cb9480aae05f7db428b41e9d8dd
4afb6c2a02ed87cd4be2668e56a809f76b0de7b0101abc6d2746bee1cb722338
4bd97569f19339108d50e204a239bf8a3659823bc4a4c6011cc6a686ad5e4922
4c0f1cce1d9f37c25fa9ee1e57c0f4308de2835d5083048c959b13b2cde60ef9
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6f87e479fe96a05167143baf8284070e8e25446568442ef85133ec97ac7cf7
4e7a4de80dbec3e143eea735672c7a5aff8303e551c431f479f7e9f8b6c20b78
4e9c61cb3ab5d2bcfbf8ebddad7f6c531ea3621fc5ab2adfe61a51f479fc3b69
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
50f875818c12b4bac50d2ac2bb80e0edab07d6172d77641c305daf077f2c34ad
5257f6397ef05fa34f2658be967345dac7937800cdf382bd8635e31384296191
538644c8d03a34a5f5842ab02d4f32e975b50607bbf7bb3528da122eb0d912b8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54fba0abef056bfa4a37c702730f7758c29fead1d9456b7b8a1cab55d6673db8
550c9da427a76b05374a263e56f08ea0db57d7fd44f33abea68182afe165233f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55f15f6a124147534f184495c928c994aa90e6854244c1aba298209e890a3f6c
5b22251f63b49f2c24864c6529d2174090ec111318efce86b3140339d67fc0d1
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
5cf34d605f353037a0ab53e0d1abfe48d1c54263e5e763c23366e77d45960bfa
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
5fee9bee5192b952739299570f6f1d5880895edb6e518c14850651083c242fef
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
638b07dda0f438a7f4c609bd114bedcc9c15b100133b8b8ebffc7fb85197bcb3
654fbcbda47c2aa67f212492935f5f7ac35cb0a0ce269ac8ba0ee283c4afb691
65cfaa60d6857e6a60e16948ae87edd6435de9685995a7225c990d7cb4883d62
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500
690e2c2fc087cba6dcf864ee61e6c566049979c4f5da31b6ec63b8e7ce3ad05a
6991b0dfb02f46e2bb00808bd3eaaf97cfb4caa209a24ceb5a5c3482b091d6ff
6a484ab3ab55740d1b51dab8f319f0778053dc10f6cff128f5f76e76625cc5e5
6ad99d7680a81cd576b423e62e3937a7ecbd4a3a4a45687a5822fbef5b55ba13
6b77e6042e69c1bfe1735bed3e3f048ac6c735a3975d5bfae61af5f2019b70e8
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
6e5cbadf2520dc34f3318a463db9b9a4004e15eb72693eb5c8971fb8e1d00cd9
6e6221f8603843e33aea69f1eff610fc753d5689ce75d5324f27144a10cb475f
6fcd9dea2794290acd1f2e793fcfef9232545fff93270744e79e30d9de0e0e61
6fe452f57f319d6891a1e4119aa5c860fd59dc23f280351bd805a731ae835d55
723c60a9a7ce2bbecc0818e2253a9101fd49b1132ac3d045208cc71914e8d3eb
72a24849a385cc8c2e75bcd6a6cd2530d7d867ee28ae27aa89cd5b48f7403e8f
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e
73df259f168272b36c586a2d32c19667909858989f45e0f05d957b4394b7cd7b
78a3351829e5f5a06609e7156a544cb05704fb61608601c9b88e996a9e2741fd
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79e11ee8b47d2a611d1e36b5755b01395873e0b2cd206e63766d0976abebf112
7d4767763ce995c13decef23ba129277c5a6e2682ecb104c8e06d2ca0af00137
7e41f693d93943caeb33fd2f40e48bc498f75d3c3b3b05b76308c3d35fc26f08
7ec2fc40578b5d3c7c8ac12187d460fbde0d2775e48091c1363e4fac43f99a0b
7facf2245c205aa00dc3964963980dff1510da9cc72224400ee4e94e1001511f
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
820f60bf856afb39a4e051cf83308916bba639d142840980a093c5ae6b2cb9c7
827d59b6de1d3d3ff458836eac96c44c4b25a6bd1e8cbecaab7fbc66566210a0
829c4d5174ddbea97221dafff61a7a208a132f0ecdc7196f1b7011427b34e59f
82c3b988a2cbd0ed808e7b8a8e6492b4352af2bea2a7187181d4e1a9be736aac
8306b110649100e1a82a22573136f9208f5ceb738bb508a7d2fbad3b66bed7aa
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
84077212eff3a118119952d95dfdd412f3a97e1c779d3881ce6c3402fbfc96b8
8559b7e5e86976ac2b43d84dca46f5710852e2e1c50d5fdce5fd532efcb2154e
867929a5db83737a5849a31f013a188b9522e6a0b8455bf9ff4f4c2d9aae624b
86bd843e845b3814a6cb1438975575e4b8dcd68f9c2ca1a420c649b2d8db6f3b
871f64d89795838c773a27fb668e45b3e494fb3c24758cfcca6934f305f0db72
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
884bab512acc3235af224271f85a9030fd7461211c697519808bcb7702c1a091
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
88a9ae6f4226f2a69171713a1a08bf670297ae4b2517d8df0d707a206b0bb5b2
8903986c927e122375ba7e0e972f366ae8c7104bf6f9fd4bccac2ada20949158
89c295e0c7611d0074975890aa6ffcd308dd082b1064255dfa0236d643f2fe4f
89e1e7d66925e39d903f8909564052d62a529e70cc5b3dd049628d2d0e716efd
8b82f883c1cd11ad9b0f4cd6cea48c70c84a84f41c57ee6e637417ef78182f50
8bec9c490503ced6d8e92080693b1cea51de26bc67b758394b4638f2f1a03cd8
8ca0c44926e7904b379b0abae96e5def8ad7c140d7c68d0ede2f2148e1ad5745
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dcb8e128bd3aa982b2fe3a53685a5a6fe9ad4f6ec590611052b74813631e5f4
8fc00d8824032a8e3e17e51a2e38afd6ab6d5aac1e796ed36ccc6a728440cb9c
9083eeab46df9f2cfe1548a485742acce97708d8ff901728e692ed9ba6c8e9a9
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9
9222037993e442ba70d3b56378f359c8c37b8e2cadfb301735de27bd0ea24635
92a52c85d6e732cc7b34a65f9317ef052b15c2f2b58c9fc7f0ef939c7e3ba248
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
9379a60c9161c83f5075dec933369e78b3be0d8c3b7827ceda7d7a038ee62ce9
956c937c18e92293c7ef920d33914118c5c3b5930f608c9f59b76367d9c409d9
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a
96a96229c6397e7b5b44811bee268f7f6dfcfdd2703efdba8e348f311d0fa6db
96c9fed934404639caa8b1f74101b53343186d3ed5a654cbe9748c0e78e541af
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
9904ccc112b0cbf11bac902cb4c91ce4af8398396917bc1d3d8dd5d355ace176
995dfb0c839090c9461662fca31b3d886f80dd9e881db8ea224374866eade55f
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424
9c1b16b47b78e43565be3d12f27133f7eba0a24f5781b292e5fac73d084e0725
9c2496a76cca88ef04c83ef7dea55cd0cf86709cf0616916a092905aa5373117
9cc42edd3434423ba5ed7bab4141062c32ca45432ee495b4db48399fcf625a56
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a11517741b9d2f953a6889e81f52493ccb44c55c8d6a7c9bdbe190644ab0fc18
a1801957e205fedeb5ad3143a9a15114323490bf7babf1444e4695dff08d16be
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a29d510cc6827794383ee2d8aaa0ff664aec760c9bfb99bf5c179c41c97aac48
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a2b9c28205959e1323e482a8ebab65490ba2200da1665b75004947fbc4e18672
a2c0acdd5bc625dde811cbe3d364688921eef737a6663a070cef6995a4fdb84b
a43b5bfc058d5b10e20d84c9dc83bd1d825fc472b165f0a837fdb02d7ca6c37a
a47701112f705af40272aa6f5f6d7ac1e442e8df2c8c6a2d4ea51ee710558b58
a485164ab6c5690a6867e196eb1a24d83220da26f449d00d88eb0f824776ba2b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4e24d2b9857f11159e91e3e457926c82644de190d8222e27623d6366a576631
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a5ea452e977280c259515115b1f3e03bf152e5b4c79b3e785cb8eeac26c327c9
a7836e8723b8176f6c962c8ed30fe9316a905e1d703455be13b5e97176e6bcec
a7b4478db6fa30a953d0908270705c14c6afe801cb8dcf1543b0a81c626d91cd
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e
a924247a34d2261adba0ab013836e8f7bc8df1f5414459c906d5c2a0448232a4
a97e731cbb8c8f2fd76edc5ff46950f4548da821813db1770d62cbd710cd168a
aa975a57e5fafd69c188ddb02081e13d144c002a44c02aac4145d8f9fb2b5941
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac45e4c266a4fb5e7d49b00f4b3b9c53b70ccb5754d3a6d5cfc338ca3b98bd84
ac58756be8a08b00efa89ae967645beadb91d7a724c5217e4c847be2f06d4034
af380d2f27801d0e97291c84df7fb4fb0fc79366e0f1dc3785876b3a2b72ef3e
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b0c66f841ddc555e6d9db4cada9a766f088103e8c16b42de45095a12b3606a26
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16ee208e163e440832f7c31333c523ec8d0635bb1b2d332d733c1feb73dbf97
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b3d9e60436d10a54b04fa0bede523a36ffc72dacbe2db27148aa08d9e55eec45
b4700758182849390e83510cfa4d6ac01e49183ad810851b099d55fb0b93eec1
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b4ee951553f418f4350146ba094addcef1b03546805e374775ad3583888b194b
b71079af3ec36279d0386b3b1498fa09d315d859221fa026027c4175ca3c7f0f
b93578e19093ede2326835d09ec858ab090d8d7a5904c9d16fec43023116965f
b9e12fd398cc774524961aeacbee1b2873cca6241460d6b45a0ad069bf12f121
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
ba96031e2dadf75a257596e171d35c3415967806af6a80023b736f7101cc47b5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bb9bbca62474487d6bfcfd88a8da5d165633d0ccdeb4ae5ecbc9ae963575877b
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bd1d46e090dd11a9123e403410ad1b3354ed4c0906c92a13ae0a0daf85a91421
bd27265365870814b531d27242813f9df904229b004d7e6f6e1512a68d29f8f4
bd3241d7639ed2f5c2ee35088ee469ccd8d9d97d5a65fcebc525adab37f0fa0c
be43a684a99f6071923acef248515dadee8bf4db7cc059aed54dda51b6d3dd44
be78cc9192327da4d09822a1097454300ba38f4a0ae20256d0e31c111fa6d050
bef5318f625cf3dad8e4db35a1eb5a8548dae2317569c5aa4647e8a198cdd60a
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642
bf459edbca835630ab04fe10ab0ea320af9c2a02a28354fac1dd2dacb5b48155
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe
c1dd3ae27cd0cf43059c6571c71a67429c3071d2fba84eba2d62809aa38ba3d8
c1fed6af0907b4321b97f34f4881f6ee021694567754b4ff26bfe8ff3480b451
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24111290c8ad7c12a85ed464ef68ad03a73b6f96a605a626b511709f34a326a
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c4a8c639edd67d769faf82914dc8ff0a1104373b575707f5f363ba8a91f78acd
c4bac60605cc28d70120aeebfd16265f062a1192d0f51a0384ab90453818e894
c7fc79ad0d9fd7c1b846e2d87aac2c09c80515296b8bd03989251c4e0eb5d4a7
c811b52b159c35e96af4b1f0b999753162f21933e5e520e288de72dbd5a2018a
c8520c4df0969be1603059e7639e03decb805f23feb63736ba40f00365156caa
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
c90b7e832a212a6390a5ec8c2c1161bda9375fb414ad87bfea2e282d2284be79
c9447306fcca14b863da5bcc55b505a8bea3ede2e1df933ba6fb4134dcf69fae
c9dbf391eb49cc7fb60b02931b2d3595eaf3c065b716778f0be58306dd7cbde1
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
cb060519450cc4982f29f8a767e47c4440e26614975f99ecbf3cec04e0cf9cef
cbf52478eea923d6c8559defe2bd5ce6f23107952a3ab8056d0d2d97df20a79e
cc0e86fa9839984b0d1c815a1008ba178b8e3b50f347ee2446d967e6fea8d09b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf982d883df5960372888dea0fad2d161a0b97e1ad17342fb9edf73efdd2db21
d04e41f347a0c072b8fbda7b4fb05e8372ce42a0ac1a7c06859ee195bcfa0161
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0d730ac7b9fa74a2c09a58125fdfd317b367486c40ea60e424f959bff191274
d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50
d4a0ee6d728ead9cf6f762458a1de9463cfea40e4edce958d445ee006fc27f16
d50b115ed15f11d96d3ab369d091db9bf261ff6a41ee29ef08599464913bb0d9
d53fc34a8a2122326a547282899df3aa84a3def278217628e218ba771c4305cb
d5adf666701b746821cc08cfa7064589419b3e1aa81e6324ddd6843e5bebf082
d6b9bfef5c42ff82acb968c5834ebec8ac2295f1604e2f890a80dc043f3a70cd
d71d986a726a9a3b37c6a5e049fee9692442911b24fcbc115a55608634a3ebf9
d76f32f8bd2f4896065ce24a53a651b8b31f8518eeffef24d8ff3b7942a2437b
d777536c363f541d3a0a29627c1294ed6c6c0889011ea21d8d4eb859c9aef31b
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d82b1d0353b313086c9438e8d43011f8e00fb6cef060c60333a2d6a55c7afade
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
d92ef1fc59ca0a42648e704458434ce31e641effdc30d1bb8b5d41ebc8bf762b
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
d9c7ced652c966659825962b2c0f79ccbb36d535bb4a61c2ea175eb105690878
da93e21044cd49e9c8b630d9125b44dcc8e22ebcce2cf8663d38f888d558fcc5
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
db01487388f15a4c0cb6c6e28ca365fc9a9e0855a90894665baa6f582c9e50b6
db9d879a9026ddcf15143e614fba82bd576610d734f82a84161e46a588a17903
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
debb229daffbe34e17c32f8d56a72dfa9ba4debfcfcb330e733bf56d88da117c
df6f3992abf84b1b883f4523ac496959660a53c8a3e3146554f034737e508fb5
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e302fea180b0792866b7bee07f80b63c2203b3271b1c5f306d4cdb03d5da480f
e33de29236bd945ad5963c32fd373b982e0970b3a1f784b8e7ae07d7be8c254d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4338d17f0899a6f31b93800fec46ce8d5b0dd408ddcbc162bda3650c92c07c8
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a
e89c1da385be36ce801884d3609d7339ed0a608898520cc43a31334a8ab5535d
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
edd44cad5cd50082407878419dee3031955cfb380d85653ce1100cea73bf9eef
edddcb46193aacdf88726f8250fd0248b2dd411d392b3288ea04ab9e9e6bd526
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efed9c0be7c7adf375be6a20b399eeb790011c96ec3c3921fa91cc3d0fb7e095
f1a32bc2f145aea8c098f09896ed081513a6f6fcb8adc1aecfdc2b43618393a7
f2bfdbf7d2df8d37016a17d53674d2799bb77996a763bf2bee8b1f604dd31a9f
f3647ef8db4ecac64239b02b6c3a665dd727436d8ba4648ff3132aa629471670
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
f5f4567c313a2f5bddbc5270cc6371fd6b2ff354d1055b4ea734004fc4e661c9
f5fb80c6ab695aec793967d59c135b29618aad2f987174711a218fc44da08d77
f615e7ba92273145a27dfc0773e0a936233f96a40cee0eb90cedf8cdcf2e6e0a
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
f7664e23b73cb30828e04463f54920dbbeb02d02aa052877f46ec0ef515d2511
f972192e0a987b28a8991a30c724cddfff0c7dd5512bb4dda13ef715e583f46e
f9f21406615f1546dd9ced7d75db04dffb75609a92a35f835405784c78119447
fa0d1383cd6184c9654b458ceb23a3ad8c700d98cab32478b805e385efd97af0
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52
fc9fd9b3399b2fde63a31d05af5360f1cf2d8c6438e25c106bb2781b733e4b34
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2